Cloud Computing - Benefits and Risks

  • Published on
    15-Nov-2014

  • View
    6.992

  • Download
    3

Embed Size (px)

DESCRIPTION

Recent economic pressures have resulted in increased requirements for the availability, scalability and efficiency of enterprise IT solutions. Many parties claim that cloud computing can help enterprises meet the increased requirements of lower TCO, higher ROI, increased efficiency, dynamic provisioning and utility-like services.However, many IT professionals are citing the increased risks associated with trusting information assets to the cloud as something that must be clearly understood and managed by relevant stakeholders. This presentation examines the potential business benefits, risks and assurance considerations.

Transcript

  • 1. Cloud Computing Benefits and Risks President, ISACA China Hong Kong Michael Yung

2. Evolution Mainframe Computer Page 3. Evolution Mini Computer, PCs and Internet Page 4. Evolution - Cloud Computing Page 5. Next 25 Minutes Page Pain Points Benefits Risks 6. Infrastructure Cost and Service DeliveryPage Pain Points 7. Pain Points Page Keep It Running vs. Implement New Things 8. Pain Points Page We Are Too Slow 9. Pain Points Page Right Sizing 10. Pain Points Page 11. Cloud Computing Page Benefits 12. Cloud Computing Market Page Estimation by IBM, 2009 84% Saving on H/W, labour,power 13. IT and Business Benefits Page Highly abstracted H/W, S/W resources for pooling Near instant scalability, provisioning Service On demand A Pay as you go billing system1 2 3 4 14. Business Benefits Page We are finally in sync with business 15. Cloud Computing Page What Arethe Risks ? 16. Applicability for Cloud Computing Page Source: Federal Reserve System, USA System Type Scalability Availability Security Cloud Type Information site Medium Medium Low Public /Hybrid External CollaborationMedium Medium Medium Public /Hybrid Public research / survey Low Medium Medium Public /Hybrid Internal R&D Low Low Medium Public /Hybrid Disaster Recovery Medium Medium Medium Public /Hybrid Application Test and QA Low Medium Medium Private Application Development Low Medium Medium Private Production Applications High High Medium No Mission Critical Applications High High High No 17. Risks and Security Concerns Page Vendor Lock In Poor SLA 3 rdParty access to Data Poor DR Plan

  • Few tools, procedures or standard formats available for data and service portability
  • Service level affects confidentiality and availability
  • The needs to protect the intellectual property, trade secrets; and complied to regulations and laws in different geographical regions
  • Business continuity and disaster recovery plans must be well documented and tested

Service and contractual risks 18. Risks and Security Concerns Page Integration / Bandwidth Encryption and Key Mgnt Testing and Monitoring Resource Allocation

  • How to integrate the in-house systems to the Cloud ?
  • High speed bandwidth ready ?
  • Speedy encryption / decryption;
  • Key management
  • Provider may not allow you to do thorough PEN test, audit;
  • Are there good monitoring tools available ?
  • Overbooking, underbooking;
  • Handling of DOS attack; Payment cap

Technology risks 19. Cloud Computing Page Addressing the Risks 20. Addressing the Risks Page

  • Service Level Agreement to address
    • Handling, usage, storage, availability of data
    • Business continuity and disaster recovery objectives
    • Right to audit
  • Reassess your IT Governance framework
    • Meeting performance objectives
    • Technology provisioning is aligned to business
    • Risks are managed
  • Inventory of Information Assets
    • Classified, labeled

21. Assurance Considerations Page Must demonstrate existence of effective and robust security controls Must prove that privacy controls are in place and able to prevent, detect and react to breaches Independent assurance from third-party audits and service auditor reports Ensure the compliance of various countries' laws, but at the same time able to access your own data when needed Transparency Certification Privacy Compliance 22. Take Away Messages Page

  • Many benefits - reduce costs, greater agility
  • Need to assess business impact and risks
  • Address the risk with legal, security and assurance professionals

23. Resources Page 24. Questions ? Page www.isaca.org www.isaca.org.hk [email_address] [email_address] 25. End of Presentation Page

Recommended

View more >