Date post: | 19-Jun-2015 |
Category: |
Technology |
Upload: | open-data-center-alliance |
View: | 123 times |
Download: | 0 times |
BRINGING AGILITY IN CLOUD RISK MANAGEMENTWorkshop
UBS
Ed Simmons
T-Systems
Ryan Skipp
LEGAL DISCLAIMER Open Data Center Alliance, Inc. is NOT a law firm. The information provided or referenced in this Best
Practices document regarding possible regulatory compliance obligations or risk assessment / management related to such obligations are not intended, in any way, as legal advice to you. Our publishing of this Best Practices document and your review or use of it is NOT intended to create, nor does it create, any attorney client relationship between Open Data Center Alliance, Inc. and you. We encourage you to seek proper, independent legal advice from an appropriate advisor before making any decisions that might impact your legal duties or rights or might impose any legal liability on you.
Any reference to any laws/regulations/rules in this document may not be a complete list of the laws/regulations/rules that impact your circumstances. Also, applicable laws/regulations change frequently, and the application of laws/regulations by courts and government agencies can vary greatly.
Thus, all information provided or referenced in this Best Practices document is provided to you on an “AS IS” and “AS AVAILABLE” basis. If you rely on any of this information you do so at your own risk and you are totally and solely responsible for the consequences of your actions, including (without limitation) all legal liability and legal consequences. 2
OBJECTIVES Discuss ODCA Best Practice Paper: Improving Agility in Cloud Risk Management Rev. 1.0Workshop
• Risk Management Challenges in the Enterprise• Best Practices to Improve Agility in Cloud Risk Management• Discuss Implementation Experiences
Collaboration, interaction and discussionQ&A
3
URL to white paper and materials: http://bit.ly/1rh5X94
RETHINK RISK MANAGEMENT The Benefits offered by cloud computing to innovate and transform value proposition, compete in the marketplace, and accelerate growth and customer satisfaction
>> mandates a high rate of velocity and agility in identifying, assessing, selecting, and implementing cloud-based services
Business leaders expect cloud adoption to be rewarding, well managed, and within acceptable risk and compliance limits, driving the need to
>> rapidly adapt and rethink traditional risk management processes to deliver agile, sustainable outcomes
4
RISK MANAGEMENT - GOALSMature, robust, right-sized, and agile risk management practices to support rapid assessment and optimization of cloud computing risks
Strategic view of cloud risk management
Consistent, sustainable, simple, and integrated risk management across the enterprise
5
[Q] RISK CHALLENGES – EXERCISE 1Discuss Cloud Risk Management Challenges
[Workshop material page # 2]
6
[A] RISK CHALLENGES – EXERCISE 1 Cloud Risk Management Challenges
• Value perception and lack of agility• Siloed management of risk• Security as a proxy for all risk• Risk language• Prioritization of risk management• Complexity
7
[Q] – RISK BEST PRACTICES [EXERCISE 2]
Discuss Cloud Risk Management ChallengesDiscuss Best Practices for Risk Management[Workshop material page # 4]
8
[A] – RISK BEST PRACTICES [EXERCISE 2]
Objective Best PracticePromote Safe Cloud Adoption [1] Enterprise focus
[2] Risk appetite[3] Standardization
Inject Agility and Velocity in Risk Management
[4] Agility[5] Right-sizing[3] Standardization
Integrate and Sustain Cloud Risk Management
[6] Integration[7] Sustainability
Minimize Waste in Risk Management
[8] Continuous process improvement
9
[Q] RISK APPETITE – EXERCISE 3Discuss Cloud Risk Management ChallengesDiscuss Best Practices for Risk Management Setting cloud risk appetite[Workshop material page # 6]
10
[A] RISK APPETITE – EXERCISE 3
11
Risk Appetite Dimension
Level:Conservative
Level: Balanced
Level: Expansionary
Information Security No appetite to use cloud for confidentialand highly confidential information
On-premises cloud can be used forconfidential and highly confidential information
Off-premises cloud is acceptable forconfidential and highly confidential information
Service Criticality (Use cloud for which services and business processes)
No appetite to adopt cloud for coreand mission-critical services
Cloud is acceptable for core services
Cloud is considered for core and mission criticalservices
Service Location and Jurisdiction
Services hosted only in domesticJurisdiction
Hosting in foreign jurisdictions is permittedfor private information
Hosting in foreign jurisdictions is permittedfor confidential and highly confidentialinformation
Type of cloud service providers
Leading edge, established players
Leading edge, established players
Bleeding edge, start-ups
[Q] STANDARDIZING RISK MANAGEMENT –EXERCISE 4
Discuss Cloud Risk Management ChallengesDiscuss Best Practices for Risk Management Setting cloud risk appetite Standardization of Risk mitigation – Discuss how[Workshop material page # 8]
12
[A] STANDARDIZING RISK MANAGEMENT – EXERCISE 4
13
The handout describes common risks, and ODCA usage models to help manage risks. Review the risk types, and mitigation plans
[Q] RISK RIGHT-SIZING - EXERCISE 5
Discuss Cloud Risk Management ChallengesDiscuss Best Practices for Risk Management Setting cloud risk appetite Standardization of Risk mitigation – Discuss howDiscuss risk right-sizing[Workshop material page # 14]
14
[A] RISK RIGHT-SIZING - EXERCISE 5
15
Cloud risk management processes should be right-sized based on the level of risk
FURTHER INFORMATION Discuss Cloud Risk Management Challenges Discuss Best Practices for Risk Management Setting cloud risk appetite Standardization of Risk mitigation – Discuss how Discuss risk right-sizing Agility, Integration, Kaizen, and Sustainability: Refer to
the best practice paper (Improving Agility in Cloud Risk Management)
16
CONCLUSION Risk Management is an integral competency of mature enterprises
ODCA best practice paper provides guidance to rethink and tune the Enterprise risk management practices to meet the agility requirements of Cloud adoption
We encourage adoption of the best practices in real life situations – Please visit the ODCA web site for further information (http://www.opendatacenteralliance.org/library)
17
18
19
© 2 0 1 4 O p e n D a t a C e n t e r A l l i a n c e , I n c . A L L R I G H T S R E S E R V E D .