SlideShare une entreprise Scribd logo

Bringing the Cloud Back to Earth

Sri Chalasani
Sri Chalasani

Cloud computing can be safe, uncomplicated and move the organization forward IF YOU DO YOUR DUE DILIGENCE!! It's your data and your neck so don't be afraid to ask the right questions and get them in writing

TechnologieBusiness
1  sur  31
Télécharger pour lire hors ligne
Bringing the Cloud Back to Earth webinars.plantemoran.com
Presenters Marv Sauer, Principal – Plante Moran, Education Consulting Marv has more than 25 years taking clients from initial strategic planning through the successful implementation of a variety of proven and leading edge technologies. He is a talented facilitator of small to large groups working with personnel ranging from end users to executive management. Marv has given presentations at local and national conferences on topics such as Building the Network of Tomorrow, Today and With Strategic Planning First, Successful Implementation Follows. Marv holds a Master of Business Administration in Finance from the University of Michigan and a Bachelor of Science in Math and Computer Science from the University of California, Los Angeles (UCLA). Sri Chalasani, Sr. Architect – Plante Moran, IT Consulting Sri has over twenty years of experience and specializes in the design, deployment, and troubleshooting of complex networks. He also has over fifteen years of experience in the design and implementation of broadband multimedia solutions across large networks. Sri has help many organization in the design and selection of data center including strategic sourcing of cloud based solutions. He has an MBA from Wayne State University, a MS in Computer Science from Western Michigan University and a BS in Electronics Engineering from Bangalore University.. webinars.plantemoran.com
Administration  Slides are available for download from your webcast console. A recording of today’s webinar will be added to our website in a few days.  We will allow time at the end of the presentation to respond to your questions, but please feel free to submit questions at any time. webinars.plantemoran.com
Administration  This is a CPE-eligible webinar. Throughout the webcast, participation pop-ups will appear.  Participants must respond to at least 75% of these popups in order to receive CPE credit.  To receive CPE credit, you need to be logged in individually to the webinar and meet the eligibility requirements (have an accrued viewing time of at least 50 minutes and 75% response to participation tracking), to receive CPE. Only attendees who are logged into the webinar will be eligible to earn CPE credit. 4 webinars.plantemoran.com
Overview Kick it to the next level - move beyond the tutorials • Review drivers, strategy and architectures for deploying a cloud • Identify your risks • Asking the right questions • Selection criteria • The T’s and C’s 5 webinars.plantemoran.com
Background Gartner believes enterprises will spend $112 billion cumulatively on software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS), Part of the attraction is the promise of lower total cost of ownership but, with this comes higher risks some of which are not always immediately apparent. Source: Gartner 6 webinars.plantemoran.com
Drivers of cloud computing - Recap Drivers • Data Center pressures – increased systems and data explosion • Flexibility - system capacity (elasticity) and ubiquitous access • Minimize risk – modernize to survive / keep up with the times • Cost / predictable cash flow • Reduced operational / systems management • Accelerated access to complex applications • Allow for focus on core competencies 7 webinars.plantemoran.com
