cloud computing - benefits and risks
Post on 15-Nov-2014
7.016 Views
Preview:
DESCRIPTION
TRANSCRIPT
Cloud Computing – Benefits and Risks
President, ISACA China Hong KongMichael Yung
Page 2
Evolution – Mainframe Computer
Page 3
Evolution – Mini Computer, PCs and Internet
Page 4
Evolution - Cloud Computing
Page 5
Next 25 Minutes
Pain Points Benefits Risks
Page 6
Infrastructure Cost and Service Delivery
Pain Points
Page 7
Pain Points
Keep It Running vs. Implement New Things
Page 8
Pain Points
We Are Too Slow
Page 9
Pain Points
Right Sizing
Page 10
Pain Points
Page 11
Cloud Computing
Benefits
Page 12
Cloud Computing Market
47
60
77
99
128
0
20
40
60
80
100
120
140
2008 2009 2010 2011 2012
Market size (US$ Billion)
84% Saving
on H/W,
labour,
power
84% Saving
on H/W,
labour,
power
Estimation by IBM, 2009
Page 13
IT and Business Benefits
Highly abstracted H/W, S/W resources for pooling
Near instant scalability, provisioning
‘Service On demand’
A ‘Pay as you go’ billing system
1
2
3
4
Page 14
Business Benefits
We are finally in sync with business
Page 15
Cloud Computing
What Are the Risks ?
Page 16
System Type Scalability Availability Security Cloud Type
Information site Medium Medium Low Public /Hybrid
External Collaboration Medium Medium Medium Public /Hybrid
Public research / survey Low Medium Medium Public /Hybrid
Internal R&D Low Low Medium Public /Hybrid
Disaster Recovery Medium Medium Medium Public /Hybrid
Application Test and QA Low Medium Medium Private
Application Development Low Medium Medium Private
Production Applications High High Medium No
Mission Critical Applications High High High No
Applicability for Cloud Computing
Source: Federal Reserve System, USA
Page 17
Risks and Security Concerns
Vendor Lock In
Poor SLA
3rd Party access to Data
Poor DR Plan
Few tools, procedures or standard formats available for data and service portability
Service level affects confidentiality and availability
The needs to protect the intellectual property, trade secrets; and complied to regulations and laws in different geographical regions
Business continuity and disaster recovery plans must be well documented and tested
Service and contractual risks
Page 18
Risks and Security Concerns
Integration / Bandwidth
Encryption and Key Mgnt
Testing and Monitoring
Resource Allocation
How to integrate the in-house systems to the Cloud ? High speed bandwidth ready ?
Speedy encryption / decryption; Key management
Provider may not allow you to do thorough PEN test, audit; Are there good monitoring tools available ?
Overbooking, underbooking; Handling of DOS attack; Payment cap
Technology risks
Page 19
Cloud Computing
Addressing the Risks
Page 20
Addressing the Risks
Service Level Agreement to address Handling, usage, storage, availability of data Business continuity and disaster recovery objectives Right to audit
Reassess your IT Governance framework Meeting performance objectives Technology provisioning is aligned to business Risks are managed
Inventory of Information Assets Classified, labeled
Page 21
Assurance Considerations
Must demonstrate existence of effective
and robust security controls
Must prove that privacy controls are in place and
able to prevent, detect and react to breaches
Independent assurance from third-party audits and service auditor reports
Ensure the compliance of various countries' laws, but at the same time able to access your own data when needed
Page 22
Take Away Messages
1. Many benefits - reduce costs, greater agility
2. Need to assess business impact and risks
3. Address the risk with legal, security and assurance professionals
Page 23
Resources
Page 24
Questions ?
www.isaca.org
www.isaca.org.hk
president@isaca.org.hk
mail@michaelyung.com
End of Presentation
Page 25
top related