SlideShare a Scribd company logo

Cloud-Computing_USA.ppt

S
ssuserf71896

Cloud

Data & Analytics
1 of 23
Download to read offline
Cloud Computing Guide & Handbook SAI USA Madhav Panwar
2 2 Background 2010 WGITA approved the cloud computing project with SAI USA as lead and Canada & India as members 2011 A status report was presented and comments solicited 2012 Final project description and common cloud computing risks were presented Members requested that this work be augmented with a cloud computing guide and audit handbook 2013Guide & handbook completed for CC. 2013 Will be incorporated into the overall IT Audit Guide & Handbook in cooperation with IDI
3 3 What Is Cloud Computing? • Generally speaking, cloud computing can be thought of as anything that involves delivering hosted services over the Internet. • According to NIST Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. (Special Publication 800-145)
4 4 What It Provides • Cloud computing provides shared services as opposed to local servers or storage resources • Enables access to information from most web-enabled hardware • Allows for cost savings – reduced facility, hardware/software investments, support
5 5 Essential Characteristics • On-demand self-service A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. • Broad network access Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations). Source: NIST Special Publication 800-145
6 6 Characteristics • Resource pooling The provider’s computing resources are pooled to serve multiple consumers Resources can be dynamically assigned and reassigned according to customer demand Customer generally may not care where the resources are physically located but should be aware of risks if they are located offshore Source: NIST Special Publication 800-145
7 7 Characteristics • Rapid elasticity Capabilities can be expanded or released automatically (i.e., more cpu power, or ability to handle additional users) To the customer this appears seamless, limitless, and responsive to their changing requirements • Measured service Customers are charged for the services they use and the amounts There is a metering concept where customer resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service Source: NIST Special Publication 800-145
8 8 Service Models Infrastructure Platform Software/ Application
9 9 Service Models Infrastructure-as-a-Service (IaaS) • A service model that involves outsourcing the basic infrastructure used to support operations--including storage, hardware, servers, and networking components. • The service provider owns the infrastructure equipment and is responsible for housing, running, and maintaining it. The customer typically pays on a per-use basis. • The customer uses their own platform (Windows, Unix), and applications
10 10 Service Models Platform-as-a-Service (PaaS) • A service model that involves outsourcing the basic infrastructure and platform (Windows, Unix) • PaaS facilitates deploying applications without the cost and complexity of buying and managing the underlying hardware and software where the applications are hosted. • The customer uses their own applications
11 11 Service Models Software-as-a-Service (SaaS) • Also referred to as “software on demand,” this service model involves outsourcing the infrastructure, platform, and software/applications. • Typically, these services are available to the customer for a fee, pay-as-you- go, or a no charge model. • The customer accesses the applications over the internet.
12 12 Where Is My Data? • Data resides on servers that the customer cannot physically access • Vendors may store data anywhere at lowest cost if not restrained by agreement
13 13 Cloud Computing Guide The guide is about a 10 page document that describes cloud computing and areas of risk These risks should be managed by the IT organization that chooses to utilize cloud computing For IT Auditors these risks are a roadmap which you can utilize to create your audit program
Cloud Computing Guide 14 14
Cloud Computing Guide 15 15 What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited entities still has control over the application and the data. Outsourcing may also include utilizing the vendor’s computers to store, backup, and provide online access to the organization data. The organization will need to have a robust access to the internet if they want their staff or users to have ready access to the data or even the application that process the data. In the current environment, the data or applications are also available from mobile platforms (laptops with Wi-Fi or cell/mobile cards, smart phones, and tablets).
Cloud Computing Guide Audit Concerns When an organization chooses to utilize cloud computing, they need to be aware of risks that they may face with the service provider, the risk they face if they are unable to effectively oversee the service provider, and other risks related to management and security weaknesses in the service providers approach. As an auditor you will need to understand what the agency has done to mitigate the risks with cloud computing. When we as auditors are asked to appraise whether an entity or organization getting the benefits of cloud computing are managing the vendor to ensure that they get the required services we need to be aware of the risks that they may face. 16 16
Cloud Computing Guide • Risk Areas – Service Provider Risks – Technical Risks – External (Overseas) Risks – Management/Oversight Risks – Security / Connectivity / Privacy Risks These were discussed at the last meeting along with some mitigation strategies that the IT organization could use The IT auditor would use those as a road map to frame audit questions 17 17
Cloud Computing Handbook • The handbook provides the IT Auditor with some audit related questions that begin to explore whether the organization is managing the risks and the vendor 18 18
Cloud Computing Handbook 19 19
Cloud Computing Handbook 20 20
Cloud Computing Handbook 21 21
Next Steps • As and when members conduct IT Audits that involve Cloud Computing we would like to receive your audit questions so we may update the guide • Members may contact the Chair or SAI USA for additional information 22 22
Contacts • SAI India • Jagbans Singh ir@cag.gov.in • SAI USA Madhav Panwar panwarm@gao.gov 23 23

