Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Computing – Risk and Rewards

Published byBarrie Barnett Modified over 9 years ago

Similar presentations

Presentation on theme: "Cloud Computing – Risk and Rewards"— Presentation transcript:

1 Cloud Computing – Risk and Rewards
John Lazarine Vice President and Chief Audit Executive Mark Salamasick Director of Center for Internal Auditing For Dallas CPA Society – Convergence 2013 May 8, 2013

2 John Lazarine 25 years of Internal Audit experience
Industry experience: Retail, Financial Services, Oil & Gas, Telecommunications, Aerospace & Defense, Construction and Technology Services Companies: JCPenney, Mobil Oil, Alcatel, Raytheon, Centex and Rackspace *

3 Rackspace Founded in 1998, based in San Antonio
Service leader in Cloud Computing 180,000+ customers, 4,300 employees 8 Data Centers based in the US, UK and HK Key Products: Cloud Hosting, Managed Hosting and & Apps all backed by Fanatical Support. *

4 Mark Salamasick Over 25 years internal audit and consulting experience
Industry experience: Financial Services, Utility, Oil & Gas, Technology, and Education Companies: Central Michigan University, Accenture, Bank of America, and University of Texas at Dallas Published: Most recent book “Auditing Outsourced Functions”

5 University of Texas at Dallas
Founded in 1969, based in Richardson Over 19,000 students and over 6,300 in the business school One of the fastest growing Universities in the US One of the largest graduate Accounting programs with over 850 students Largest Graduate Internal Audit program worldwide New cross discipline cybersecurity concentration

6 Session Overview Learning Objectives:
Cloud computing is changing the way we all look at outsourced technology. This session will help in gaining an understanding and evaluating the rewards that can be gained from the cloud. The reduction of technology costs and immediate availability of technology infrastructure provide alternatives that must be considered. At the same time all cloud based solutions are not the same and your organization must evaluate the risks. Cloud solutions are here to stay and transform the way we do business. Also, come hear the latest guidance provided by COSO in addressing the opportunities, rewards and risk mitigation of doing business in the cloud. Learning Objectives: Understand the opportunities provided by cloud computing. Understand the new risks from cloud computing along with risk mitigation techniques. Learn the right questions to ask when doing business in the Cloud.

7 Cloud Computing… *

8 Dilbert on Cloud Computing

9 What is Cloud? The National Institute of Standards and Technology (NIST) defines cloud computing as a model for enabling “…… convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” *

10 Service Models & Uses Software as a Service (SaaS)
Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Overview Applications over a network Developer platform with built-in services Rent processing, storage, network capacity and other computing resources Level of Customer Control Does not manage or control the underlying Cloud infrastructure, servers, O/S, network, storage or individual application capabilities (with the exception of user configurable settings) Has control over the deployed applications and possibly the application hosting environment configurations Has control over the operating systems, storage and deployed application *

11 Deployment Models & Uses
Description Private Cloud Operated solely for an organization May be managed by the organization or a third party May exist on or off premise Public Cloud Made available to the general public Owned by an organization selling cloud services Hybrid Cloud A composition of two or more clouds (private, public and/or community) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). Community Cloud Shared by several organizations Supports a specific community that has a shared mission or interest May reside on or off premise *

12 ISACA Survey

13

14 Benefits of Cloud Computing
Cost control – Utility model Speed - Immediate provisioning (setting up resources) Focus - Allows company to focus on core competencies Scalability – Ability to dynamically adjust resources according to demand with little to no notice Performance – Utilizing severer load balancing Operational Expertise – Patch management, version updates, data security *

15 Elements of Cloud Computing Value
Elasticity Utility Pricing Virtual Resources Automation Self-Service Third-Party Owners Managed Operations Economic Strategic Elements of Cloud Computing Value Architectural *

16 Cloud Security—Today Provider transparency Data protection
Trust , reliability and viability SLAs Data protection Malicious insiders—social engineering Cloud-specific attacks Account/service hijacking Physical threats

17 Cloud Security—Tomorrow
Globally compatible legislation Cloud compatibility standards Real-time management Identity management Responding to security incidents Bandwidth Pricing

18 Controls Virtual firewalls
Encryption—as close to the source as possible Network access Secure SAN protocols Regular deletion of unused assets Logs and audit trails Compliance requirements SOX and (SSAE 16/SAS70)

