Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Sales

PowerPoint-Präsentation

advertisement 
Martin Kuppinger
Founder and Principal Analyst, KuppingerCole
mk@kuppingercole.com
Cloud Services
Measurement, Audit – and Standards
Abstract
• Cloud computing provides an opportunity for organizations to
optimize the procurement of IT services from both internal and
external suppliers However - many organizations are
sleepwalking into the Cloud. Moving to the cloud may
outsource the provision of the IT service, but it does not
outsource responsibility. This session will look at the issues
that may be forgotten or ignored when adopting the cloud
computing. These include:
–
–
–
–
Ensuring legal and regulatory compliance
Assuring data security
Ensuring business continuity
Avoiding lock in
2
Agenda
• The Seven Deadly sins
• The Ten Cloud commandments
• Summary
3
SEVEN DEADLY SINS
Seven Capital Vices
• Used by the Christian church to teach the origin of sin.
– Wrath
– Greed
– Sloth
– Pride
– Lust
– Envy
– Gluttony
5
Cloud Computing Seven Deadly Sins
• Sloth
– Not knowing you are using the Cloud
– Not assuring legal and regulatory compliance
– Not knowing what data is in the cloud
– Not managing identity and access to the cloud
– Not managing business continuity and the cloud
– Becoming Locked-in to one provider.
– Not managing your Cloud provider.
6
TEN COMMANDMENTS OF
CLOUD COMPUTING
7
Summary
• To Avoid the Seven Deadly Sins of Cloud follow the ten
commandments:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Know that you are using the Cloud
Use Good Governance for the Cloud and other IT Services
Choose the right kind of Cloud
Assure Compliance
Assure Information Security
Manage Identity and Access
Assure privilege management
Include the Cloud in your Business Continuity Plan
Avoid Lock-in
Manage the Cloud Service Provider
8
#2 Use Good Governance for the
Cloud as well as other IT Services
Cloud Governance
Identify Business Requirements
Specify Service to meet business needs
Assess Risk Probability and Impact and Risk Response
Assure Delivery of Cloud Service
10
#10 Manage the Cloud Service
Provider
Legal Risk - Contract
Probability
Very High
Impact
High
• In General - Outsourcing Contracts
are negotiated SLAs
• Cloud Provider Contracts are
– Largely “take it or leave it”
– May have less onerous obligations on provider
– Almost total exclusion of liability
Legal Considerations Cloud computing contracts, Kristof de Vulder, DLA Piper LLP
http://www.isaca.org/Groups/Professional-English/cloudcomputing/GroupDocuments/DLA_Cloudcomputing%20legal%20considerations.pdf
12
Cloud Service Delivery Management
ISO 27001 Control 10.2
• Check the implementation of agreements, monitor compliance and
manage changes to ensure that the services delivered meet all
requirements agreed with the third party.
Ensure service levels and
security controls in the Cloud
service agreement are
implemented, operated, and
maintained
Provider Responsibility Provide data on service levels
and controls and certification
through external audits.
Customer
Responsibility
13
What’s out there?
• Cloud Security Alliance „Cloud Controls Matrix“
– Approach to enhance Internal Controls Frameworks to Cloud Services
• ISO 27001
– Independent of deployment model, works for Cloud Services as well
• Data Protection Requirement Analysis („Schutzbedarfsanalyse“ – BSI
approach)
– Focus on information assets which have to be protected
– Can be enhanced for cloud
• Carnegie Mellon SMI
– Cloud Service Measurement Initiative Consortium
– Set of KPIs for measuring cloud services
• NIST
– Just published a definition of „Cloud“
• Who else?
– …
14
Cloud Security Alliance: CCM
15
ISO 27001
http://img.docstoccdn.com/thumb/orig/2108612.png
16
What you need
• Selection
– Quick, prepared, comprehensive, focused, risk-aware
– Short list of questions
• Internal Controls
– Less time-sensitive, probes, prepared, limited, risk-aware
– Comprehensive control frameworks
17
Vorgehensmodell und Voraussetzungen
Evaluate Information Protection Requirements
Map to service features
Develop a questionnaire
Decide
Define and apply controls
18
Systems
Services
Services
Information
Governance
Process
Governance
Service
Governance
Systems
Traditional
(System Governance)
Advanced
(Information
Governance)
Cloud basics
(Information and
Service Governance)
Cloud ready
(Full Governance)
QUESTIONS?
21
Related documents
Document
Document
More on the project
More on the project
Document
Document
Van as-a-Service naar at-your-Service
Van as-a-Service naar at-your-Service
Chapter 11: Ascending and Descending Air
Chapter 11: Ascending and Descending Air
SNLI Maximizing Data Presentation - National Association of Child
SNLI Maximizing Data Presentation - National Association of Child
Download
advertisement