Navigating the Cloud

lovingbangInternet και Εφαρμογές Web

3 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

61 εμφανίσεις

Navigating the Cloud

Through fog or in fair weather?

Johan Bakker MSc CISSP ISSAP

ISACA Round
-
table, 6
th

of May, 2013

Unified Vision @ ISACA

Every cloud has a silver lining…

6th of May, 2013

Every cloud has

a silver lining,
but sometimes it
is difficult to get
it to the mint…


Don Marquis

Unified Vision @ ISACA

6th of May, 2013




Loss of governance


Vendor Lock
-
in


Isolation failure


Compliance risk




Risk
-

Loss of governance

If all you have left
is a telephone
number…to a

help desk…

Unified Vision @ ISACA

6th of May, 2013

Vendor lock
-
in

What if you want
to move your data
(and functionality)
to another cloud
provider or just
back home?

Unified Vision @ ISACA

6th of May, 2013

Data location, ownership and access

Where is
your
information
stored, who
owns it (!) and
who will have
access to it?

Unified Vision @ ISACA

Multi
-
tenancy & segregation risks

6th of May, 2013

With whom are
are
you sharing
your front door
and what else
may you be
sharing?

Unified Vision @ ISACA

6th of May, 2013

Availability risk

Will you always
have access to
your cloud
service when
you need it?

Unified Vision @ ISACA

6th of May, 2013

Compliance risk

Will you be
able to comply
with external
customer, legal
and regulatory
requirements?

Unified Vision @ ISACA

Catastrophic loss of service

6th of May, 2013

What if the
cloud provider
can no longer
provide its
services?

Unified Vision @ ISACA

Are you
still ready to jump in?

6th of May, 2013

Unified Vision @ ISACA

Being ready means…

6th of May, 2013

Understanding how
cloud fits in your
overall business

and IT strategy…

Unified Vision @ ISACA

Being ready means…

6th of May, 2013

Understanding
how cloud will
impact your
processes and
the
w
ay IT is
being used...

Unified Vision @ ISACA

Being ready means…




6th of May, 2013

Having insight into the
value of your business
information and your
dependency on it…

(Fortis
-
topman

Filip

Dierckx

in De
Pers
)


Unified Vision @ ISACA

Being ready means…

6th of May, 2013

Having a clear view
on business,

governance, legal,
contract, security
& continuity risks
and forthcoming
requirements...

Unified Vision @ ISACA

Being ready means…

6th of May, 2013

Understanding the
c
loud deployment
& service model
that suites your
needs…

Unified Vision @ ISACA

Being ready means…

6th of May, 2013

Having a
complete

business case, with
accurate usage &
license cost as well
as all the factors
mentioned
b
efore…

Unified Vision @ ISACA

How to enjoy the ride!

6th of May, 2013

Unified Vision @ ISACA

6th of May, 2013

Clear set of requirements

Assess your
risks
and needs
and document
in detail what it
is that you are
looking for…

Unified Vision @ ISACA

6th of May, 2013

Select deployment & service model

Select the service
& deployment
model that fits
your needs, risks
and requirements..

Unified Vision @ ISACA

6th of May, 2013

Provider(s) selection

To whom will you
trust your business
information to?


Make it personal!

Unified Vision @ ISACA

Contract
negotiation

Data ownership
& jurisdiction

Portability &

re
-
transition

Responsibilities
& liability

Supply chain
assurance

Security &
Continuity

Usage & license
cost model

Service Levels

Audits, TPM’s

& certificates

Contract
negotiations

6th of May, 2013

Cloud service contract, SLA
and

level of
assurance

Unified Vision @ ISACA

Assurance

6th of May, 2013

Trust is good,
proof is better;
seeing is
believing!

Unified Vision @ ISACA

Certificates & Frameworks

6th of May, 2013


Well
-
known frameworks to assist you:


ISO


9001


Quality Management


ISO20000


IT Service
Management (and/or ITILv3)


ISO27001


Information Security Management


ISO22301


Business Continuity Management


Data Centre Tier I
-
IV
certificate (Uptime
Institute)


Service Organization
Control


SOC2 (AICPA)


Cloud Control Matrix


CCM (CSA)


ISO27017/18/36


ISO Cloud work in progress

Unified Vision @ ISACA

Summing up

6th of May, 2013

Unified Vision @ ISACA

Through fog or in fair weather?

6th of May, 2013


Ad hoc


Uncontrolled


Penny
wise, pound foolish


Accept any standard contract


Lacking risk awareness

In for a shocker?

Unified Vision @ ISACA

Through fog
or in fair weather?

6th of May, 2013


Part of overall IT strategy


Clear risks & requirements


Selecting the right provider


Negotiating a solid contract


Obtaining sufficient assurance

Less risk than in
-
house IT?

Contact
us

@


Tel +31 79 360 4268

Mob

+
31
6 5498 5507

info@unifiedvision.nl

www.unifiedvision.nl