8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 1/23

 

Managing Risk in Moving

to the Cloud:

Lessons from the

Internet2 NET+ Program

Jerry Grochow, Internet2 (Moderator)

Bob Carozzoni, Cornell University

Lynn Johnson, University of Michigan

Donna Tatro, Princeton University

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 2/23

Whether you are moving to a new

apartment or moving to the cloud, thereis risk in everything you do!

• There is risk in everything you don’t do

too!• Our focus today is on:

 – Understanding risk of moving to the cloud

 – Managing risk in moving to the cloud

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 3/23

Discussion:

• Bob Carozzoni, Cloud Strategist, Cornell

• Lynn Johnson, Professor and Assoc Dean,Univ of Michigan Dental School

• Donna Tatro, Assoc CIO, Princeton

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 4/23

Before talking about risks, what about

goals? What are your goals in moving to the

cloud?

o Function: new/expanded functionality

o Time: reduce time to deployment

o Costs: reduce costs, change to opex

(versus capex)

o  Agility: ease of deployment, upgrading,

changing capacity

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 5/23

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 6/23

What is “risk”?

“ Chance of injury, damage, or loss.”

In moving to the cloud, “injury” can mean:

late delivery

over budget

unacceptable performance or reliability

data loss/exposure

not meeting expected business results

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 7/23

 AUDIENCE QUESTION:

What risk are you most concerned

about?

• late delivery

• over budget• unacceptable performance or reliability

• data loss/exposure

• not meeting expected business results

• other

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 8/23

State-of-the-art: “Risk-based threat mapping”

Energy Central. “Identifying Critical Assets for CIP Compliance.” http://www.energycentral.com/utility/site/marketing/pdf/092309_nerc.pdf  

BUT CAN THIS BE REASONABLY ESTIMATED?

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 9/23

You can’t eliminate (all of) it, so how do

you manage risk?

Eliminate some risks if possible

Reduce other risks as you can

Mitigate remaining risks

Prepare for damage or loss

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 10/23

Basic approach to risk management

Assess

Prevention

MitigationResponse

Recovery

Take steps to

eliminate some

sources of risk

Have a plan for

recovering from

damage or loss

Understandand prioritize

types of risks

Reduce vulnerabilities,

reduce impact

Be prepared to respond if

risk is realized

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 11/23

What are some of the means for

mitigating risks?• Reduce vulnerabilities:

 – Working with vendor

 – Training staff – Documenting contractual provisions

• Reduce impact:

 – Develop contingency plans

 –  Increase awareness through education

• Transfer risk to someone else

 – That’s what NET+ is all about!

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 12/23

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 13/23

Discussion:

• Bob Carozzoni, Cloud Strategist, Cornell

• Lynn Johnson, Professor and Assoc Dean,Univ of Michigan Dental School

• Donna Tatro, Assoc CIO, Princeton

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 14/23

Discussion:

• Bob Carozzoni, Cloud Strategist, Cornell

• Lynn Johnson, Professor and Assoc Dean,Univ of Michigan Dental School

• Donna Tatro, Assoc CIO, Princeton

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 15/23

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 16/23

Cloud competence beyond IT 

● audit

● procurement

● legal

● security

● policy

● accessibility

● compliance

● risk mgt. and

insurance

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 17/23

Discussion:

• Bob Carozzoni, Cloud Strategist, Cornell

• Lynn Johnson, Professor and Assoc Dean,Univ of Michigan Dental School

• Donna Tatro, Assoc CIO, Princeton

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 18/23

Discussion:

• Bob Carozzoni, Cloud Strategist, Cornell

• Lynn Johnson, Professor and Assoc Dean,Univ of Michigan Dental School

• Donna Tatro, Assoc CIO, Princeton

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 19/23

Strengths  Weaknesses 

• Institutional knowledge

• Current enterprise backup and

resiliency systems expertise

• Established relationships 

• Slow response to changing

customer needs

• No mobile backup strategy

• Difficult to reduce Restore TimeObjective

 

Opportunities  Threats 

• Re-architect backup services for

workstation/virtual/hybrid (butwould need additional staff

resources) 

• Locally implemented solutions• Increased “costs” and risks 

Keeping workstation backup service

on-premise

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 20/23

Moving workstation backup service to

Internet2 Net+ CrashPlan ProStrengths

 

Weaknesses 

• Internet2 vetting of contract and

service

• Code 42 single focus on backup

and resiliency

• Flexible hybrid model available

• Mobile strategy

• TBD 

Opportunities  Threats 

• More innovation expected from

Internet2 Net+ and Code 42

• Focus on changing customerneeds 

• Unknown “weaknesses”

• Breakdown of Net+ and Code42 business relationship

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 21/23

Q&A:

• Bob Carozzoni, Cloud Strategist, Cornell

• Lynn Johnson, Professor and Assoc Dean,Univ of Michigan Dental School

• Donna Tatro, Assoc CIO, Princeton

• Jerry Grochow, Sr. Advisor, Internet2

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 22/23

How are YOU managing risk of moving

to the cloud?

FOR FURTHER INFORMATION:

www.internet2.edu/netplus

www.internet2.edu/cloud-services

8/11/2019 Managing Risk in Moving to the Cloud: Lessons from the Internet2 NET+ Program (242396550)

http://slidepdf.com/reader/full/managing-risk-in-moving-to-the-cloud-lessons-from-the-internet2-net-program 23/23

Help Us Improve and Grow

Thank you for participating

in today’s session.

We’re very interested in your feedback. Please take

a minute to fill out the session evaluation found within

the conference mobile app, or the online agenda.