Qiaozi_Cloud_Computing - Temple Fox MIS

chirpskulkInternet and Web Development

Nov 3, 2013 (3 years and 9 months ago)

58 views



MIS

5205

IT

SERVICE

DELIVERY

AND

SUPPORT


Cloud Computing

Essential

Characteristics


On
-
demand Self
-
Service



Broad

Network

Access



Resource

Pooling



Rapid

elasticity



Measured Service

Cloud

Service

Models


Cloud

Service

as a Software

(
SaaS
)

Ex. Amazon Elastic Cloud Computing (
EC2)



Could Platform as a Service (
PaaS
)

Ex. Google App
Engine



Cloud

Infrastructure as a Service (
IaaS
)

Ex. Gmail

Cloud Service L
ayers

Deployment

Models


Private Cloud



Community Cloud



Public Cloud



Hybrid Cloud

Key Benefits


Cost containment


Immediate provisioning (setting up) of resources


Servicer load balancing to maximize availability


Ability to dynamically adjust resources according to
demand with little notice


Ability of the customer to focus on core competencies
instead of devoting resources to IT operations


Mirrored solutions to minimize the risk of downtime

Risk Areas


Identity management (if the organization’s identity
management system is integrated with the cloud computing
system)


Security incident management (to interface with and manage
cloud computing incidents)


Network perimeter security (as an access point to the
Internet)


Systems development (in which the cloud is part of the
application infrastructure)


Project management


IT risk management


Data management (for data transmitted and stored on cloud
systems)


Vulnerability
management



Control

Areas

Control

Framework


COBIT


HIPPA/HITECH


ISO/IEC


NIST


Fed RAMP


PCI DSS


AICPA

Identity

and

Access Management


D
ue diligence

prior

to assignment of broad

cloud

management

privileges



I
mplement proper

access controls for cloud

management

interfaces



Logical access control

options due to cloud

service

immaturity



R
estrict access

or implement segregation

of duties

for

cloud

provider

staff



Infrastructure

Security

Vulnerability

Management


Fix

v
ulnerabilities introduced by cloud

co
-
tenants
and ecosystem

partners


Protect new vulnerabilities in

virtualization

technologies


Secure

patches for proprietary

cloud

components


Patch

vulnerabilities in virtual

machine templates
and offline

virtual

machines


Test

services obtained from

cloud

ecosystem

partners


Infrastructure

Security

(Continued)

Network Security


Protect
cloud

management

interface

from targeted
attacks


Secure

Network

traffic

between

distributed cloud

components


Protect

Public
-
facing

attacks against distributed
-
denial
-
of
-
service

attacks


Defense

against

attacks originating from

within

the
cloud

environment

Infrastructure

Security

(Continued)

System

Security


Educate

customers of

security best practices


Prioritize customer

service


Prevent

attacks from

user
-
side systems


Secure

intra
-
host communications among

multiple

machines

Application

Security


Capture

and store

application logs

Encryption


Prevent

cloud

provider from

accessing

encryption

keys




Data

Management


C
lear
ownership of

cloud
-
generated

data



Authorized

access

and appropriate

use

of sensitive

data



Comply

with

data privacy

laws in cross
-
jurisdictional

data
transfer



Secure

deletion

of data from

multiple
-
use hardware

resources



IT Operations

Asset

Management


Comply with

software

licenses due to ease

of cloud

resource

provisioning


Project

Management


Clearly

define roles and responsibilities of cloud

participants


Plan
customer

volume to make sure responsiveness
in

cloud

provider

communications

IT

Operations(continued)

Change Management



C
loud

migration planning



A
lign business

process changes with

standardized
cloud

service

options



C
oordination of

system

maintenance

IT

Operations(continued)

Operation



M
onitoring of

cloud

resource

utilization



Avoid provider

oversubscription
to ensure
availability of cloud

service

as prescribed

by the SLA



Physical and Environmental


Business

Resiliency and Availability

Technology

Resiliency


Prevent

oversubscription

in peak

usage

periods


Test

cloud continuity

and disaster recovery

plan


Avoid

single
-
point
-
of
-
failure

due to addition of
complex

technology

components


Data

backup


Cloud

Provider

Continuity


Supply

Chain

Continuity

Residual risks


Privileged user
access


Regulatory
compliance


Data
location


Data segregation


Recovery


Investigative
support


Long
-
term
viability

Reference


https://cloudsecurityalliance.org/download/cloud
-
controls
-
matrix
-
v1
-
4
/


http://
www.isaca.org/Knowledge
-
Center/Research/ResearchDeliverables/Pages/Clou
d
-
Computing
-
Management
-
Audit
-
Assurance
-
Program.aspx


http://
en.wikipedia.org/wiki/Cloud_computing


http://
csrc.nist.gov/publications/PubsSPs.html#80
0
-
145