EITRM Group7 Final.pptx

7/24/2019 EITRM Group7 Final.pptx

http://slidepdf.com/reader/full/eitrm-group7-finalpptx 1/22

Cloud Computing anGoverna



Cloud computing is a model for enabling convenient, on-demand

network access to a shared pool of congurable computing

resources (e.g., networks, servers, storage, applications, and

services) that can be rapidl provisioned and released with minim

management e!ort or service provider interaction.

What is Cloud Computing?



NIST Cloud Computing



"n-demand self-service◦ #ou have access to our services and ou have the pow

to change cloud services through an online control paneor directl with the provider

◦ #ou can add or delete users and change storage networand software as needed

$road network access◦

%ccess through multiple devices (smart phones, tablets,laptops, and o&ce computers)◦ %ccess through multiple locations

'esource pooling◦ 'esource pooling allows cloud providers to pool large-

scale resources to serve multiple cloud consumers

Essential Characteristics of ClouComputing



'apid elasticit

◦ %n automated abilit of a cloud to transparentl scale resources, as re*uired in response to runtime conditiondetermined b the cloud consumer or cloud provider

+easured service

◦ 'epresents the abilit of a cloud platform to keep trackusage of its resources, primaril b cloud consumers

Essential Characteristics of ClouComputing



Cloud Service ModelsSoftware as a

Service (SaaS)

Platform as a

Service (PaaS)

Infrastructure

Service (Iaa

GoogleAppEngine

SalesForceCM!otus!ive



Services

Application

"evelopment

#latform

Storage

$osting

Cloud Computing Service !a%e

"escription

Services & Complete 'usinessservices such as #a%#al( )penI"()Auth( Google Maps( Ale*a

Services

Application

Focused

Infrastructure

Focused

Application & Cloud 'asedsoft+are that eliminates the needfor local installation such asGoogle Apps( Microsoft )nline

Storage & "ata storage or cloud'ased NAS such as CTEA( i"is,(CloudNAS

"evelopment & Soft+aredevelopment platforms used to'uild custom cloud 'ased

applications -#AAS . SAAS/ suchas SalesForce#latform & Cloud 'ased platformst%picall% provided usingvirtuali0ation( such as Ama0onECC( Sun Grid

$osting & #h%sical data centerssuch as those run '% I1M( $#(NaviSite( etc2



rivate cloud◦ he cloud infrastructure is operated solel for an organiatio◦ t ma be managed b the organiation or a third part and

e/ist on premise or o! premise.

ublic cloud◦ +ega-scale cloud infrastructure is made available to the gen

public or a large industr group and is owned b an organiselling cloud services

0brid cloud◦ he cloud infrastructure is a composition of two or more clo

(private or public) that remain uni*ue entities◦ $ound together b standardied or proprietar technolog t

enables data and application portabilit

Communit Cloud◦ % communit cloud is similar to a public cloud e/cept that it

is limited to a specic communit of cloud consumers

Cloud "eplo%ment Models



Microsoft3s Cloud#latform

Glo'alFoundation

Services

CloudInfrastructure

Services

1uilding 1loc,Services

FinishedServices .

Solutions

Compute 1torage +anagement

"T

0ardware 2etworking 3eploment"peration

s



1ene4ts associated +ith cloudcomputing

456$5#• 6as to switch on and o! *uickl

without buing and selling e/pensinfrastructure and software

• %maon8s 6C9, o!ers a lot of :e/ioptions'65%$5#

• romise of more reliable and avaiservices is one of the ma;or sellinpoints of cloud

16C<'#• Cloud service provider controls ma

these aspects unlike traditional where businesses are in charge ofsecurit

1C%5%$5#• he abilit to readil scale up and

processing and storage is where cclaims its largest advantage overtraditional

• Cloud Computing brings manbenets to the end user,including=

• access to a huge range ofapplications without having todownload or install anthing

• abilit to access applicationsfrom an computer, anwherein the world

• savings on hardware andsoftware costs as users onluse what the need

• abilit for companies to shareresources in one place

• savings as consumption is

billed as a utilit, with



Cloud Economics

Cloud providers are able todeliver services less e/pensivelthan in traditional servicemodels due to two ke factors=

• Standardi0ation anda'straction of technologie(e.g., use of virtual machinesthe can upscale anddownscale storage andprocessing capabilit moree&cientl. his reduces costsof adding and removingsstems as service demandschange.

• sharing of IT capa'ilitiesacross multiple clients withdi!erent demand ccles, thecan eliminate underutiliation

of resources. his reducesoverhead costs associated



is,s associated to Cloud Techno

•

5ower control4le/ibilit

• 5ower visibilit of how secure is the servic• 1haring of resources b the customers1ecurit

•

5esser visibilit to the causes of the outag

'eliabilit and%vailabilit

• Governance approaches need to adept1calabilit



is, #ro4le

•

5ikelihood of 3ata 1ecurit,rivac, and Control $reach ishigher in ublic Cloud and lowerin rivate Cloud

"eplo%mentModel is,

#ro4le

• mpact of 5oss of Control >

1ecurit $reach is higher in aasand lower in 1aasService

Model is,#ro4le



Service modele*amples using cloudcomputing

5e% 1ene4ts 5e% is,s toconsider

6ntire production using publicbased aa1 or 1aa1

5ower Costs +ore reliable 1calable %void future risks

'ecover arrangem rotection of the da rotect the securit

assets 1trategies to switc

roduction environment usingtraditional on-premise servers and

use aa1 for development, test,recover mechanisms

$etter service?ualit

'educedmaintenance cost

rotection of the da

roduction environment usingtraditional on-premise servers,use aa1 during peak demand

