kpmg cloud computing presentation short version
Post on 17-May-2015
4.809 Views
Preview:
DESCRIPTION
TRANSCRIPT
Cloud computing
Assurance of “The Cloud”
Drs. Mike Chung RE
KPMG�Risk�&�Compliance
ADVISORY
1© 2010�KPMG�ELLP,�the�member�firm�of�KPMG�International,�a�Swiss�cooperative.�All�rights�reserved.�KPMG�and�the�KPMG�logo�are�registered�trademarks�of�KPMG�International,�a�
Swiss�cooperative.
Cloud computing - introduction
Cloud computing as phenomenon
� The�IT�(model)�of�choice�for�2010�and�beyond
− More�than�10�million�enterprises�in�the�cloud�within�3�years
− More�than�50%�of�all�Fortune500�companies�are�already�using�
cloud�computing
� Heavy�investments�from�big�software�vendors�and�IT�integrators
− Google:�enormous�data�storage�capacities,�new�services,�
aggressive�marketing�campaign
− Microsoft:�considerable�expansion�of�data�centres
− Salesforce.com:�new�platform�services,�building�data�centres�in�
Europe
− Accenture:�offering�of�implementation�and�advisory�services
− T-Systems:�offering�of�cloud�and�integration�services
� Growing�interest�despite/thanks�to�economic�downturn�and�the�
perceptive�reliability�of�the�internet
2© 2010�KPMG�ELLP,�the�member�firm�of�KPMG�International,�a�Swiss�cooperative.�All�rights�reserved.�KPMG�and�the�KPMG�logo�are�registered�trademarks�of�KPMG�International,�a�
Swiss�cooperative.
Cloud computing - definition
‘On-premise’ versus cloud computing
Hardware, software + data
Users
Customer
‘On-premise’ Cloud computing
Users
IT services
Internal IT
Cloud vendor
Customer
Hardware, software + data
Software vendor
Software licences +
support costs
Subscription
or‘pay as you go’
Internet
IT services
What is cloud computing?
� Hosted�services�from�the�(inter)net,�metaphorically�depicted�as�a�‘cloud’
� Utilisation�of�Web�2.0
� ASP�2.0
� Examples:
� Characteristics
− Separation�of�ownership�and�use
− On-demand
− Elastic
− Multi-tenant
− External�data�storage
− Use�of�the�(public)�internet
Software-as-a-Service(Salesforce.com, Microsoft BPOS, Gmail)
Platform-as-a-Service(Google Apps, Force.com, 3tera AppLogic)
Infrastructure-as-a-Service(Amazon EC2, Citrix Cloud Centre)
3© 2010�KPMG�ELLP,�the�member�firm�of�KPMG�International,�a�Swiss�cooperative.�All�rights�reserved.�KPMG�and�the�KPMG�logo�are�registered�trademarks�of�KPMG�International,�a�
Swiss�cooperative.
Cloud computing - opportunities
Opportunities
� Cost�savings
− Costs�are�transparent�and�relatively�easy�to�manage:�shift�from�
CAPEX�to�OPEX
− Costs�(TCO)�are�significantly�lower�when�compared�with�traditional�
‘on-premise’ counterparts�– between�10%�and�50%�of�original�costs
� Complexity�reduction�&�business-focus
− Complete�outsourcing�of�IT
− IT�management�discontinued�or�reduced�to�demand�management�and�
vendor�management
− All�required�software�services�accessible�through�the�internet�without�
additional�client�software
− The�enterprise�can�really�focus�on�its�key�activities�without�being�
hampered�or�curbed�by�the�internal�IT�department
� Economies�of�scale
− The�cloud�vendor�is�able�to�deploy�new�technologies�and�service�
processes�efficiently�through�economies�of�scale
− Efficiency�and�effectiveness�of�cloud�services�can�be�enhanced
4© 2010�KPMG�ELLP,�the�member�firm�of�KPMG�International,�a�Swiss�cooperative.�All�rights�reserved.�KPMG�and�the�KPMG�logo�are�registered�trademarks�of�KPMG�International,�a�
Swiss�cooperative.
Cloud computing - risks
Risks
� External�data�storage
− Weak�control�over�data�(failing�backup�&�recovery)
− Legal�complications�(violation�on�privacy,�conflicting�legislations)
− Viability�uncertain�(insufficient�guarantee�on�continuity�and�
availability�of�services)
� Multi-tenancy�architecture
− Inadequate�segregation�of�data
− Poor�Identity�and�Access�Management�(IAM)
− Insufficient�logging�and�monitoring
− Weakest�link�is�decisive�(virtualisation,�shared�databases)
� Use�of�the�public�internet
− Vague�and/or�non-existing�accountability�and�ownership
− Loss,�misuse�and�theft�of�data�
− No�access�to�data�and/or�services
� Integration�with�the�internal�IT�environment
− Unclear�perimeters�
− No�connection�and/or�alignment�with�internal�security
− Complexity�of�integration
5© 2010�KPMG�ELLP,�the�member�firm�of�KPMG�International,�a�Swiss�cooperative.�All�rights�reserved.�KPMG�and�the�KPMG�logo�are�registered�trademarks�of�KPMG�International,�a�
Swiss�cooperative.
Cloud computing - assurance
State of affairs
� Auditing�of�cloud�computing�environments�requires�
specific�knowledge�due�to�the�particular�
architecture�(multi-tenant,�processes),�new�
technologies�(advanced�web�technology,�SOA�and�
virtualisation)�and�changing�organisational�and�legal�
aspects,�and�corresponding�risks.�
� The�much-needed�expertise�and�experience�on�
cloud�computing�audits�and�risk�management�are�
scarce.�Vendors�and�integrators�focus�purely�on�
implementations.
� Various�surveys�show�that�large�organisations�are�
having�the�following�questions�regarding�the�cloud:
− What�are�the�main�(security)�risks�and�
mitigations?
− What�are�the�possible�solutions�and�suitable�
vendors?
− What�should�be�the�migration�strategy�and�
architecture?
6© 2010�KPMG�ELLP,�the�member�firm�of�KPMG�International,�a�Swiss�cooperative.�All�rights�reserved.�KPMG�and�the�KPMG�logo�are�registered�trademarks�of�KPMG�International,�a�
Swiss�cooperative.
Cloud computing - KPMG
What does KPMG do?
� KPMG�performs�audits�on�customer’s�side
− Specific�audits�on�cloud�computing�environments�(security,�
performance,�feasibility)
− As�part�of�the�regular�IT�audits
� KPMG�performs�audits�on�vendor’s�side
− SAS70�audits
− Certifications�(ISO27001,�‘cloud�computing�quality�marks’)
� KPMG�performs�risk�assessments
� KPMG�performs�benchmarkings
� KPMG�delivers�high-quality,�independent�advisory�services
− Market�research
− Cloud�computing�strategies�
− Cloud�architectures
− Quality�Assurance
7© 2010�KPMG�ELLP,�the�member�firm�of�KPMG�International,�a�Swiss�cooperative.�All�rights�reserved.�KPMG�and�the�KPMG�logo�are�registered�trademarks�of�KPMG�International,�a�
Swiss�cooperative.
Cloud computing - contact
Ing. John Hermans RE
Associate Partner
KPMG Advisory N.V.
Tel: +31 6 5136 6389
E-mail: hermans.john@kpmg.nl
Drs. Mike Chung RE
Manager
KPMG Advisory N.V.
Tel: +31 6 1455 9916
E-mail: chung.mike@kpmg.nl
top related