EITRM Group7 Final.pptx
Transcript of EITRM Group7 Final.pptx
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 1/22
Cloud Computing anGoverna
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 2/22
Cloud computing is a model for enabling convenient, on-demand
network access to a shared pool of congurable computing
resources (e.g., networks, servers, storage, applications, and
services) that can be rapidl provisioned and released with minim
management e!ort or service provider interaction.
What is Cloud Computing?
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 3/22
NIST Cloud Computing
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 4/22
"n-demand self-service◦ #ou have access to our services and ou have the pow
to change cloud services through an online control paneor directl with the provider
◦ #ou can add or delete users and change storage networand software as needed
$road network access◦
%ccess through multiple devices (smart phones, tablets,laptops, and o&ce computers)◦ %ccess through multiple locations
'esource pooling◦ 'esource pooling allows cloud providers to pool large-
scale resources to serve multiple cloud consumers
Essential Characteristics of ClouComputing
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 5/22
'apid elasticit
◦ %n automated abilit of a cloud to transparentl scale resources, as re*uired in response to runtime conditiondetermined b the cloud consumer or cloud provider
+easured service
◦ 'epresents the abilit of a cloud platform to keep trackusage of its resources, primaril b cloud consumers
Essential Characteristics of ClouComputing
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 6/22
Cloud Service ModelsSoftware as a
Service (SaaS)
Platform as a
Service (PaaS)
Infrastructure
Service (Iaa
GoogleAppEngine
SalesForceCM!otus!ive
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 7/22
Services
Application
"evelopment
#latform
Storage
$osting
Cloud Computing Service !a%e
"escription
Services & Complete 'usinessservices such as #a%#al( )penI"()Auth( Google Maps( Ale*a
Services
Application
Focused
Infrastructure
Focused
Application & Cloud 'asedsoft+are that eliminates the needfor local installation such asGoogle Apps( Microsoft )nline
Storage & "ata storage or cloud'ased NAS such as CTEA( i"is,(CloudNAS
"evelopment & Soft+aredevelopment platforms used to'uild custom cloud 'ased
applications -#AAS . SAAS/ suchas SalesForce#latform & Cloud 'ased platformst%picall% provided usingvirtuali0ation( such as Ama0onECC( Sun Grid
$osting & #h%sical data centerssuch as those run '% I1M( $#(NaviSite( etc2
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 8/22
rivate cloud◦ he cloud infrastructure is operated solel for an organiatio◦ t ma be managed b the organiation or a third part and
e/ist on premise or o! premise.
ublic cloud◦ +ega-scale cloud infrastructure is made available to the gen
public or a large industr group and is owned b an organiselling cloud services
0brid cloud◦ he cloud infrastructure is a composition of two or more clo
(private or public) that remain uni*ue entities◦ $ound together b standardied or proprietar technolog t
enables data and application portabilit
Communit Cloud◦ % communit cloud is similar to a public cloud e/cept that it
is limited to a specic communit of cloud consumers
Cloud "eplo%ment Models
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 9/22
Microsoft3s Cloud#latform
Glo'alFoundation
Services
CloudInfrastructure
Services
1uilding 1loc,Services
FinishedServices .
Solutions
Compute 1torage +anagement
"T
0ardware 2etworking 3eploment"peration
s
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 10/22
1ene4ts associated +ith cloudcomputing
456$5#• 6as to switch on and o! *uickl
without buing and selling e/pensinfrastructure and software
• %maon8s 6C9, o!ers a lot of :e/ioptions'65%$5#
• romise of more reliable and avaiservices is one of the ma;or sellinpoints of cloud
16C<'#• Cloud service provider controls ma
these aspects unlike traditional where businesses are in charge ofsecurit
1C%5%$5#• he abilit to readil scale up and
processing and storage is where cclaims its largest advantage overtraditional
• Cloud Computing brings manbenets to the end user,including=
• access to a huge range ofapplications without having todownload or install anthing
• abilit to access applicationsfrom an computer, anwherein the world
• savings on hardware andsoftware costs as users onluse what the need
• abilit for companies to shareresources in one place
• savings as consumption is
billed as a utilit, with
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 11/22
Cloud Economics
Cloud providers are able todeliver services less e/pensivelthan in traditional servicemodels due to two ke factors=
• Standardi0ation anda'straction of technologie(e.g., use of virtual machinesthe can upscale anddownscale storage andprocessing capabilit moree&cientl. his reduces costsof adding and removingsstems as service demandschange.