Strategy - Recap • Goals maybe the same • Questions and priorities may be different and often competing Current IT Env. Terms & Conditions Users Cloud Strategy Risks Security C.I.A Business objectives and goals Costs Governance * Security & compliance * Impacts IT staff? * Performance & reliability? * Distributed workforce? * Agility & growth * Contract, SLA, & support? Administration * Reduce costs? TCO/ROI? * Distributed workforce? * Competitive advantages? * Risks? * Align with business goals? Roadmap Solutions Reg. & Compliance Agility Technology Business IT Staff & App. Integ / skills Process Rearch CEO CIO 8 webinars.plantemoran.com
IT Staff Net. Admin, DBA, Programmer Applications Applications Managed services Database PaaS Operating System and Back Office Servers Infrastructure Storage Network IaaS Operating System SaaS System Software Cloud Services Four major building blocks for IT system Architectures - Recap IaaS: Infrastructure as a Service; PaaS: Platform as a Service; SaaS: Software as a Service 9 webinars.plantemoran.com
Deployment Models - Recap  Multi-tenancy computing resources (infrastructure, OS, applications are available to other tenants  Typically hosted at a provider  Community Cloud  Collaboration between multiple org.  Involvement by invitation only  Private Cloud  Only your organization has access to the resources.  Hosted internally or hosted by a provider  Hybrid Cloud IaaS / PaaS / SaaS  Public Cloud  Combination of Private and Public  Most organizations Other: internal or external hosted 10 webinars.plantemoran.com
Examples of the cloud - Recap IaaS Source: Cloud Taxonomy 11 webinars.plantemoran.com
Examples of the cloud - Recap PaaS Source: Cloud Taxonomy 12 webinars.plantemoran.com
Examples of the cloud - Recap SaaS Source: Cloud Taxonomy 13 webinars.plantemoran.com
Examples of the cloud - Recap Cloud Software Source: Cloud Taxonomy 14 webinars.plantemoran.com
What is at risk? • Cloud computing inherently means trusting some of your most valuable assets • Before you start – high level understanding of the risks • Two key assets exposed to risk - Data and Applications/Process • Evaluate the risk for Confidentiality, Integrity and Availability. Impact on asset if it: • Breached • Accessed by provider(s) • Process is manipulated by an outsider • Unavailable for a while 15 webinars.plantemoran.com
What is at risk? • Understand risk by mapping the asset to • Possible deployment models • The potential flow of data between your users and CSPs • Assurances on safety of data? • SOC standards provide some level of assurance – CSA, GSA, NIST • CSA / GSA / NIST - tools to assess security requirements & services • Onus is still on you, do have to conduct your own due diligence 16 webinars.plantemoran.com
Protect your assets – ask the questions 1. Who’s managing my data? • Qualifications and backgrounds of staff • Who else (partners/sub-contractors) can touch your data? 2. Where’s my data actually located? • Regulatory and compliance requirements for data export • Primary and secondary (replication sites) • Conformance to local laws – data discovery • Map how data is stored and handled 17 webinars.plantemoran.com
Protect your assets – ask the questions • Why does location matter? - Country Risk Ratings for Security and Privacy Source: 18 webinars.plantemoran.com
Protect your assets – ask the questions 3. What access controls are in place? • What are the physical controls and logical controls? • CSPs disclose data access control processes in place • Frequency of testing of access controls 4. How will my data be physically secured & separated from other customers? • Common hardware or applications with logical controls? • Testing of data encryption / data leakage 5. How’s my data encrypted? • Understand security for data at rest and data in transit • Data at rest - encryption types • Data in transit - encrypted, authenticated and integrity protected 19 webinars.plantemoran.com
Protect your assets – ask the questions • Map the potential flow of data between your users (internal and external), other providers and the cloud service CSP2 Organization CSP1 Data App Users Servers CSP3 Backup Backup Backup Users 20 webinars.plantemoran.com