Recommended

Cloud computing usa
Cloud computing usaCloud computing usa
Cloud computing usaharikamahandhra
 
Securing Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeSecuring Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeAhmad Abdalla
 
IRJET- An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and ChallengesIRJET- An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and ChallengesIRJET Journal
 
Unit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaUnit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaAchSulav
 
Unit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaUnit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaAchSulav
 
SECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTINGSECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTINGInternational Journal of Technical Research & Application
 
Data Security Approach in Cloud computing using SHA
Data Security Approach in Cloud computing using SHAData Security Approach in Cloud computing using SHA
Data Security Approach in Cloud computing using SHAIRJET Journal
 
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of TradeSecuring Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of TradeLisa Abe-Oldenburg, B.Comm., JD.
 

Recommended

Cloud computing usa
Cloud computing usaCloud computing usa
Cloud computing usaharikamahandhra
 
Securing Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeSecuring Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeAhmad Abdalla
 
IRJET- An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and ChallengesIRJET- An Overview on Cloud Computing and Challenges
IRJET- An Overview on Cloud Computing and ChallengesIRJET Journal
 
Unit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaUnit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaAchSulav
 
Unit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaUnit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaAchSulav
 
SECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTINGSECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTINGInternational Journal of Technical Research & Application
 
Data Security Approach in Cloud computing using SHA
Data Security Approach in Cloud computing using SHAData Security Approach in Cloud computing using SHA
Data Security Approach in Cloud computing using SHAIRJET Journal
 
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of TradeSecuring Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of TradeLisa Abe-Oldenburg, B.Comm., JD.
 
Celera Networks on Cloud Computing
Celera Networks on Cloud Computing Celera Networks on Cloud Computing
Celera Networks on Cloud Computing CeleraNetworks
 
PACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud ConceptsPACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud ConceptsPace IT at Edmonds Community College
 
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...United International Journal for Research & Technology
 
Welcome to the Cloud!
Welcome to the Cloud!Welcome to the Cloud!
Welcome to the Cloud!imogokate
 
Cloud computing - the impact on revenue recognition
Cloud computing - the impact on revenue recognitionCloud computing - the impact on revenue recognition
Cloud computing - the impact on revenue recognitionPwC
 
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...idescitation
 
1 (1).pptx
1 (1).pptx1 (1).pptx
1 (1).pptxSabitaRajbanshi1
 
Unit-I Introduction to Cloud Computing.pptx
Unit-I Introduction to Cloud Computing.pptxUnit-I Introduction to Cloud Computing.pptx
Unit-I Introduction to Cloud Computing.pptxgarkhot123
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
An Intro to Cloud Computing
An Intro to Cloud ComputingAn Intro to Cloud Computing
An Intro to Cloud ComputingPublicly traded global multi-billion services company
 
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALAFEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALASaikiran Panjala
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingMerisCon ARTDesign
 
Cloud computing charecteristics and types altanai bisht , 2nd year, part iii
Cloud computing charecteristics and types altanai bisht , 2nd year, part iiiCloud computing charecteristics and types altanai bisht , 2nd year, part iii
Cloud computing charecteristics and types altanai bisht , 2nd year, part iiiALTANAI BISHT
 
Cloud computing
Cloud computingCloud computing
Cloud computingSuryavamsi51
 
Cloud computing
Cloud computingCloud computing
Cloud computingneha kamboj
 
final-unit-i-cc cloud computing-2022.pdf
final-unit-i-cc cloud computing-2022.pdffinal-unit-i-cc cloud computing-2022.pdf
final-unit-i-cc cloud computing-2022.pdfSamiksha880257
 
A Breif On Cloud computing
A Breif On Cloud computingA Breif On Cloud computing
A Breif On Cloud computingRaja Raman
 
A revolution in information technology cloud computing.
A revolution in information technology cloud computing.A revolution in information technology cloud computing.
A revolution in information technology cloud computing.Minor33
 
Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Agora Group
 
Cloud Computing Improving Organizational Agility
Cloud Computing Improving Organizational AgilityCloud Computing Improving Organizational Agility
Cloud Computing Improving Organizational AgilityMutua Andrew (ITIL, PRINCE2, SharePoint)
 
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...yulianti213969
 
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证dq9vz1isj
 

More Related Content

Similar to Cloud-Computing_USA.ppt

Celera Networks on Cloud Computing
Celera Networks on Cloud Computing Celera Networks on Cloud Computing
Celera Networks on Cloud Computing CeleraNetworks
 
Welcome to the Cloud!
Welcome to the Cloud!Welcome to the Cloud!
Welcome to the Cloud!imogokate
 
Cloud computing - the impact on revenue recognition
Cloud computing - the impact on revenue recognitionCloud computing - the impact on revenue recognition
Cloud computing - the impact on revenue recognitionPwC
 
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...idescitation
 
Unit-I Introduction to Cloud Computing.pptx
Unit-I Introduction to Cloud Computing.pptxUnit-I Introduction to Cloud Computing.pptx
Unit-I Introduction to Cloud Computing.pptxgarkhot123
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALAFEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALASaikiran Panjala
 
Cloud computing charecteristics and types altanai bisht , 2nd year, part iii
Cloud computing charecteristics and types altanai bisht , 2nd year, part iiiCloud computing charecteristics and types altanai bisht , 2nd year, part iii
Cloud computing charecteristics and types altanai bisht , 2nd year, part iiiALTANAI BISHT
 
final-unit-i-cc cloud computing-2022.pdf
final-unit-i-cc cloud computing-2022.pdffinal-unit-i-cc cloud computing-2022.pdf
final-unit-i-cc cloud computing-2022.pdfSamiksha880257
 
A Breif On Cloud computing
A Breif On Cloud computingA Breif On Cloud computing
A Breif On Cloud computingRaja Raman
 
A revolution in information technology cloud computing.
A revolution in information technology cloud computing.A revolution in information technology cloud computing.
A revolution in information technology cloud computing.Minor33
 
Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Agora Group
 

Similar to Cloud-Computing_USA.ppt (20)

Celera Networks on Cloud Computing
Celera Networks on Cloud Computing Celera Networks on Cloud Computing
Celera Networks on Cloud Computing
 
PACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud ConceptsPACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud Concepts
 
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
 
Welcome to the Cloud!
Welcome to the Cloud!Welcome to the Cloud!
Welcome to the Cloud!
 
Cloud computing - the impact on revenue recognition
Cloud computing - the impact on revenue recognitionCloud computing - the impact on revenue recognition
Cloud computing - the impact on revenue recognition
 
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...
 
1 (1).pptx
1 (1).pptx1 (1).pptx
1 (1).pptx
 
Unit-I Introduction to Cloud Computing.pptx
Unit-I Introduction to Cloud Computing.pptxUnit-I Introduction to Cloud Computing.pptx
Unit-I Introduction to Cloud Computing.pptx
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
An Intro to Cloud Computing
An Intro to Cloud ComputingAn Intro to Cloud Computing
An Intro to Cloud Computing
 
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALAFEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud computing charecteristics and types altanai bisht , 2nd year, part iii
Cloud computing charecteristics and types altanai bisht , 2nd year, part iiiCloud computing charecteristics and types altanai bisht , 2nd year, part iii
Cloud computing charecteristics and types altanai bisht , 2nd year, part iii
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
final-unit-i-cc cloud computing-2022.pdf
final-unit-i-cc cloud computing-2022.pdffinal-unit-i-cc cloud computing-2022.pdf
final-unit-i-cc cloud computing-2022.pdf
 
A Breif On Cloud computing
A Breif On Cloud computingA Breif On Cloud computing
A Breif On Cloud computing
 
A revolution in information technology cloud computing.
A revolution in information technology cloud computing.A revolution in information technology cloud computing.
A revolution in information technology cloud computing.
 
Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012
 
Cloud Computing Improving Organizational Agility
Cloud Computing Improving Organizational AgilityCloud Computing Improving Organizational Agility
Cloud Computing Improving Organizational Agility
 

Recently uploaded

obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...yulianti213969
 
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证dq9vz1isj
 
如何办理(Dalhousie毕业证书)达尔豪斯大学毕业证成绩单留信学历认证
如何办理(Dalhousie毕业证书)达尔豪斯大学毕业证成绩单留信学历认证如何办理(Dalhousie毕业证书)达尔豪斯大学毕业证成绩单留信学历认证
如何办理(Dalhousie毕业证书)达尔豪斯大学毕业证成绩单留信学历认证zifhagzkk
 
Statistics Informed Decisions Using Data 5th edition by Michael Sullivan solu...
Statistics Informed Decisions Using Data 5th edition by Michael Sullivan solu...Statistics Informed Decisions Using Data 5th edition by Michael Sullivan solu...
Statistics Informed Decisions Using Data 5th edition by Michael Sullivan solu...ssuserf63bd7
 
What is Insertion Sort. Its basic information
What is Insertion Sort. Its basic informationWhat is Insertion Sort. Its basic information
What is Insertion Sort. Its basic informationmuqadasqasim10
 
How to Transform Clinical Trial Management with Advanced Data Analytics
How to Transform Clinical Trial Management with Advanced Data AnalyticsHow to Transform Clinical Trial Management with Advanced Data Analytics
How to Transform Clinical Trial Management with Advanced Data AnalyticsBrainSell Technologies
 
Aggregations - The Elasticsearch "GROUP BY"
Aggregations - The Elasticsearch "GROUP BY"Aggregations - The Elasticsearch "GROUP BY"
Aggregations - The Elasticsearch "GROUP BY"John Sobanski
 
Digital Marketing Demystified: Expert Tips from Samantha Rae Coolbeth
Digital Marketing Demystified: Expert Tips from Samantha Rae CoolbethDigital Marketing Demystified: Expert Tips from Samantha Rae Coolbeth
Digital Marketing Demystified: Expert Tips from Samantha Rae CoolbethSamantha Rae Coolbeth
 
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证acoha1
 
原件一样伦敦国王学院毕业证成绩单留信学历认证
原件一样伦敦国王学院毕业证成绩单留信学历认证原件一样伦敦国王学院毕业证成绩单留信学历认证
原件一样伦敦国王学院毕业证成绩单留信学历认证pwgnohujw
 
Genuine love spell caster )! ,+27834335081) Ex lover back permanently in At...
Genuine love spell caster )! ,+27834335081) Ex lover back permanently in At...Genuine love spell caster )! ,+27834335081) Ex lover back permanently in At...
Genuine love spell caster )! ,+27834335081) Ex lover back permanently in At...BabaJohn3
 
如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证
如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证
如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证ju0dztxtn
 
Northern New England Tableau User Group (TUG) May 2024
Northern New England Tableau User Group (TUG) May 2024Northern New England Tableau User Group (TUG) May 2024
Northern New England Tableau User Group (TUG) May 2024patrickdtherriault
 
Data Analysis Project Presentation : NYC Shooting Cluster Analysis
Data Analysis Project Presentation : NYC Shooting Cluster AnalysisData Analysis Project Presentation : NYC Shooting Cluster Analysis
Data Analysis Project Presentation : NYC Shooting Cluster AnalysisBoston Institute of Analytics
 
SCI8-Q4-MOD11.pdfwrwujrrjfaajerjrajrrarj
SCI8-Q4-MOD11.pdfwrwujrrjfaajerjrajrrarjSCI8-Q4-MOD11.pdfwrwujrrjfaajerjrajrrarj
SCI8-Q4-MOD11.pdfwrwujrrjfaajerjrajrrarjadimosmejiaslendon
 
Formulas dax para power bI de microsoft.pdf
Formulas dax para power bI de microsoft.pdfFormulas dax para power bI de microsoft.pdf
Formulas dax para power bI de microsoft.pdfRobertoOcampo24
 
obat aborsi Bontang wa 081336238223 jual obat aborsi cytotec asli di Bontang6...
obat aborsi Bontang wa 081336238223 jual obat aborsi cytotec asli di Bontang6...obat aborsi Bontang wa 081336238223 jual obat aborsi cytotec asli di Bontang6...
obat aborsi Bontang wa 081336238223 jual obat aborsi cytotec asli di Bontang6...yulianti213969
 
Bios of leading Astrologers & Researchers
Bios of leading Astrologers & ResearchersBios of leading Astrologers & Researchers
Bios of leading Astrologers & Researchersdarmandersingh4580
 
如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一
如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一
如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一fztigerwe
 

