25
Cloud Computing – Benefits and Risks President, ISACA China Hong Kong Michael Yung

Cloud Computing - Benefits and Risks

Embed Size (px)

DESCRIPTION

Recent economic pressures have resulted in increased requirements for the availability, scalability and efficiency of enterprise IT solutions. Many parties claim that “cloud computing” can help enterprises meet the increased requirements of lower TCO, higher ROI, increased efficiency, dynamic provisioning and utility-like services.However, many IT professionals are citing the increased risks associated with trusting information assets to the cloud as something that must be clearly understood and managed by relevant stakeholders. This presentation examines the potential business benefits, risks and assurance considerations.

Citation preview

Page 1: Cloud Computing - Benefits and Risks

Cloud Computing – Benefits and Risks

President, ISACA China Hong KongMichael Yung

Page 2: Cloud Computing - Benefits and Risks

Page 2

Evolution – Mainframe Computer

Page 3: Cloud Computing - Benefits and Risks

Page 3

Evolution – Mini Computer, PCs and Internet

Page 4: Cloud Computing - Benefits and Risks

Page 4

Evolution - Cloud Computing

Page 5: Cloud Computing - Benefits and Risks

Page 5

Next 25 Minutes

Pain Points Benefits Risks

Page 6: Cloud Computing - Benefits and Risks

Page 6

Infrastructure Cost and Service Delivery

Pain Points

Page 7: Cloud Computing - Benefits and Risks

Page 7

Pain Points

Keep It Running vs. Implement New Things

Page 8: Cloud Computing - Benefits and Risks

Page 8

Pain Points

We Are Too Slow

Page 9: Cloud Computing - Benefits and Risks

Page 9

Pain Points

Right Sizing

Page 10: Cloud Computing - Benefits and Risks

Page 10

Pain Points

Page 11: Cloud Computing - Benefits and Risks

Page 11

Cloud Computing

Benefits

Page 12: Cloud Computing - Benefits and Risks

Page 12

Cloud Computing Market

47

60

77

99

128

0

20

40

60

80

100

120

140

2008 2009 2010 2011 2012

Market size (US$ Billion)

84% Saving

on H/W,

labour,

power

84% Saving

on H/W,

labour,

power

Estimation by IBM, 2009

Page 13: Cloud Computing - Benefits and Risks

Page 13

IT and Business Benefits

Highly abstracted H/W, S/W resources for pooling

Near instant scalability, provisioning

‘Service On demand’

A ‘Pay as you go’ billing system

1

2

3

4

Page 14: Cloud Computing - Benefits and Risks

Page 14

Business Benefits

We are finally in sync with business

Page 15: Cloud Computing - Benefits and Risks

Page 15

Cloud Computing

What Are the Risks ?

Page 16: Cloud Computing - Benefits and Risks

Page 16

System Type Scalability Availability Security Cloud Type

Information site Medium Medium Low Public /Hybrid

External Collaboration Medium Medium Medium Public /Hybrid

Public research / survey Low Medium Medium Public /Hybrid

Internal R&D Low Low Medium Public /Hybrid

Disaster Recovery Medium Medium Medium Public /Hybrid

Application Test and QA Low Medium Medium Private

Application Development Low Medium Medium Private

Production Applications High High Medium No

Mission Critical Applications High High High No

Applicability for Cloud Computing

Source: Federal Reserve System, USA

Page 17: Cloud Computing - Benefits and Risks

Page 17

Risks and Security Concerns

Vendor Lock In

Poor SLA

3rd Party access to Data

Poor DR Plan

Few tools, procedures or standard formats available for data and service portability

Service level affects confidentiality and availability

The needs to protect the intellectual property, trade secrets; and complied to regulations and laws in different geographical regions

Business continuity and disaster recovery plans must be well documented and tested

Service and contractual risks

Page 18: Cloud Computing - Benefits and Risks

Page 18

Risks and Security Concerns

Integration / Bandwidth

Encryption and Key Mgnt

Testing and Monitoring

Resource Allocation

How to integrate the in-house systems to the Cloud ? High speed bandwidth ready ?

Speedy encryption / decryption; Key management

Provider may not allow you to do thorough PEN test, audit; Are there good monitoring tools available ?

Overbooking, underbooking; Handling of DOS attack; Payment cap

Technology risks

Page 19: Cloud Computing - Benefits and Risks

Page 19

Cloud Computing

Addressing the Risks

Page 20: Cloud Computing - Benefits and Risks

Page 20

Addressing the Risks

Service Level Agreement to address Handling, usage, storage, availability of data Business continuity and disaster recovery objectives Right to audit

Reassess your IT Governance framework Meeting performance objectives Technology provisioning is aligned to business Risks are managed

Inventory of Information Assets Classified, labeled

Page 21: Cloud Computing - Benefits and Risks

Page 21

Assurance Considerations

Must demonstrate existence of effective

and robust security controls

Must prove that privacy controls are in place and

able to prevent, detect and react to breaches

Independent assurance from third-party audits and service auditor reports

Ensure the compliance of various countries' laws, but at the same time able to access your own data when needed

Page 22: Cloud Computing - Benefits and Risks

Page 22

Take Away Messages

1. Many benefits - reduce costs, greater agility

2. Need to assess business impact and risks

3. Address the risk with legal, security and assurance professionals

Page 23: Cloud Computing - Benefits and Risks

Page 23

Resources

Page 24: Cloud Computing - Benefits and Risks

Page 24

Questions ?

www.isaca.org

www.isaca.org.hk

[email protected]

[email protected]

Page 25: Cloud Computing - Benefits and Risks

End of Presentation

Page 25