Protect your assets – ask the questions 6. What authentication mechanisms are supported by the CSP? • 2-pass authentication - passwords with tokens and certificates • Integration using LDAP and SAML with Dir. Svcs or Identity Mgmt. systems 7. What happens if there’s a data breach? • Incident Response Plan (IRP) - proactive processes and technologies in place to detect if an application or data is under attack. Create your own too • Response times and notification process; request history • Technology Errors & Omissions policy and/or Cyber Liability coverage 21 webinars.plantemoran.com
Protect your assets – ask the questions 8. Can the CSP pass muster with the auditors? • Security assessment by a 3rd party or accreditation process • Process for accommodating the needs of the your auditors • Conduct a forensic investigation? 9. Is your cloud computing service SOC 2/SSAE16 (formerly SAS 70) compliant? • No assurances but a step in the right direction • Demonstrates methodical and repeatable process • Security certification and other regulatory requirements HIPAA, FERPA etc. 10. What is CSP’s stability factor? • CSP acquired or out of business? • Timely transition, removal and destruction of your data 22 webinars.plantemoran.com
Protect your assets – ask the questions 11. Does the CSP offer backup and recovery services? • Data retention, backup and recovery • Backed up to where. Basic backup services or beyond? • Recovery process from an outage • What is included in your service – does this match you RPO/RTO? 12. What are the contract terms? • SLA, breach notification, intellectual properties, limitation of liability, etc. • More on this later 23 webinars.plantemoran.com
Eeny, meeny, miny, moe – Picking a CSP No different than any other selection project • Identify what is important to you • Identify what “must haves” and “like to have” • Don’t ignore security and growth • For each of the identified areas, assign weightage • Seek “written” answers you are looking for • When in doubt err on the conservative side • Reference – ask for a list of clients, not just references • Not to be taken lightly – your data, your neck • Add skill sets to the IT mix to manage and administer vendor contracts • Viewed as a partnership - cannot abdicate management of the vendor / service though they provide the service webinars.plantemoran.com 24
Eeny, meeny, miny, moe – Picking a CSP 25 webinars.plantemoran.com
Eeny, meeny, miny, moe – picking a CSP Reference: Intel’s Intel Cloud Finder 26 webinars.plantemoran.com
Contractual considerations Negotiate key terms and conditions to mitigate risk and cost exposure: • Uptime Guarantees • SLA penalties • SLA penalty exclusions • Security • Business Continuity and Disaster recovery 27 webinars.plantemoran.com
Contractual considerations Negotiate key terms and conditions to mitigate risk and cost exposure: • Data privacy conditions • Suspension of service • Termination • Liability 28 webinars.plantemoran.com
Where’s my checklist?  Do I have a “strategy” or am I “piecemealing this”?  Have a process for identifying suitable applications / systems / workloads ideal for “cloudifying” – business objective first  Define your selection criteria - requirements for security, compliance, growth, performance, etc.  Identify issues around migrating existing workloads  Identify vendor(s), vendor lock-ins and flexibilities  Identify the costs? CapEx, OpEx, sunk costs, staff retraining  Identify your questions - have written responses, talk to existing clients  Determine the impact on your IT staff (skills and headcount)?  Understand your contract – have your requirements clearly identified It is not an all or nothing proposition – think hybrid 29 webinars.plantemoran.com
Q&A Q&A webinars.plantemoran.com
Thank you for attending Marv Sauer, Principal 248.223. 3120 Sri Chalasani, Sr. Architect 248.223.3707 marv.sauer@plantemoran.com sri.chalasani@plantemoran.com To view a complete calendar of upcoming Plante Moran webinars, visit webinars.plantemoran.com webinars.plantemoran.com

