Recent economic pressures have resulted in increased requirements for the availability, scalability and efficiency of enterprise IT solutions. Many parties claim that cloud computing can help enterprises meet the increased requirements of lower TCO, higher ROI, increased efficiency, dynamic provisioning and utility-like services.However, many IT professionals are citing the increased risks associated with trusting information assets to the cloud as something that must be clearly understood and managed by relevant stakeholders. This presentation examines the potential business benefits, risks and assurance considerations.
1. Cloud Computing Benefits and Risks President, ISACA China Hong Kong Michael Yung
2. Evolution Mainframe Computer Page 3. Evolution Mini Computer, PCs and Internet Page 4. Evolution - Cloud Computing Page 5. Next 25 Minutes Page Pain Points Benefits Risks 6. Infrastructure Cost and Service DeliveryPage Pain Points 7. Pain Points Page Keep It Running vs. Implement New Things 8. Pain Points Page We Are Too Slow 9. Pain Points Page Right Sizing 10. Pain Points Page 11. Cloud Computing Page Benefits 12. Cloud Computing Market Page Estimation by IBM, 2009 84% Saving on H/W, labour,power 13. IT and Business Benefits Page Highly abstracted H/W, S/W resources for pooling Near instant scalability, provisioning Service On demand A Pay as you go billing system1 2 3 4 14. Business Benefits Page We are finally in sync with business 15. Cloud Computing Page What Arethe Risks ? 16. Applicability for Cloud Computing Page Source: Federal Reserve System, USA System Type Scalability Availability Security Cloud Type Information site Medium Medium Low Public /Hybrid External CollaborationMedium Medium Medium Public /Hybrid Public research / survey Low Medium Medium Public /Hybrid Internal R&D Low Low Medium Public /Hybrid Disaster Recovery Medium Medium Medium Public /Hybrid Application Test and QA Low Medium Medium Private Application Development Low Medium Medium Private Production Applications High High Medium No Mission Critical Applications High High High No 17. Risks and Security Concerns Page Vendor Lock In Poor SLA 3 rdParty access to Data Poor DR Plan
Few tools, procedures or standard formats available for data and service portability
Service level affects confidentiality and availability
The needs to protect the intellectual property, trade secrets; and complied to regulations and laws in different geographical regions
Business continuity and disaster recovery plans must be well documented and tested
Service and contractual risks 18. Risks and Security Concerns Page Integration / Bandwidth Encryption and Key Mgnt Testing and Monitoring Resource Allocation
How to integrate the in-house systems to the Cloud ?
High speed bandwidth ready ?
Speedy encryption / decryption;
Provider may not allow you to do thorough PEN test, audit;
Are there good monitoring tools available ?
Handling of DOS attack; Payment cap
Technology risks 19. Cloud Computing Page Addressing the Risks 20. Addressing the Risks Page
Service Level Agreement to address
Handling, usage, storage, availability of data
Business continuity and disaster recovery objectives
Right to audit
Reassess your IT Governance framework
Meeting performance objectives
Technology provisioning is aligned to business
Risks are managed
Inventory of Information Assets
21. Assurance Considerations Page Must demonstrate existence of effective and robust security controls Must prove that privacy controls are in place and able to prevent, detect and react to breaches Independent assurance from third-party audits and service auditor reports Ensure the compliance of various countries' laws, but at the same time able to access your own data when needed Transparency Certification Privacy Compliance 22. Take Away Messages Page
Many benefits - reduce costs, greater agility
Need to assess business impact and risks
Address the risk with legal, security and assurance professionals
23. Resources Page 24. Questions ? Page www.isaca.org www.isaca.org.hk [email_address] [email_address] 25. End of Presentation Page