1 / 37

Cloud Computing: Implementation Challenges

Cloud Computing: Implementation Challenges. Marco Ramos KPMG marcoramos@kpmg.com 787-367-9057. Stay-or-go: In-House vs. The Cloud. Power consumption Data Center Management Storage Management Ensuring availability Redundancy = $$$$$ x 2 Virtualization Carbon footprint.

boris
Download Presentation

Cloud Computing: Implementation Challenges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Computing: Implementation Challenges Marco Ramos KPMG marcoramos@kpmg.com 787-367-9057

  2. Stay-or-go: In-House vs. The Cloud • Power consumption • Data Center Management • Storage Management • Ensuring availability • Redundancy = $$$$$ x 2 • Virtualization • Carbon footprint

  3. Service Organizations vs. The Cloud

  4. Approaches

  5. Implementation Challenges • Cultural resistance (IT!) • SLAs • Ownership of data • What happens at the end of the contract? • What information The Cloud provider returns, on what format and if it is readable • Performance • (response time) • Hardware decommissioning • Data Privacy • Security • CAPEX vs. OPEX (fixed costs vs. variable costs) • Tax-related issues • Regulatory ambiguity • Cross-country: transfer of data across borders • Reliability and availability • Transition and execution risks • Limited scope for customization

  6. More Challenges… • Limited IT Budget: initial set-up & upgrades • Scalability of systems: manage peak demands investing in additional hardware & software under utilized in non-peak loads. • Larger time setting up IT infrastructure • Need for mobility

  7. Larger benefits toindustry and market segments • Government • Healthcare • Education • SME/PyMes – competitive edge to reach IT resources of global companies: affordable, reliable, and flexible computing solutions, enabling them to compete more effectively with larger organizations

  8. Cross-country Cloud:Data transfer across borders • Is the Cloud provider ensuring where data is hosted? i.e. Data Centers in Chicago, LA & NY or India, China, and Mexico? • Canada’s Patriot Act does not allow IT projects to use US-based hosting environments • Germany and UK have regulations related to email

  9. Cloud DOES NOT MEANDissolve IT staff!!! The Company still needs: • Technical support • Network, provisioning, and user certification • Increased bandwidth • Training and On-boarding

  10. Cloud Strategy • Sponsored by the CIO • Shift focus from configuration, implementation, and maintenance of in-house applications to implementing strategy and meeting business needs • It is a strategic business decision rather than a purely technology decision

  11. Green Computing: Green IT Axel E. Robert Company email@email.com 787-XXX-XXXX

  12. Placeholder • PLACEHOLDER

  13. Cloud Computing: Security Challenges Rory Rivera, PE, MSEE, MSM Deep Logistics email@email.com

  14. Security is the Major Issue

  15. Analyzing Cloud Security • Some key issues: • trust, multi-tenancy, encryption, compliance • Clouds are massively complex systems can be reduced to simple primitives that are replicated thousands of times and common functional units • Cloud security is a tractable problem • There are both advantages and challenges Former Intel CEO, Andy Grove: “only the paranoid survive”

  16. General Security Challenges • Trusting vendor’s security model • Customer inability to respond to audit findings • Obtaining support for investigations • Indirect administrator accountability • Proprietary implementations can’t be examined • Loss of physical control

  17. Security Relevant Cloud Components • Cloud Provisioning Services • Cloud Data Storage Services • Cloud Processing Infrastructure • Cloud Support Services • Cloud Network and Perimeter Security • Elastic Elements: Storage, Processing, and Virtual Networks

  18. Cloud Network and Perimeter Security • Advantages • Distributed denial of service protection • VLAN capabilities • Perimeter security (IDS, firewall, authentication) • Challenges • Virtual zoning with application mobility

  19. Security and Data Privacy Across IaaS, PaaS, SaaS Many existing standards Identity and Access Management (IAM) IdM federation (SAML, WS-Federation, Liberty ID-FF) Strong authentication standards (HOTP, OCRA, TOTP) Entitlement management (XACML) Data Encryption (at-rest, in-flight), Key Management PKI, PKCS, KEYPROV (CT-KIP, DSKPP), EKMI Records and Information Management (ISO 15489) E-discovery (EDRM)