Recommandé

Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3EnterpriseGRC Solutions, Inc.
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLPRobert Kloots
 
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Happiest Minds Technologies
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)MHumaamAl
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4EnterpriseGRC Solutions, Inc.
 

Recommandé

Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3EnterpriseGRC Solutions, Inc.
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLPRobert Kloots
 
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Happiest Minds Technologies
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)MHumaamAl
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4EnterpriseGRC Solutions, Inc.
 
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudHappiest Minds Technologies
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreementsCade Zvavanjanja
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Ergmjschreck
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...West Monroe Partners
 
Health Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehousesHealth Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehousesSi Nahra
 
GDPR
GDPRGDPR
GDPRRajivarnan R
 
Cloud monitoring overview
Cloud monitoring overviewCloud monitoring overview
Cloud monitoring overviewDr. Ramkumar Lakshminarayanan
 
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan Singh
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014Aladdin Dandis
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Hassan EL ALLOUSSI
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
CLR Resume'
CLR Resume'CLR Resume'
CLR Resume'Clay Ramsey
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTuan Phan
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceControlCase
 
Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services Marlabs
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
How To Avoid Procuring Ip When Doing Procurement
How To Avoid Procuring Ip When Doing ProcurementHow To Avoid Procuring Ip When Doing Procurement
How To Avoid Procuring Ip When Doing ProcurementWilliam Tanenbaum
 
Final risk assessment and compliance report (seven to 12-page rep
Final risk assessment and compliance report (seven to 12-page repFinal risk assessment and compliance report (seven to 12-page rep
Final risk assessment and compliance report (seven to 12-page repaman39650
 
Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3RazaMehmood7
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 

Contenu connexe

Tendances

Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudHappiest Minds Technologies
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreementsCade Zvavanjanja
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Ergmjschreck
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...West Monroe Partners
 
Health Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehousesHealth Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehousesSi Nahra
 
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan Singh
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Hassan EL ALLOUSSI
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTuan Phan
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceControlCase
 
Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services Marlabs
 
How To Avoid Procuring Ip When Doing Procurement
How To Avoid Procuring Ip When Doing ProcurementHow To Avoid Procuring Ip When Doing Procurement
How To Avoid Procuring Ip When Doing ProcurementWilliam Tanenbaum
 
Final risk assessment and compliance report (seven to 12-page rep
Final risk assessment and compliance report (seven to 12-page repFinal risk assessment and compliance report (seven to 12-page rep
Final risk assessment and compliance report (seven to 12-page repaman39650
 
Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3RazaMehmood7
 

Tendances (20)

Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreements
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Erg
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
 
Health Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehousesHealth Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehouses
 
GDPR
GDPRGDPR
GDPR
 
Cloud monitoring overview
Cloud monitoring overviewCloud monitoring overview
Cloud monitoring overview
 
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
CLR Resume'
CLR Resume'CLR Resume'
CLR Resume'
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security Authorization
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
 
How To Avoid Procuring Ip When Doing Procurement
How To Avoid Procuring Ip When Doing ProcurementHow To Avoid Procuring Ip When Doing Procurement
How To Avoid Procuring Ip When Doing Procurement
 
Final risk assessment and compliance report (seven to 12-page rep
Final risk assessment and compliance report (seven to 12-page repFinal risk assessment and compliance report (seven to 12-page rep
Final risk assessment and compliance report (seven to 12-page rep
 
Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3
 

Similaire à Bringing the Cloud Back to Earth

Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
Get ahead of the cloud or get left behind
Get ahead of the cloud or get left behindGet ahead of the cloud or get left behind
Get ahead of the cloud or get left behindMatt Mandich
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalAndrew White
 
Observability in serverless solutions
Observability in serverless solutionsObservability in serverless solutions
Observability in serverless solutionsLeonardo Murillo
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Marlabs Capabilities Overview: Digital Asset Management (DAM)
Marlabs Capabilities Overview: Digital Asset Management (DAM)Marlabs Capabilities Overview: Digital Asset Management (DAM)
Marlabs Capabilities Overview: Digital Asset Management (DAM)Marlabs
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloudAzure Group
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudVISI
 
Identity and User Access Management.pptx
Identity and User Access Management.pptxIdentity and User Access Management.pptx
Identity and User Access Management.pptxirfanullahkhan64
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The CloudPECB
 
Why CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdfWhy CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdfinfosec train
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
 
The Cloud's Business Impact on Human Resources
The Cloud's Business Impact on Human ResourcesThe Cloud's Business Impact on Human Resources
The Cloud's Business Impact on Human ResourcesFrankHolman
 

Similaire à Bringing the Cloud Back to Earth (20)

Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Cloud Computing for CPAs: What Your Client Will Ask You
Cloud Computing for CPAs: What Your Client Will Ask YouCloud Computing for CPAs: What Your Client Will Ask You
Cloud Computing for CPAs: What Your Client Will Ask You
 
Get ahead of the cloud or get left behind
Get ahead of the cloud or get left behindGet ahead of the cloud or get left behind
Get ahead of the cloud or get left behind
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - final
 
