Cloud Computing -

Cloud Computing -

Cloud Computing Oyinkan Adedun Adeleye Caitlyn Carney Tyler Nguyen Definition What is the Cloud? On-demand service model for IT provision, often based on virtualization and distributed computing technologies.

Applications and data stored and maintained on shared machines in a web-based environment Can include web-based applications, web-hosted services, centralized data centers and server farms, and platforms for running and developing applications. Key Terms: Cloud Service Provider (CSP)

Multi-tenancy Overview Cloud Deployment Models: Private Community Public Hybrid

Cloud Service Delivery Models: Software as a service (SaaS) Platform as a service (PaaS) Infrastructure as service (IaaS) Benefits of Cloud Computing Decreased capital costs Decreased IT operating costs No hardware or software installation or maintenance Scalability & Flexibility Speed of Deployment Specialized/Highly abstracted resources

Environmental Considerations Risk Relationship with Cloud Models Cloud Computing Risks Lack of Total Control Reliability/System availability Netflix experienced a total outage for two days Christmas eve and Christmas Day Cloud Provide, Amazon had a service outage Lack of Transparency Cloud Computing Risks

Non-Compliance (Regulatory, Disclosure) Getting stuck with a provider; Proprietary code Data Security Cloud service provider viability Most providers are young companies Longevity and profitability is questionable Cloud Computing Controls Risk Controls Loss of IT Governance Management oversight and operations monitoring

controls Lack of Transparency Assessments of CSP control environment: Control related inquiries in RFP Right to audit clause in SLA Interviews with CSP to determine how certain risk events would be addressed Require internal audit evaluation or independent audit reports (i.e. SOC 2) Unauthorized Cloud Activity Cloud Policies & Controls: Cloud usage policy

List of approved cloud vendors CSP relationship management Cloud Computing Controls Risk Controls Security, Noncompliance, Data Leakage Data Classification Policies: Defining purpose and ownership of different types of organizational data Mapping legal, regulatory, IP, and security requirements to various types of data Determining sensitivity (public, restricted, highly sensitive) Determining requirements for data transmission (i.e

encryption methods) Non compliance with regulations: Monitoring of external environment Non compliance with disclosure requirements: New disclosures in financial reporting Cloud Computing Controls Risk Controls Reliability & Performance, System Availability

High Value CyberAttack Target Vendor lock-in and lack of application portability or inoperability Incident management controls

Disaster Recovery/BCP controls Processes to monitor system availability Automated tools to provide resources on demand for cloud solution from another service provider Review SLAs to ensure CSP will provide adequate response in event of system failure Incident management controls Host only nonessential and non-sensitive data on third party CSP solutions Deploy encryption over data hosted on cloud solutions Have a defined fail-over strategy Prepare an exit strategy/contingency plan for overall cloud strategy Conclusion Cloud computing is a widely used and growing technology. Gartner predicts it will be a $140

billion industry by 2014. Many cloud-based solutions are available in todays market, each with unique risks. It is essential that organizations effectively manage the key risks associated with their specific cloud infrastructure in order to fully take advantage of opportunities presented by the cloud. Cloud Services Market by Segment Sources http :// ught%20Paper.pdf

https :// e/publications/cloud-computing-benefits-risks-and-recom mendations-for-information-security https:// df artner-predicts-infrastructure-services-will-accelerate-clo ud-computing-growth

Recently Viewed Presentations

  • Statement on Standards for Forensic Services (SSFS No.

    Statement on Standards for Forensic Services (SSFS No.

    - "a matter that is not a litigation but which may involve using the same skills and the services are performed in response to specific concerns of wrong doing in which the member is engaged to perform procedures to collect,...
  • In partnership with Background  Legislated by Act 166

    In partnership with Background Legislated by Act 166

    Thank you for joining us today for the overview of the Teacher Performance Evaluation System or TPES for short. As you can see from the logo, it is based on the Stronge Evaluation System. This model is based on the...
  • Webinar Two: Inquiry Into Practice: Appraisal of Principals

    Webinar Two: Inquiry Into Practice: Appraisal of Principals

    Ref: Helen Timperley, Linda Kaser and Judy Halbert. Setting my Performance Goal and my Inquiry Focus. Appraisal conversations: Progress and next steps. What is the data/ information now showing? Evidence here will benefit my learners as next steps . What...
  • Chapter 23

    Chapter 23

    Chapter 23 Section 1 Recap. 6) What type of mirror is depicted in Figure 3? 7) List 3 characteristics of an image formed by a convex mirror. 8) List 2 types of lenses. 9) From Figure 4, when light passes...
  • cs412slides - Computer Science

    cs412slides - Computer Science

    Data Mining for Data Streams Mining Data Streams What is stream data? Why Stream Data Systems? Stream data management systems: Issues and solutions Stream data cube and multidimensional OLAP analysis Stream frequent pattern analysis Stream classification Stream cluster analysis Sketching...
  • $100 $100 $100 $100 $200 $200 $200 $200

    $100 $100 $100 $100 $200 $200 $200 $200

    Why is water considered polar? One side is (-), One side is (+) Even distribution of charges It has a north & south pole It has a negative and positive side A chemical reaction in which polypeptides are broken down...


    The priority areas are within all four regions i.e. Dr RSM, NMM, Bojanala and Dr KK. The projects are various stages of implementation i.e. Procurement and Construction. The breakdown of projects per region are as follows: ... KPA: INTERVENTION CONT…..
  • Topics covered here… -

    Topics covered here… -

    Pointers and Arrays. The name of an array is the address of the first element (i.e., a pointer to the first element in the array) The array name is a