1 / 28

Navigating the Cloud

Navigating the Cloud. Through fog or in fair weather?. Johan Bakker MSc CISSP ISSAP ISACA Round-table, 6 th of May, 2013. Every cloud has a silver lining…. Every cloud has a silver lining, but sometimes it is difficult to get it to the mint… Don Marquis. Risk - Loss of governance.

karma
Download Presentation

Navigating the Cloud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Navigating the Cloud Through fog or in fair weather? Johan Bakker MSc CISSP ISSAP ISACA Round-table, 6th of May, 2013

  2. Every cloud has a silver lining… Every cloud has a silver lining, but sometimes it is difficult to get it to the mint… Don Marquis

  3. Risk - Loss of governance If all you have left is a telephone number…to a help desk… • Loss of governance • Vendor Lock-in • Isolation failure • Compliance risk

  4. Vendor lock-in What if you want to move your data (and functionality) to another cloud provider or just back home?

  5. Data location, ownership and access Where is your information stored, who owns it (!) and who will have access to it?

  6. Multi-tenancy & segregation risks With whom are are you sharing your front door and what else may you be sharing?

  7. Availability risk Will you always have access to your cloud service when you need it?

  8. Compliance risk Will you be able to comply with external customer, legal and regulatory requirements?

  9. Catastrophic loss of service • What if the cloud provider can no longer provide its services?

  10. Are you still ready to jump in?

  11. Being ready means… Understanding how cloud fits in your overall business and IT strategy…

  12. Being ready means… Understanding how cloud will impact your processes and the way IT is being used...

  13. Being ready means… Having insight into the value of your business information and your dependency on it… (Fortis-topmanFilipDierckx in De Pers)

  14. Being ready means… Having a clear view on business, governance, legal, contract, security & continuity risks and forthcoming requirements...

  15. Being ready means… Understanding the cloud deployment & service model that suites your needs…

  16. Being ready means… Having a completebusiness case, with accurate usage & license cost as well as all the factors mentioned before…

  17. How to enjoy the ride!

  18. Clear set of requirements Assess your risks and needs and document in detail what it is that you are looking for…

  19. Select deployment & service model Select the service & deployment model that fits your needs, risks and requirements..

  20. Provider(s) selection To whom will you trust your business information to? Make it personal!

  21. Contract negotiations Cloud service contract, SLA and level of assurance

  22. Assurance Trust is good, proof is better; seeing is believing!

  23. Certificates & Frameworks Well-known frameworks to assist you: • ISO 9001 – Quality Management • ISO20000 – IT Service Management (and/or ITILv3) • ISO27001 – Information Security Management • ISO22301 – Business Continuity Management • Data Centre Tier I-IV certificate (Uptime Institute) • Service Organization Control – SOC2 (AICPA) • Cloud Control Matrix – CCM (CSA) • ISO27017/18/36 – ISO Cloud work in progress

  24. Summing up

  25. Through fog or in fair weather? Ad hoc Uncontrolled Penny wise, pound foolish Accept any standard contract Lacking risk awareness In for a shocker?

  26. Through fog or in fair weather? Part of overall IT strategy Clear risks & requirements Selecting the right provider Negotiating a solid contract Obtaining sufficient assurance Less risk than in-house IT?

  27. Contact us @ Tel +31 79 360 4268 Mob+31 6 5498 5507info@unifiedvision.nl www.unifiedvision.nl

More Related