'educed capacitrisks

'educedmaintenance cost

1imilar to (@) but lito peak demand

<se aa1 or aa1 for developingnew services during earl releaseiterations, as features areevolving and scaling

Greater :e/ibilit 'educed costs

1ecurit of 'ecover arrangem

IT Strateg% deliver% using the cloudcomputing



1usinessris,s

Availa'ilit%

Access Agilit% Accura

rotection ofdata andassets

0igh

1ecurit ofntellectualropert

0igh

'ecoverarrangements

0igh 0igh

1trategies toswitch

0igh

Fitting cloud computing ris,s intoframe+or,



Current IT standards and model for cloudgovernance

Computing creates new opportunities it also creates new risks. n order to reduce these ricloud providers and clients must work collaborativel to provide an assurance framework

• 6nsures that a(sstems, proceson) are implemeused according tupon policies an

procedures.

• 6nsures that theproperl controllmaintained

• 6nsures that theproviding value t

organiation (actsupporting ourorganiation8s stbusiness goals).



C)1IT

1oftware as 1ervice(1aa1)

latform 1ervice(aa1)

nfrastructure as 1ervice(1aa1)

$usiness rocess+anagement as 1ervice($+aa1)

- r i v a t e

+ a n a g e d A C o m m u n i t

0 b r i d

- u b l i c

1 a l e

s - r o d

u c t

+ a n u

f a c t u r i n

g

3 i s t r i b u

t i o n

- r o c u r e m e n

t

- a

r o l l

3imensions 3 e p l o

m e n

t

$usiness rocess %pplication

1 e r v i c e d e l i v e r + o d e l

Control )'7ectives foInformation and elTechnolog% -Co'iT/ i

governance controlframework that helpsorganiations address areas of regulatorcompliance, risk manaand aligning strategorganiational goals.



Cloud Cube +odel

• Internal8e*ternal9 denes thephsical location of the data, i.e

inside or outside the organiatioboundaries

• )pen8#roprietar%= denes theownership of technolog, servicand interfaces and depicts theinteroperabilit between the clisstems and other cloud forms.

• #erimeterised8"e:#erimeter

boundar between corporate neand the internet. 3e-perimeteridescribes the e/tent to whichcollaboration or data sharing outhe organiational borders isfacilitated

• Insourced8)utsourced9 identwho is managing the deliver ocloud services B third part prov

or our own sta!.

Cloud Cu'e Model identies criteria withwhich to di!erentiate cloud formations from

each other and to assist in determining whichformation is best suited to the business8sneeds.



C)S) EM Frame+or, to cloud his framewo;/ Internal

risks and

9) )'7ective organiation o

D) Event Iden

identifing op

E) is, Assethe impact of

F/ is, esprisk

) Control Accontrol respon

or cloud servi

7) InformatioCommunicattimel and accommunicatio

t is a best practice to incorporate cloud governance in the initial stages (when a cloustrateg is being dened) before a cloud solution is adopted. 4or organiations that aadopted cloud computing without following best 6'+ practices, it is still prudent to passessment and establish cloud governance



E*tending IT Governance to the cloud

$ecause governance is not a one-sie ts-all proposition, the scale and structmust consider the enterprise goals, maturit, comple/it and culture of the

organiation. 6/tending governance to the cloud increases the di&cult e!ective governance.

important issues that should 'e anal%0ed9• nternal threats• 0oriontal audit compliance• erformance metrics• 1ecurit• %ccountabilit and responsibilit

Accounta'ilit% esponsi'ilit%-reventive Controls -Customer s. rovider-3etective Controls -Compliance-rocedural +easures -3ata +anagement-echnical +easures -4orensics and 'ecover



Cloud computing implementation e*amples

• 1ocial 2etworking

• 3ocument A 1preadsheet hosting service - Google3oc

• $ackup 1ervices BHungledisk, +o, "ne3rive

• 1alesforce pardot C'+

• +helpdesk

• 2et:i/

• %ctiveideo

• 1iri



'eference=

http=AAwww.isaca.orgAHournalAarchivesA9I@@Aolume-FAagesA-Governance-anrinciples-and-ractice-for-Governing-%doption-of-Cloud-Computing.asp/

http=AAwww.cob.unt.eduAitdsAfacultAbeckerAbcisFF9IAassignmentsAclassJ@DJitJgover Jcloud.pdf

http=AAwww.nist.govAitlAcloudAuploadA21J1-FII-9K@Jersion-9J9I@DJHune@LJ

http=AAciteseer/.ist.psu.eduAviewdocAdownloadMdoiN@I.@[email protected]>repNrep

http=AAwww.isaca.orgAHournalAarchivesA9I@@Aolume-FAagesA-Governance-and-the-Ces-and-ractice-for-Governing-%doption-of-Cloud-Computing.asp/

http://www.cob.unt.edu/itds/faculty/becker/bcis5520/assignments/class_13_it_governance_in_the_cloud.pdf



http://www.nist.gov/itl/cloud/upload/NIST_SP-500-291_Version-2_2013_June18_FINAL.pdf

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.206.5000&rep=rep1&type=pdf

http://www.isaca.org/Journal/archives/2011/Volume-5/Pages/IT-Governance-and-the-Cloud-Principles-and-Practice-for-Governing-Adoption-of-Cloud-Computing.aspx













Date post:	23-Feb-2018
Category:	Documents
Upload:	jairaj
View:	215 times
Download:	0 times

EITRM Group7 Final.pptx

Documents