Solution is within.
*Cloud ComputingRisks and Controls
7/4/2011
*It’ every where but why?
Model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
7/4/2011
*Cloud Models
7/4/2011
*Evolution Continues
7/4/2011
*Technical Building Blocks
Cloud computing combines several technical innovations from the last 10 to 15years that constitute its fundamental technical building blocks, including:
SOA 뾃 library of proven, functional software applets that can be connected to become a useful application
Application programming interfaces (APIs) 뾗Tags to direct applets about the Internet
XML 뾋 Identifier tags attached to information (data, pages, pictures, files, fields, etc.) that allow them to be transported to any designated application located on the Internet
7/4/2011
*Cloud Computing Challenges
* Data Location
* Commingled Data
* Cloud Security Policy / Procedure Transparency
* Cloud Data Ownership
* Lock-in with CSP’s proprietary APIs
* CSP business viability
* Record keeping for forensic audits
* Identity and Access Management (IAM)
* Penetration detection
* Screening of other cloud computing clients
* Compliance Requirements
* Disaster Recovery
7/4/2011
*Governance in the cloud
* Data Location
* Commingled Data
* Cloud Security Policy / Procedure Transparency
* Cloud Data Ownership
* Lock-in with CSP’s proprietary APIs
* CSP business viability
* Record keeping for forensic audits
* Identity and Access Management (IAM)
* Penetration detection
* Screening of other cloud computing clients
* Compliance Requirements
* Disaster Recovery
7/4/2011
*Cloud Factors
7/4/2011
*Risk IT for the Cloud
* Strategic
* Environmental
* Market
* Credit
* Operational
* Compliance
*Risk Hierarchy
*Key Questions
*Risk Management
*Assessing Sun Cloud
You decide what degree of assessment would suffice your needs.
7/4/2011
7/4/2011
*Deliverables
*Assessment Report(s)
*SLAs
*Accessibility Report
*Vulnerabilities
*Risks
*Compliance
*Responsibility & Accountability Metrics
7/4/2011
*Need more info?
*Please contact:
Azim Tirmizi
214-473-4274