• sharing of IT capa'ilitiesacross multiple clients withdi!erent demand ccles, thecan eliminate underutiliation
of resources. his reducesoverhead costs associated
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 12/22
is,s associated to Cloud Techno
•
5ower control4le/ibilit
• 5ower visibilit of how secure is the servic• 1haring of resources b the customers1ecurit
•
5esser visibilit to the causes of the outag
'eliabilit and%vailabilit
• Governance approaches need to adept1calabilit
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 13/22
is, #ro4le
•
5ikelihood of 3ata 1ecurit,rivac, and Control $reach ishigher in ublic Cloud and lowerin rivate Cloud
"eplo%mentModel is,
#ro4le
• mpact of 5oss of Control >
1ecurit $reach is higher in aasand lower in 1aasService
Model is,#ro4le
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 14/22
Service modele*amples using cloudcomputing
5e% 1ene4ts 5e% is,s toconsider
6ntire production using publicbased aa1 or 1aa1
5ower Costs +ore reliable 1calable %void future risks
'ecover arrangem rotection of the da rotect the securit
assets 1trategies to switc
roduction environment usingtraditional on-premise servers and
use aa1 for development, test,recover mechanisms
$etter service?ualit
'educedmaintenance cost
rotection of the da
roduction environment usingtraditional on-premise servers,use aa1 during peak demand
'educed capacitrisks
'educedmaintenance cost
1imilar to (@) but lito peak demand
<se aa1 or aa1 for developingnew services during earl releaseiterations, as features areevolving and scaling
Greater :e/ibilit 'educed costs
1ecurit of 'ecover arrangem
IT Strateg% deliver% using the cloudcomputing
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 15/22
1usinessris,s
Availa'ilit%
Access Agilit% Accura
rotection ofdata andassets
0igh
1ecurit ofntellectualropert
0igh
'ecoverarrangements
0igh 0igh
1trategies toswitch
0igh
Fitting cloud computing ris,s intoframe+or,
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 16/22
Current IT standards and model for cloudgovernance
Computing creates new opportunities it also creates new risks. n order to reduce these ricloud providers and clients must work collaborativel to provide an assurance framework
• 6nsures that a(sstems, proceson) are implemeused according tupon policies an
procedures.
• 6nsures that theproperl controllmaintained
• 6nsures that theproviding value t
organiation (actsupporting ourorganiation8s stbusiness goals).
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 17/22
C)1IT
1oftware as 1ervice(1aa1)
latform 1ervice(aa1)
nfrastructure as 1ervice(1aa1)
$usiness rocess+anagement as 1ervice($+aa1)
- r i v a t e
+ a n a g e d A C o m m u n i t
0 b r i d
- u b l i c
1 a l e
s - r o d
u c t
+ a n u
f a c t u r i n
g
3 i s t r i b u
t i o n
- r o c u r e m e n
t
- a
r o l l
3imensions 3 e p l o
m e n
t
$usiness rocess %pplication
1 e r v i c e d e l i v e r + o d e l
Control )'7ectives foInformation and elTechnolog% -Co'iT/ i
governance controlframework that helpsorganiations address areas of regulatorcompliance, risk manaand aligning strategorganiational goals.
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 18/22
Cloud Cube +odel
• Internal8e*ternal9 denes thephsical location of the data, i.e
inside or outside the organiatioboundaries
• )pen8#roprietar%= denes theownership of technolog, servicand interfaces and depicts theinteroperabilit between the clisstems and other cloud forms.
• #erimeterised8"e:#erimeter
boundar between corporate neand the internet. 3e-perimeteridescribes the e/tent to whichcollaboration or data sharing outhe organiational borders isfacilitated
• Insourced8)utsourced9 identwho is managing the deliver ocloud services B third part prov
or our own sta!.
Cloud Cu'e Model identies criteria withwhich to di!erentiate cloud formations from
each other and to assist in determining whichformation is best suited to the business8sneeds.
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 19/22
C)S) EM Frame+or, to cloud his framewo;/ Internal
risks and
9) )'7ective organiation o
D) Event Iden
identifing op
E) is, Assethe impact of
F/ is, esprisk
) Control Accontrol respon
or cloud servi
7) InformatioCommunicattimel and accommunicatio
t is a best practice to incorporate cloud governance in the initial stages (when a cloustrateg is being dened) before a cloud solution is adopted. 4or organiations that aadopted cloud computing without following best 6'+ practices, it is still prudent to passessment and establish cloud governance
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 20/22
E*tending IT Governance to the cloud
$ecause governance is not a one-sie ts-all proposition, the scale and structmust consider the enterprise goals, maturit, comple/it and culture of the
organiation. 6/tending governance to the cloud increases the di&cult e!ective governance.
important issues that should 'e anal%0ed9• nternal threats• 0oriontal audit compliance• erformance metrics• 1ecurit• %ccountabilit and responsibilit
Accounta'ilit% esponsi'ilit%-reventive Controls -Customer s. rovider-3etective Controls -Compliance-rocedural +easures -3ata +anagement-echnical +easures -4orensics and 'ecover
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 21/22
Cloud computing implementation e*amples
• 1ocial 2etworking
• 3ocument A 1preadsheet hosting service - Google3oc
• $ackup 1ervices BHungledisk, +o, "ne3rive
• 1alesforce pardot C'+
• +helpdesk
• 2et:i/
• %ctiveideo
• 1iri
7/24/2019 EITRM Group7 Final.pptx
http://slidepdf.com/reader/full/eitrm-group7-finalpptx 22/22
'eference=
http=AAwww.isaca.orgAHournalAarchivesA9I@@Aolume-FAagesA-Governance-anrinciples-and-ractice-for-Governing-%doption-of-Cloud-Computing.asp/
http=AAwww.cob.unt.eduAitdsAfacultAbeckerAbcisFF9IAassignmentsAclassJ@DJitJgover Jcloud.pdf
http=AAwww.nist.govAitlAcloudAuploadA21J1-FII-9K@Jersion-9J9I@DJHune@LJ
http=AAciteseer/.ist.psu.eduAviewdocAdownloadMdoiN@I.@[email protected]>repNrep
http=AAwww.isaca.orgAHournalAarchivesA9I@@Aolume-FAagesA-Governance-and-the-Ces-and-ractice-for-Governing-%doption-of-Cloud-Computing.asp/