Presentation is loading. Please wait.

Presentation is loading. Please wait.

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner.

Similar presentations


Presentation on theme: "This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner."— Presentation transcript:

1 This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorised recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. Consulting for Cloud: Gartner Security & Risk Management — Fast Track Cloud Security Review Gartner G-Cloud Service Definition For further information on Gartner support for Cloud initiatives visit: http://www.gartner.com/technology/research/cloud-computing/services.jsp

2 © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. 1 ■Interview schedule and minutes for a maximum of 10 interviews over three calendar days with key stakeholders to identify drivers and assess proposed workloads and existing Security governance, programs and technologies. ■Provide an initial draft report with an Executive Summary describing key findings, risks and gaps. ■Delivery of a one day workshop to validate the findings of the initial report. ■Final report including gaps, findings, risks and actionable recommendations (PowerPoint Format). Key Benefits The Fast Track Cloud Security Assessment provides: ■Client security teams to be able to rapidly assess threats and deploy appropriate controls to make sound decisions and mitigate risks. ■Clients will be able to exploit Gartner research, benchmark materials and our Security Reference Architecture in order to inform and accelerate architectural and programme design. ■Reduce risks to the business by remediating gaps in the security business and functional landscape. ■Enable security teams to reduce the time to perform security assessments on workloads that are being considered for outsourcing to cloud based services. Price ■Gartner will charge a firm fixed price of £56,169 excl. VAT, incl. all expenses for this service. Gartner Service Definition — Fast Track Cloud Security Review Service Description Gartner will provide a High Level assessment of an organisation’s Security and Risk Management Governance, Processes and Technologies related to outsourcing your ‘business’ processes to cloud solutions or services. It includes the measurement and prioritisation of gaps, risks and high level recommendations. This methodology is designed for a security team to assess the suitability and attendant risks and controls of outsourcing a business processes, functions or workloads into a cloud based service. This will be achieved through: ■An assessment of the expectations the organisation has regarding application manageability, security, performance, reliability and risk management in the cloud. ■Communication of security programme findings, risks and any gaps specifically as related to the proposed customer workloads to move workloads (or not) to the cloud. ■The development of high level actionable recommendations for this environment, including: –Governance, –Data protection –Identity and access control –Federation to reduce the overall risk to the business Key Deliverables Fast Track Cloud Security Assessment that provides: ■Kick-off meeting to set requirements, expectations, scope and schedule.

3 © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. 2 Gartner Service Definition — Fast Track Cloud Security Review Project Schedule ■Gartner anticipates completion of this engagement within four weeks. Client Project Team Roles ■Project Sponsor ■Project Manager ■Key stakeholders, technical and business Project Benefits The client’s security team will be able to: ■Rapidly assess risk and deploy appropriate controls to make sound decisions and mitigate risks. ■Reduce the time to perform security assessments on workloads that are being considered to be outsourced to the cloud. Gartner Project Team Roles Project Approach ■Week 0: Initiation & Plan Rapid Cloud Security Assessment ■Review project team structure and overall status and schedule team review sessions. ■Week 1 to 2: Conduct Rapid Cloud Security Assessment ■Request and provide deliverables to be reviewed. ■Conduct interviews with key stakeholders, review appropriate deliverables and capture findings. ■Week 3: Develop Cloud Security Assessment report ■Develop an initial draft of Report with an Executive Summary describing key findings, risks and gaps. ■Delivery of a Workshop to validate report findings. ■Week 4: Finalise and Present Cloud Security Assessment report ■Final Report including Gaps, Findings, Risks and actionable Recommendations (PowerPoint Format). ■Present report to key stakeholders. Staff Day rate (as per rate card) Head count Duration Director Per SFIA level 6 1 2 Associate Director Per SFIA level 4/5 1 9 Senior Consultant Per SFIA level 3 1 16 Consultant Per SFIA level 2 1 10