Recently uploaded (20)

obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
 
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
 
如何办理(Dalhousie毕业证书)达尔豪斯大学毕业证成绩单留信学历认证
如何办理(Dalhousie毕业证书)达尔豪斯大学毕业证成绩单留信学历认证如何办理(Dalhousie毕业证书)达尔豪斯大学毕业证成绩单留信学历认证
如何办理(Dalhousie毕业证书)达尔豪斯大学毕业证成绩单留信学历认证
 
Statistics Informed Decisions Using Data 5th edition by Michael Sullivan solu...
Statistics Informed Decisions Using Data 5th edition by Michael Sullivan solu...Statistics Informed Decisions Using Data 5th edition by Michael Sullivan solu...
Statistics Informed Decisions Using Data 5th edition by Michael Sullivan solu...
 
What is Insertion Sort. Its basic information
What is Insertion Sort. Its basic informationWhat is Insertion Sort. Its basic information
What is Insertion Sort. Its basic information
 
How to Transform Clinical Trial Management with Advanced Data Analytics
How to Transform Clinical Trial Management with Advanced Data AnalyticsHow to Transform Clinical Trial Management with Advanced Data Analytics
How to Transform Clinical Trial Management with Advanced Data Analytics
 
Aggregations - The Elasticsearch "GROUP BY"
Aggregations - The Elasticsearch "GROUP BY"Aggregations - The Elasticsearch "GROUP BY"
Aggregations - The Elasticsearch "GROUP BY"
 
Digital Marketing Demystified: Expert Tips from Samantha Rae Coolbeth
Digital Marketing Demystified: Expert Tips from Samantha Rae CoolbethDigital Marketing Demystified: Expert Tips from Samantha Rae Coolbeth
Digital Marketing Demystified: Expert Tips from Samantha Rae Coolbeth
 
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
 
原件一样伦敦国王学院毕业证成绩单留信学历认证
原件一样伦敦国王学院毕业证成绩单留信学历认证原件一样伦敦国王学院毕业证成绩单留信学历认证
原件一样伦敦国王学院毕业证成绩单留信学历认证
 
Genuine love spell caster )! ,+27834335081) Ex lover back permanently in At...
Genuine love spell caster )! ,+27834335081) Ex lover back permanently in At...Genuine love spell caster )! ,+27834335081) Ex lover back permanently in At...
Genuine love spell caster )! ,+27834335081) Ex lover back permanently in At...
 
如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证
如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证
如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证
 
Northern New England Tableau User Group (TUG) May 2024
Northern New England Tableau User Group (TUG) May 2024Northern New England Tableau User Group (TUG) May 2024
Northern New England Tableau User Group (TUG) May 2024
 
Data Analysis Project Presentation : NYC Shooting Cluster Analysis
Data Analysis Project Presentation : NYC Shooting Cluster AnalysisData Analysis Project Presentation : NYC Shooting Cluster Analysis
Data Analysis Project Presentation : NYC Shooting Cluster Analysis
 
SCI8-Q4-MOD11.pdfwrwujrrjfaajerjrajrrarj
SCI8-Q4-MOD11.pdfwrwujrrjfaajerjrajrrarjSCI8-Q4-MOD11.pdfwrwujrrjfaajerjrajrrarj
SCI8-Q4-MOD11.pdfwrwujrrjfaajerjrajrrarj
 
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotecAbortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
 
Formulas dax para power bI de microsoft.pdf
Formulas dax para power bI de microsoft.pdfFormulas dax para power bI de microsoft.pdf
Formulas dax para power bI de microsoft.pdf
 
obat aborsi Bontang wa 081336238223 jual obat aborsi cytotec asli di Bontang6...
obat aborsi Bontang wa 081336238223 jual obat aborsi cytotec asli di Bontang6...obat aborsi Bontang wa 081336238223 jual obat aborsi cytotec asli di Bontang6...
obat aborsi Bontang wa 081336238223 jual obat aborsi cytotec asli di Bontang6...
 
