Embed Size (px)
DESCRIPTION
Cloud computing paradigm shift and considerations. How to orchestrate IT?
Citation preview
Risk & Compliance
ADVISORY
Cloud Computing Paradigm shift and considerations
September 2010
drs. Mike Chung RE
© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands
Contents
• Paradigm shift: from on-premise technology to on-demand services
• Considerations: how to orchestrate
• Steps forward: how to prepare for the next phase
© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands
Paradigm shift: current challenges for corporations
• Cost savings
– Economical low tide
– Ever increasing cost of IT
• More agility
– Fluctuating demand
– Mobile workforce
• Innovation
– Faster time-to-market
– On-demand requirements
© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands
Paradigm shift: IT as an hindrance
• Increasing expenditures
– Higher cost for design, development, implementation and maintenance
– Higher energy cost
• Rigid
– Static supply of IT resources
– Based on traditional client-server principle
• Too complex to change
– Spaghetti of interfaces
– Various IT models
© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands
Paradigm shift: cloud computing as the model of choice
• Transparent cost structures
– Pay for what you use
– Marginal CapEx and operational cost
• Flexible
– Easy to upscale and to downsize
– Accessible from multiple points on the internet
• On-demand
– Instantly available
– IT as commodity
© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands
Considerations: orchestration
• From technological complexity to governance challenges
– Hybrid environment of internal IT, outsourced parts and cloud computing
– Complex ecosystem of the cloud (integrators, aggregators, vendors and third parties)
• Less control
– IT assets outside the internal perimeter
– Vendor lock-in
• Ever changing landscape
– Hard-to-predict pace of changes and dominant standards
– New services and niche players
© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands
Considerations: assurance on security as an example
• External data storage
– Logging and monitoring
– Backup and recovery
• Multi-tenancy/resource pooling
– Data - and resource segregation
– Identity & Access Management
• Conflicting controls and legislations
– Vendor’s security controls versus internal requirements
– Global delivery of services versus national/local legislations
© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands
Considerations: assurance on security in practice
• Standards for ‘traditional IT’
– Partly obsolete and partly irrelevant
– Static standards versus dynamic reality
• Free format auditing statements
– Many variations on approach and controls
– Wide intervals
• Competent auditors?
– Existing standards and controls as starting points
– Emphasis on IT management processes
© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands
Steps forward: devise strategy
• Which parts can be moved to the cloud?
– Define available cloud services versus business needs
– Determine commodity services versus business specific services
• What is the business case?
– Assess options
– Assess depreciation and life cycle of IT assets
• What is the roadmap?
– Define migration/transition
– Define architecture and orchestration
© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands
Steps forward: assess and manage risks
• What is the ecosystem?
– Identify parties involved and their roles
– Assess different incident/problem scenarios
• What is the difference?
– Assess current situation versus future state
– Identify which risks and mitigations are applicable
• Which dimensions must be covered?
– Assess risks on various dimensions (compliance, vendor, technology, data, operation, finance)
– Determine responsibilities and accountabilities
© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands
Steps forward: keep your eyes open
• What is the impact on the (IT) organization?
– Diminishing role of the internal IT department
– Importance of contract - and vendor management
– New possibilities and responsibilities
• What will the cloud market bring?
– More confusion and diffusion
– Requirement-driven services
– Oligarchisation of IT
© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands
Contact
Drs. Mike Chung RE
Manager
KPMG Advisory N.V.
E-mail: [email protected]
Mobile: +31 (0)6 1455 9916
© 2010 KPMG ELLP, the member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the Netherlands
About the conductor
• Willem Mengelberg (1871 – 1951) was one of the most famous and celebrated conductors of his generation
• He has been the principal conductor of Amsterdam’s Concertgebouw Orchestra for over 45 years
• He was praised for his orchestral conductings of the works of Gustav Mahler, Richard Strass and Béla Bartók
• Richard Strass dedicated his masterpiece ‘Ein Heldenleben’ to Willem Mengelberg and the Concertgebouw Orchestra
• Mengelberg was banned by the Dutch government after the Second World War
• Although he was never fully rehabilitated, Mengelberg’s recordings are still enjoyed by millions of admirers all over the world