4 © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. 3 Gartner Service Definition — Fast Track Cloud Security Review Changes to Scope ■The scope of the engagement is defined herein. All client requests for changes must be set forth and explained in writing. As soon as practicable, Gartner shall advise of the cost/schedule implications of requested changes and any other necessary details to allow both parties to decide whether to proceed with the requested changes. The parties shall agree in writing upon any requested changes prior to Gartner commencing work. ■As used herein, “changes” are defined as work activities or work products not originally planned for or specifically defined by this service definition. Assumptions ■The client will designate a project manager as primary point of contact who will work closely with Gartner as needed and will: (a) approve priorities/task plans/schedules; (b) facilitate scheduling of interviews with personnel; (c) notify Gartner in writing of project issues and assist in their resolution. ■Client will review and approve documents within five business days. If no formal approval/rejection is received within that time, the deliverable is considered accepted. ■Client personnel will be made available per the schedule agreed in the kickoff meeting. ■The due diligence (as ‑ is) data are reasonably available via interviews and documentation review. ■Client provides timely access to personnel to be interviewed. These personnel will be able to answer questions, provide documentation and attend sessions. ■Project pricing assumes that Gartner will conduct 10 interviews and 1 workshops (1 days) over a period of 10 days and that the client will arrange all sessions with the client’s personnel. ■All data collection/interviews/workshops will take place via phone or in person as agreed at the project kickoff. ■With the exception of meetings and workshops, Gartner work will be performed at Gartner locations. ■Offices, phones, printing/copying and Internet access will be available to Gartner at client locations. ■Gartner will use Microsoft Office for the production of any engagement documentation ■Any requests for additional information and/or deliverables(beyond the details described in this service definition) that are made will be considered a change in scope and will be handled accordingly (see Changes to Scope). This does not apply to clarification questions.

5 © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. 4 Gartner Service Definition — Fast Track Cloud Security Review Backup Restore and Disaster Recovery ■The Gartner service under discussion does not require Gartner to manage or store any critical client data. Therefore, as there is no risk to the client and no break in service that will affect the client experience, there is no applicable policy needed in relation to this specific issue. Information Assurance ■Gartner possesses analysts and consultants with various security clearances, or we will, within reason, acquire those clearances as the client demands. ■Gartner associates are bound by very specific rules around client confidentiality and security given that our clients reveal to us their greatest challenges and difficulties in order that we can help and support them most effectively. Data Restoration ■No client data is retained by Gartner as part of the client’s access to this service and therefore there is no data restoration process related to this service. Service Migration ■There is no need for a Service Migration plan given the nature of the service under discussion. The client is able to complete and conclude the service without any ongoing process being required for transfer of service or information to an alternative provider or successor. At the conclusion of the service described all deliverables and any supporting information is handed over to the client.

6 © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. 5 Gartner Service Definition — Fast Track Cloud Security Review Offboarding ■Gartner does not offer offboarding services, however, Gartner will close down the engagement, upon conclusion, ensuring all necessary skills and information are transferred appropriately and in a timely manner to the client. Onboarding ■Gartner does not offer onboarding services, however, Gartner will hold a kickoff meeting with the client to ensure understanding of the engagement objectives, scope, schedule, and milestones, roles, responsibilities and required resources for Gartner and the client. Gartner will also discuss anticipated risks and mitigation plans, based on lessons learned from past experience. Gartner will gather any relevant background material from the client.

7 © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. 6 Gartner Service Definition — Fast Track Cloud Security Review Ordering and Invoicing Process ■Gartner will bill for 100% of the professional fees at contract signing. ■All invoices are payable net 30 days from date of invoice. While Gartner does not itemise billing for professional services, Gartner agrees and will comply with any reasonable requests for records substantiating our invoices. Pricing ■Gartner will charge a firm fixed price of £56,169 excl. VAT, incl. all expenses for this service. Financial Recompense Model ■In the event that a Service does not meet the specifications set out in the applicable Service Description, the breach will be handled in accordance with the Liability and Termination terms set out in the Call-Off Agreement. Termination Terms (by Consumer / by the Supplier) ■Services may be terminated without cause by the Customer on at least thirty (30) Working Days’ notice.

8 © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. 7 Gartner Service Definition — Fast Track Cloud Security Review Service Management ■This is not applicable to this service. The service will be managed as described under the Statement of Work component of this Service Definition. Service Constraints ■This is not applicable to this service. Service Levels ■This is not applicable to this service.

9 © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. 8 Gartner Service Definition — Fast Track Cloud Security Review Trial Service ■Gartner does not offer a trial service option in relation to this service. Training ■Gartner will provide Cloud Security Strategy and general project management coaching to the client's cloud transformation project manager. Consumer Responsibilities ■Provision of the necessary resources, systems and documentation for review ■Responsible for managing logistics on client’s site for the duration of the engagement ■Assign a client Project Manager to work as a single point contact between the Gartner team and the client ■Identify the right people for the interviews/ workshops, schedule and communicate the intent of the engagement ■Provide facilities for workshops and Gartner Work Space ■Collate and send all relevant data prior to the meeting ■Ensure attendance at kickoff meeting and any subsequent interviews and meetings by Project Sponsor, Project Manager and other key stakeholders, as determined prior, during and post kickoff Technical Requirements ■Gartner will require access to: ■Any information requested (some may be potentially sensitive) regarding the cloud transformation project electronically and /or in paper format ■Organizations overall IT Security infrastructure and key applications information electronically and/or in paper format


Download ppt "This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner."

Similar presentations


Ads by Google