  20. Cloud Security Challenges Part 1 • Data dispersal and international privacy laws • EU Data Protection Directive and U.S. Safe Harbor program • Exposure of data to foreign government and data subpoenas • Data retention issues • Need for isolation management • Multi-tenancy • Logging challenges • Data ownership issues • Quality of service guarantees

  21. Cloud Security Challenges Part 2 • Dependence on secure hypervisors • Attraction to hackers (high value target) • Security of virtual OSs in the cloud • Possibility for massive outages • Encryption needs for cloud computing • Encrypting access to the cloud resource control interface • Encrypting administrative access to OS instances • Encrypting access to applications • Encrypting application data at rest • Public cloud vs internal cloud security • Lack of public SaaS version control

  22. Additional Issues • Issues with moving PII and sensitive data to the cloud • Privacy impact assessments • Using SLAs to obtain cloud security • Suggested requirements for cloud SLAs • Issues with cloud forensics • Contingency planning and disaster recovery for cloud implementations • Handling compliance • FISMA • HIPAA • SOX • PCI • SAS 70 Audits

  23. Cloud Migration and Cloud Security Architectures • Clouds typically have a single security architecture but have many customers with different demands • Clouds should attempt to provide configurable security mechanisms • Organizations have more control over the security architecture of private clouds followed by community and then public • This doesn’t say anything about actual security • Higher sensitivity data is likely to be processed on clouds where organizations have control over the security model

  24. Putting it Together • Most clouds will require very strong security controls • All models of cloud may be used for differing tradeoffs between threat exposure and efficiency • There is no one “cloud”. There are many models and architectures. • How does one choose?

  25. Cloud Computing: Audit Challenges John R. Robles John R. Robles and Associates www.johnrrobles.com jrobles@coqui.net 787-647-3961

  26. Cloud Computing: Audit Challenges • Must • Audit, • Review, and • Report on the Internal Controls System surrounding the implementation and operations of Cloud Technology • You must have an ICS, so lets determine if it is effective and efficient (effective & efficient internal controls)

  27. Cloud Computing: Audit Challenges So youwant to go to the Cloud or are alreadythere? Then • Howdidyouidentifytheassetsselectedforclouddeployment • Did you evaluate risks related to those assets? • For each asset, did you analyze risks to organization if: • Assets became widely public and widely distributed? • Employees of our cloud provider accessed the assets? • Cloud processes or functions were manipulated by an outsider? • Cloud processes or functions failed to provide expected results? • Information/data were unexpectedly changed? • Asset were unavailable for a period of time?

  28. Cloud Challenges: Audit Challenges • How did you map assets to potential cloud deployment models • Public • Private, internal/on-premises • Private, external (includingdedicatedorsharedinfrastructure) • Community; takingintoaccountthehostinglocation, potentialserviceprovider, and identification of othercommunitymembers • Hybrid. To effectivelyevaluate a potentialhybriddeployment, youmusthave in mind at least a rough architecture of wherecomponents, functions, and data will reside • Did you evaluate relevant potential cloud service models and providers • Did you documentation the potential data flow

  29. Internal Control Framework • Review internal control framework • Control Environment (set up by BOD & management) • Organization's risk appetite • Risk Assessments • Control Activities • Information and Communications Management Systems • Operations Monitoring

  30. Cloud Computing – Maturity Model

  31. Cloud Computing – Maturity Model

  32. Cloud Computing – Maturity Model

  33. Cloud Computing – Maturity Model

  34. Cloud Computing – Maturity Model

  35. Cloud Computing – Maturity Model

  36. Cloud Computing: Now What? • During the year, PRCCUG will: • Have periodic meetings to discuss these challenges • Discuss solutions • Present solutions from 1st Level vendors • Provide networking among professionals interested in Cloud Computing

  37. Cloud Computing: Now What? • Join us and the Puerto Rico Cloud Computing and Green Computing User Group. Questions and Answers!!

More Related