Observability in serverless solutions
Observability in serverless solutionsObservability in serverless solutions
Observability in serverless solutions
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Marlabs Capabilities Overview: Digital Asset Management (DAM)
Marlabs Capabilities Overview: Digital Asset Management (DAM)Marlabs Capabilities Overview: Digital Asset Management (DAM)
Marlabs Capabilities Overview: Digital Asset Management (DAM)
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloud
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the Cloud
 
Identity and User Access Management.pptx
Identity and User Access Management.pptxIdentity and User Access Management.pptx
Identity and User Access Management.pptx
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
Cloud computing overview
Cloud computing overviewCloud computing overview
Cloud computing overview
 
Why CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdfWhy CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdf
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think
 
Securing your Cloud Deployment
Securing your Cloud DeploymentSecuring your Cloud Deployment
Securing your Cloud Deployment
 
The Cloud's Business Impact on Human Resources
The Cloud's Business Impact on Human ResourcesThe Cloud's Business Impact on Human Resources
The Cloud's Business Impact on Human Resources
 

Dernier

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 

Dernier (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

Bringing the Cloud Back to Earth

  • 1. Bringing the Cloud Back to Earth webinars.plantemoran.com
  • 2. Presenters Marv Sauer, Principal – Plante Moran, Education Consulting Marv has more than 25 years taking clients from initial strategic planning through the successful implementation of a variety of proven and leading edge technologies. He is a talented facilitator of small to large groups working with personnel ranging from end users to executive management. Marv has given presentations at local and national conferences on topics such as Building the Network of Tomorrow, Today and With Strategic Planning First, Successful Implementation Follows. Marv holds a Master of Business Administration in Finance from the University of Michigan and a Bachelor of Science in Math and Computer Science from the University of California, Los Angeles (UCLA). Sri Chalasani, Sr. Architect – Plante Moran, IT Consulting Sri has over twenty years of experience and specializes in the design, deployment, and troubleshooting of complex networks. He also has over fifteen years of experience in the design and implementation of broadband multimedia solutions across large networks. Sri has help many organization in the design and selection of data center including strategic sourcing of cloud based solutions. He has an MBA from Wayne State University, a MS in Computer Science from Western Michigan University and a BS in Electronics Engineering from Bangalore University.. webinars.plantemoran.com
  • 3. Administration  Slides are available for download from your webcast console. A recording of today’s webinar will be added to our website in a few days.  We will allow time at the end of the presentation to respond to your questions, but please feel free to submit questions at any time. webinars.plantemoran.com
  • 4. Administration  This is a CPE-eligible webinar. Throughout the webcast, participation pop-ups will appear.  Participants must respond to at least 75% of these popups in order to receive CPE credit.  To receive CPE credit, you need to be logged in individually to the webinar and meet the eligibility requirements (have an accrued viewing time of at least 50 minutes and 75% response to participation tracking), to receive CPE. Only attendees who are logged into the webinar will be eligible to earn CPE credit. 4 webinars.plantemoran.com
  • 5. Overview Kick it to the next level - move beyond the tutorials • Review drivers, strategy and architectures for deploying a cloud • Identify your risks • Asking the right questions • Selection criteria • The T’s and C’s 5 webinars.plantemoran.com
  • 6. Background Gartner believes enterprises will spend $112 billion cumulatively on software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS), Part of the attraction is the promise of lower total cost of ownership but, with this comes higher risks some of which are not always immediately apparent. Source: Gartner 6 webinars.plantemoran.com