Bios of leading Astrologers & Researchers
Bios of leading Astrologers & ResearchersBios of leading Astrologers & Researchers
Bios of leading Astrologers & Researchers
 
如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一
如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一
如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一
 

Cloud-Computing_USA.ppt

  • 2. 2 2 Background 2010 WGITA approved the cloud computing project with SAI USA as lead and Canada & India as members 2011 A status report was presented and comments solicited 2012 Final project description and common cloud computing risks were presented Members requested that this work be augmented with a cloud computing guide and audit handbook 2013Guide & handbook completed for CC. 2013 Will be incorporated into the overall IT Audit Guide & Handbook in cooperation with IDI
  • 3. 3 3 What Is Cloud Computing? • Generally speaking, cloud computing can be thought of as anything that involves delivering hosted services over the Internet. • According to NIST Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. (Special Publication 800-145)
  • 4. 4 4 What It Provides • Cloud computing provides shared services as opposed to local servers or storage resources • Enables access to information from most web-enabled hardware • Allows for cost savings – reduced facility, hardware/software investments, support
  • 5. 5 5 Essential Characteristics • On-demand self-service A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. • Broad network access Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations). Source: NIST Special Publication 800-145
  • 6. 6 6 Characteristics • Resource pooling The provider’s computing resources are pooled to serve multiple consumers Resources can be dynamically assigned and reassigned according to customer demand Customer generally may not care where the resources are physically located but should be aware of risks if they are located offshore Source: NIST Special Publication 800-145
  • 7. 7 7 Characteristics • Rapid elasticity Capabilities can be expanded or released automatically (i.e., more cpu power, or ability to handle additional users) To the customer this appears seamless, limitless, and responsive to their changing requirements • Measured service Customers are charged for the services they use and the amounts There is a metering concept where customer resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service Source: NIST Special Publication 800-145
  • 9. 9 9 Service Models Infrastructure-as-a-Service (IaaS) • A service model that involves outsourcing the basic infrastructure used to support operations--including storage, hardware, servers, and networking components. • The service provider owns the infrastructure equipment and is responsible for housing, running, and maintaining it. The customer typically pays on a per-use basis. • The customer uses their own platform (Windows, Unix), and applications
  • 10. 10 10 Service Models Platform-as-a-Service (PaaS) • A service model that involves outsourcing the basic infrastructure and platform (Windows, Unix) • PaaS facilitates deploying applications without the cost and complexity of buying and managing the underlying hardware and software where the applications are hosted. • The customer uses their own applications
  • 11. 11 11 Service Models Software-as-a-Service (SaaS) • Also referred to as “software on demand,” this service model involves outsourcing the infrastructure, platform, and software/applications. • Typically, these services are available to the customer for a fee, pay-as-you- go, or a no charge model. • The customer accesses the applications over the internet.
  • 12. 12 12 Where Is My Data? • Data resides on servers that the customer cannot physically access • Vendors may store data anywhere at lowest cost if not restrained by agreement
  • 13. 13 13 Cloud Computing Guide The guide is about a 10 page document that describes cloud computing and areas of risk These risks should be managed by the IT organization that chooses to utilize cloud computing For IT Auditors these risks are a roadmap which you can utilize to create your audit program
  • 15. Cloud Computing Guide 15 15 What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited entities still has control over the application and the data. Outsourcing may also include utilizing the vendor’s computers to store, backup, and provide online access to the organization data. The organization will need to have a robust access to the internet if they want their staff or users to have ready access to the data or even the application that process the data. In the current environment, the data or applications are also available from mobile platforms (laptops with Wi-Fi or cell/mobile cards, smart phones, and tablets).
  • 16. Cloud Computing Guide Audit Concerns When an organization chooses to utilize cloud computing, they need to be aware of risks that they may face with the service provider, the risk they face if they are unable to effectively oversee the service provider, and other risks related to management and security weaknesses in the service providers approach. As an auditor you will need to understand what the agency has done to mitigate the risks with cloud computing. When we as auditors are asked to appraise whether an entity or organization getting the benefits of cloud computing are managing the vendor to ensure that they get the required services we need to be aware of the risks that they may face. 16 16
  • 17. Cloud Computing Guide • Risk Areas – Service Provider Risks – Technical Risks – External (Overseas) Risks – Management/Oversight Risks – Security / Connectivity / Privacy Risks These were discussed at the last meeting along with some mitigation strategies that the IT organization could use The IT auditor would use those as a road map to frame audit questions 17 17
  • 18. Cloud Computing Handbook • The handbook provides the IT Auditor with some audit related questions that begin to explore whether the organization is managing the risks and the vendor 18 18
  • 22. Next Steps • As and when members conduct IT Audits that involve Cloud Computing we would like to receive your audit questions so we may update the guide • Members may contact the Chair or SAI USA for additional information 22 22
  • 23. Contacts • SAI India • Jagbans Singh ir@cag.gov.in • SAI USA Madhav Panwar panwarm@gao.gov 23 23