Navigating the Cloud
description
Transcript of Navigating the Cloud
![Page 1: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/1.jpg)
Navigating the CloudThrough fog or in fair weather?
Johan Bakker MSc CISSP ISSAPISACA Round-table, 6th of May, 2013
![Page 2: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/2.jpg)
Unified Vision @ ISACA
Every cloud has a silver lining…
6th of May, 2013
Every cloud has a silver lining, but sometimes it is difficult to get it to the mint…Don Marquis
![Page 3: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/3.jpg)
Unified Vision @ ISACA6th of May, 2013
•Loss of governance•Vendor Lock-in•Isolation failure•Compliance risk
Risk - Loss of governance
If all you have left is a telephone number…to a help desk…
![Page 4: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/4.jpg)
Unified Vision @ ISACA6th of May, 2013
Vendor lock-in
What if you want to move your data (and functionality) to another cloud provider or just back home?
![Page 5: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/5.jpg)
Unified Vision @ ISACA6th of May, 2013
Data location, ownership and access
Where is your information stored, who owns it (!) and who will have access to it?
![Page 6: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/6.jpg)
Unified Vision @ ISACA
Multi-tenancy & segregation risks
6th of May, 2013
With whom are are you sharing your front door and what else may you be sharing?
![Page 7: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/7.jpg)
Unified Vision @ ISACA6th of May, 2013
Availability risk
Will you always have access to your cloud service when you need it?
![Page 8: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/8.jpg)
Unified Vision @ ISACA6th of May, 2013
Compliance risk
Will you be able to comply with external customer, legal and regulatory requirements?
![Page 9: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/9.jpg)
Unified Vision @ ISACA
Catastrophic loss of service
6th of May, 2013
What if the cloud provider can no longer provide its services?
![Page 10: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/10.jpg)
Unified Vision @ ISACA
Are you still ready to jump in?
6th of May, 2013
![Page 11: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/11.jpg)
Unified Vision @ ISACA
Being ready means…
6th of May, 2013
Understanding how cloud fits in your overall business and IT strategy…
![Page 12: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/12.jpg)
Unified Vision @ ISACA
Being ready means…
6th of May, 2013
Understanding how cloud will impact your processes and the way IT is being used...
![Page 13: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/13.jpg)
Unified Vision @ ISACA
Being ready means…
6th of May, 2013
Having insight into the value of your business information and your dependency on it…(Fortis-topman Filip Dierckx in De Pers)
![Page 14: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/14.jpg)
Unified Vision @ ISACA
Being ready means…
6th of May, 2013
Having a clear view on business,governance, legal, contract, security & continuity risks and forthcoming requirements...
![Page 15: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/15.jpg)
Unified Vision @ ISACA
Being ready means…
6th of May, 2013
Understanding the cloud deployment & service model that suites your needs…
![Page 16: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/16.jpg)
Unified Vision @ ISACA
Being ready means…
6th of May, 2013
Having a complete business case, with accurate usage & license cost as well as all the factors mentioned before…
![Page 17: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/17.jpg)
Unified Vision @ ISACA
How to enjoy the ride!
6th of May, 2013
![Page 18: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/18.jpg)
Unified Vision @ ISACA6th of May, 2013
Clear set of requirements
Assess your risks and needs and document in detail what it is that you are looking for…
![Page 19: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/19.jpg)
Unified Vision @ ISACA6th of May, 2013
Select deployment & service model
Select the service & deployment model that fits your needs, risks and requirements..
![Page 20: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/20.jpg)
Unified Vision @ ISACA6th of May, 2013
Provider(s) selection
To whom will you trust your business information to?
Make it personal!
![Page 21: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/21.jpg)
Unified Vision @ ISACA
Contract negotiation
Data ownership & jurisdiction
Portability & re-transition
Responsibilities & liability
Supply chain assurance
Security & ContinuityUsage & license
cost modelService Levels
Audits, TPM’s & certificates
Contract negotiations
6th of May, 2013
Cloud service contract, SLA and level of assurance
![Page 22: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/22.jpg)
Unified Vision @ ISACA
Assurance
6th of May, 2013
Trust is good, proof is better; seeing is believing!
![Page 23: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/23.jpg)
Unified Vision @ ISACA
Certificates & Frameworks
6th of May, 2013
Well-known frameworks to assist you:• ISO 9001 – Quality Management• ISO20000 – IT Service Management (and/or ITILv3)• ISO27001 – Information Security Management• ISO22301 – Business Continuity Management • Data Centre Tier I-IV certificate (Uptime Institute)• Service Organization Control – SOC2 (AICPA)• Cloud Control Matrix – CCM (CSA)• ISO27017/18/36 – ISO Cloud work in progress
![Page 24: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/24.jpg)
Unified Vision @ ISACA
Summing up
6th of May, 2013
![Page 25: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/25.jpg)
Unified Vision @ ISACA
Through fog or in fair weather?
6th of May, 2013
Ad hoc Uncontrolled Penny wise, pound foolish Accept any standard contract Lacking risk awareness
In for a shocker?
![Page 26: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/26.jpg)
Unified Vision @ ISACA
Through fog or in fair weather?
6th of May, 2013
Part of overall IT strategy Clear risks & requirements Selecting the right provider Negotiating a solid contract Obtaining sufficient assurance
Less risk than in-house IT?
![Page 27: Navigating the Cloud](https://reader035.fdocuments.in/reader035/viewer/2022062501/568161a4550346895dd160c3/html5/thumbnails/27.jpg)