  • 7. Drivers of cloud computing - Recap Drivers • Data Center pressures – increased systems and data explosion • Flexibility - system capacity (elasticity) and ubiquitous access • Minimize risk – modernize to survive / keep up with the times • Cost / predictable cash flow • Reduced operational / systems management • Accelerated access to complex applications • Allow for focus on core competencies 7 webinars.plantemoran.com
  • 8. Strategy - Recap • Goals maybe the same • Questions and priorities may be different and often competing Current IT Env. Terms & Conditions Users Cloud Strategy Risks Security C.I.A Business objectives and goals Costs Governance * Security & compliance * Impacts IT staff? * Performance & reliability? * Distributed workforce? * Agility & growth * Contract, SLA, & support? Administration * Reduce costs? TCO/ROI? * Distributed workforce? * Competitive advantages? * Risks? * Align with business goals? Roadmap Solutions Reg. & Compliance Agility Technology Business IT Staff & App. Integ / skills Process Rearch CEO CIO 8 webinars.plantemoran.com
  • 9. IT Staff Net. Admin, DBA, Programmer Applications Applications Managed services Database PaaS Operating System and Back Office Servers Infrastructure Storage Network IaaS Operating System SaaS System Software Cloud Services Four major building blocks for IT system Architectures - Recap IaaS: Infrastructure as a Service; PaaS: Platform as a Service; SaaS: Software as a Service 9 webinars.plantemoran.com
  • 10. Deployment Models - Recap  Multi-tenancy computing resources (infrastructure, OS, applications are available to other tenants  Typically hosted at a provider  Community Cloud  Collaboration between multiple org.  Involvement by invitation only  Private Cloud  Only your organization has access to the resources.  Hosted internally or hosted by a provider  Hybrid Cloud IaaS / PaaS / SaaS  Public Cloud  Combination of Private and Public  Most organizations Other: internal or external hosted 10 webinars.plantemoran.com
  • 11. Examples of the cloud - Recap IaaS Source: Cloud Taxonomy 11 webinars.plantemoran.com
  • 12. Examples of the cloud - Recap PaaS Source: Cloud Taxonomy 12 webinars.plantemoran.com
  • 13. Examples of the cloud - Recap SaaS Source: Cloud Taxonomy 13 webinars.plantemoran.com
  • 14. Examples of the cloud - Recap Cloud Software Source: Cloud Taxonomy 14 webinars.plantemoran.com
  • 15. What is at risk? • Cloud computing inherently means trusting some of your most valuable assets • Before you start – high level understanding of the risks • Two key assets exposed to risk - Data and Applications/Process • Evaluate the risk for Confidentiality, Integrity and Availability. Impact on asset if it: • Breached • Accessed by provider(s) • Process is manipulated by an outsider • Unavailable for a while 15 webinars.plantemoran.com
  • 16. What is at risk? • Understand risk by mapping the asset to • Possible deployment models • The potential flow of data between your users and CSPs • Assurances on safety of data? • SOC standards provide some level of assurance – CSA, GSA, NIST • CSA / GSA / NIST - tools to assess security requirements & services • Onus is still on you, do have to conduct your own due diligence 16 webinars.plantemoran.com
  • 17. Protect your assets – ask the questions 1. Who’s managing my data? • Qualifications and backgrounds of staff • Who else (partners/sub-contractors) can touch your data? 2. Where’s my data actually located? • Regulatory and compliance requirements for data export • Primary and secondary (replication sites) • Conformance to local laws – data discovery • Map how data is stored and handled 17 webinars.plantemoran.com
  • 18. Protect your assets – ask the questions • Why does location matter? - Country Risk Ratings for Security and Privacy Source: 18 webinars.plantemoran.com
  • 19. Protect your assets – ask the questions 3. What access controls are in place? • What are the physical controls and logical controls? • CSPs disclose data access control processes in place • Frequency of testing of access controls 4. How will my data be physically secured & separated from other customers? • Common hardware or applications with logical controls? • Testing of data encryption / data leakage 5. How’s my data encrypted? • Understand security for data at rest and data in transit • Data at rest - encryption types • Data in transit - encrypted, authenticated and integrity protected 19 webinars.plantemoran.com
