1 / 21

Cloud Services Measurement, Audit – and Standards

Martin Kuppinger Founder and Principal Analyst, KuppingerCole mk@kuppingercole.com. Cloud Services Measurement, Audit – and Standards. Abstract.

giza
Download Presentation

Cloud Services Measurement, Audit – and Standards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Martin KuppingerFounder and Principal Analyst, KuppingerCole mk@kuppingercole.com Cloud ServicesMeasurement, Audit – and Standards

  2. Abstract • Cloud computing provides an opportunity for organizations to optimize the procurement of IT services from both internal and external suppliers However - many organizations are sleepwalking into the Cloud. Moving to the cloud may outsource the provision of the IT service, but it does not outsource responsibility. This session will look at the issues that may be forgotten or ignored when adopting the cloud computing. These include: • Ensuring legal and regulatory compliance • Assuring data security • Ensuring business continuity • Avoiding lock in

  3. Agenda • The Seven Deadly sins • The Ten Cloud commandments • Summary

  4. Seven Deadly Sins

  5. Seven Capital Vices • Used by the Christian church to teach the origin of sin. • Wrath • Greed • Sloth • Pride • Lust • Envy • Gluttony

  6. Cloud Computing Seven Deadly Sins • Sloth • Not knowing you are using the Cloud • Not assuring legal and regulatory compliance • Not knowing what data is in the cloud • Not managing identity and access to the cloud • Not managing business continuity and the cloud • Becoming Locked-in to one provider. • Not managing your Cloud provider.

  7. Ten Commandments of Cloud Computing

  8. Summary • To Avoid the Seven Deadly Sins of Cloud follow the ten commandments: • Know that you are using the Cloud • Use Good Governance for the Cloud and other IT Services • Choose the right kind of Cloud • Assure Compliance • Assure Information Security • Manage Identity and Access • Assure privilege management • Include the Cloud in your Business Continuity Plan • Avoid Lock-in • Manage the Cloud Service Provider

  9. #2 Use Good Governance for the Cloud as well as other IT Services

  10. Cloud Governance

  11. #10 Manage the Cloud Service Provider

  12. Legal Risk - Contract • In General - Outsourcing Contracts are negotiated SLAs • Cloud Provider Contracts are • Largely “take it or leave it” • May have less onerous obligations on provider • Almost total exclusion of liability Legal Considerations Cloud computing contracts, Kristof de Vulder, DLA Piper LLP http://www.isaca.org/Groups/Professional-English/cloud-computing/GroupDocuments/DLA_Cloudcomputing%20legal%20considerations.pdf

  13. Cloud Service Delivery Management ISO 27001 Control 10.2 • Check the implementation of agreements, monitor compliance and manage changes to ensure that the services delivered meet all requirements agreed with the third party.

  14. What’s out there? • Cloud Security Alliance „Cloud Controls Matrix“ • Approach toenhance Internal Controls Frameworks toCloud Services • ISO 27001 • Independent ofdeploymentmodel, worksforCloud Services aswell • Data ProtectionRequirement Analysis („Schutzbedarfsanalyse“ – BSI approach) • Focus on informationassetswhichhavetobeprotected • Can beenhancedforcloud • Carnegie Mellon SMI • Cloud Service Measurement Initiative Consortium • Set of KPIs formeasuringcloudservices • NIST • Just published a definitionof „Cloud“ • Who else? • …

  15. Cloud Security Alliance: CCM

  16. ISO 27001 http://img.docstoccdn.com/thumb/orig/2108612.png

  17. What you need • Selection • Quick, prepared, comprehensive, focused, risk-aware • Short list of questions • Internal Controls • Less time-sensitive, probes, prepared, limited, risk-aware • Comprehensive control frameworks

  18. Vorgehensmodell und Voraussetzungen

  19. Systems Systems Services Services Traditional (System Governance) Advanced (Information Governance) Cloudbasics (Information and Service Governance) Cloudready (FullGovernance) Service Governance ProcessGovernance Information Governance

  20. Questions?

More Related