19 Public Clouds—Entertainment
Tech and media companies are racing to create Internet-video hit programs on the scale of traditional TV Netflix and Kevin Spacey Hulu and Kiefer Sutherland Yahoo, Sony, AOL, YouTube Consumers are watching more video on Internet TVs and tablet computers

20

21 State of the Cloud Worldwide

22 Attributes of BSA Report Card

23 Right Questions to Ask

24 Risks Disruptive Force Residing in the same risk ecosystem as the CSP
Lack of Transparency Security, Compliance and Data Jurisdiction Reliability, performance, and high-value cyber-attack target Risk of data leakage IT organizational changes Potential vendor lock-in Cloud service provider viability

25 Cloud Computing Board Oversight Questions?
Who in management is responsible for understanding and management the business risks associated with cloud computing? What are competitors doing with cloud solutions? Are cloud computing initiatives aligned with the organization’s risk appetite? Does management have the skills required to understand the complexities associated with cloud computing? How is management mitigating organizational risks resulting from reliance on the activities of a third-party cloud service provider?

26 Cloud Computing Management Questions?
What is management’s stand on outsourcing functions? Does the organization anticipate rapid growth that might require using cloud solutions? Is the organization in a mature market that might require using cloud computing to save costs to remain competitive? How should the organization prepare for cloud computing? Who should be involved in the evaluation process, and who makes the decision? How can the organization manage its risks adequately while operating in a business environment with cloud computing? *

27 Other Considerations Cloud solution pricing predictability
Captive renter Involvement of representatives across the organization Clear definitions of responsibilities and required interactions between the organization and the CSP Evaluation of business continuity requirements Ultimate legal responsibility and liability Relinquishment of direct control of specific technology areas

28 Key Tasks in the Road to the Cloud
Assessing the Cloud Strategy Evaluating Cloud Providers Moving to the Cloud Monitoring the Provider *

29 Conclusions Many benefits to utilizing Cloud technologies
Management should have a strategy for adopting Cloud technologies Establish processes for periodically evaluating and monitoring risks Management should ensure costs and benefits are reviewed for long term Internal Audit and Finance should partner with management to help ensure the objectives of utilizing the Cloud is met *

30 QUESTIONS

31 Contact Information: John Lazarine Rackspace Hosting (210) Contact Information: Mark Salamasick Jindal School of Management The University of Texas at Dallas (972)

32 Informational Sources
COSO Enterprise Risk Management for Cloud Computing Global Technology Guide 18 Cloud Computing from IIA International Cloud Security Alliance (CSA) Cloud Controls Matrix Consensus Assessments Initiative Questionnaire CloudAudit.org Isaca.org cloud computing European Network and Information Security Agency (ENISA) Cloud Computing: Information Assurance Framework NIST

Download ppt "Cloud Computing – Risk and Rewards"

Similar presentations

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the.

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
Cloud Computing NSAA Tallahassee September 2010 Brian Rue

Cloud Computing NSAA Tallahassee September 2010 Brian Rue
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
Introduction to Cloud Computing and Secure Cloud Computing

Introduction to Cloud Computing and Secure Cloud Computing
What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.

What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.
Cloud Computing – Risk and Rewards Mark Salamasick Director of Center for Internal Auditing For Austin Chapter of the IIA April 14, 2015.

Cloud Computing – Risk and Rewards Mark Salamasick Director of Center for Internal Auditing For Austin Chapter of the IIA April 14, 2015.
Cloud Usability Framework

Cloud Usability Framework
Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Wally Kowal, President and Founder Canadian Cloud Computing Inc.
Cloud Computing Guide & Handbook SAI USA Madhav Panwar.

Cloud Computing Guide & Handbook SAI USA Madhav Panwar.
SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.

SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.
Oyinkan Adedun Adeleye Caitlyn Carney Tyler Nguyen.

Oyinkan Adedun Adeleye Caitlyn Carney Tyler Nguyen.
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Duncan Fraiser, Adam Gambrell, Lisa Schalk, Emily Williams

Duncan Fraiser, Adam Gambrell, Lisa Schalk, Emily Williams
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Discussion on LI for Mobile Clouds

Discussion on LI for Mobile Clouds
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

Similar presentations

Ads by Google