  • 20. Protect your assets – ask the questions • Map the potential flow of data between your users (internal and external), other providers and the cloud service CSP2 Organization CSP1 Data App Users Servers CSP3 Backup Backup Backup Users 20 webinars.plantemoran.com
  • 21. Protect your assets – ask the questions 6. What authentication mechanisms are supported by the CSP? • 2-pass authentication - passwords with tokens and certificates • Integration using LDAP and SAML with Dir. Svcs or Identity Mgmt. systems 7. What happens if there’s a data breach? • Incident Response Plan (IRP) - proactive processes and technologies in place to detect if an application or data is under attack. Create your own too • Response times and notification process; request history • Technology Errors & Omissions policy and/or Cyber Liability coverage 21 webinars.plantemoran.com
  • 22. Protect your assets – ask the questions 8. Can the CSP pass muster with the auditors? • Security assessment by a 3rd party or accreditation process • Process for accommodating the needs of the your auditors • Conduct a forensic investigation? 9. Is your cloud computing service SOC 2/SSAE16 (formerly SAS 70) compliant? • No assurances but a step in the right direction • Demonstrates methodical and repeatable process • Security certification and other regulatory requirements HIPAA, FERPA etc. 10. What is CSP’s stability factor? • CSP acquired or out of business? • Timely transition, removal and destruction of your data 22 webinars.plantemoran.com
  • 23. Protect your assets – ask the questions 11. Does the CSP offer backup and recovery services? • Data retention, backup and recovery • Backed up to where. Basic backup services or beyond? • Recovery process from an outage • What is included in your service – does this match you RPO/RTO? 12. What are the contract terms? • SLA, breach notification, intellectual properties, limitation of liability, etc. • More on this later 23 webinars.plantemoran.com
  • 24. Eeny, meeny, miny, moe – Picking a CSP No different than any other selection project • Identify what is important to you • Identify what “must haves” and “like to have” • Don’t ignore security and growth • For each of the identified areas, assign weightage • Seek “written” answers you are looking for • When in doubt err on the conservative side • Reference – ask for a list of clients, not just references • Not to be taken lightly – your data, your neck • Add skill sets to the IT mix to manage and administer vendor contracts • Viewed as a partnership - cannot abdicate management of the vendor / service though they provide the service webinars.plantemoran.com 24
  • 25. Eeny, meeny, miny, moe – Picking a CSP 25 webinars.plantemoran.com
  • 26. Eeny, meeny, miny, moe – picking a CSP Reference: Intel’s Intel Cloud Finder 26 webinars.plantemoran.com
  • 27. Contractual considerations Negotiate key terms and conditions to mitigate risk and cost exposure: • Uptime Guarantees • SLA penalties • SLA penalty exclusions • Security • Business Continuity and Disaster recovery 27 webinars.plantemoran.com
  • 28. Contractual considerations Negotiate key terms and conditions to mitigate risk and cost exposure: • Data privacy conditions • Suspension of service • Termination • Liability 28 webinars.plantemoran.com
  • 29. Where’s my checklist?  Do I have a “strategy” or am I “piecemealing this”?  Have a process for identifying suitable applications / systems / workloads ideal for “cloudifying” – business objective first  Define your selection criteria - requirements for security, compliance, growth, performance, etc.  Identify issues around migrating existing workloads  Identify vendor(s), vendor lock-ins and flexibilities  Identify the costs? CapEx, OpEx, sunk costs, staff retraining  Identify your questions - have written responses, talk to existing clients  Determine the impact on your IT staff (skills and headcount)?  Understand your contract – have your requirements clearly identified It is not an all or nothing proposition – think hybrid 29 webinars.plantemoran.com
  • 31. Thank you for attending Marv Sauer, Principal 248.223. 3120 Sri Chalasani, Sr. Architect 248.223.3707 marv.sauer@plantemoran.com sri.chalasani@plantemoran.com To view a complete calendar of upcoming Plante Moran webinars, visit webinars.plantemoran.com webinars.plantemoran.com