4. Cloud Computing
Not a new technology but a new approach in the provisioning and consumption of
information technology
A services oriented architecture (SOA) implemented typically on a virtualized infrastructure
(compute, storage, networks) using commodity components coupled with highly automated
controls enable the five essential characteristics of cloud computing.
Key Benefits Key Concerns
Significant cost reductions Standards
Reduced time to capability Portability
Increased flexibility Control/Availability
Elastic scalability Security
Increase service quality IT Policy
Increased security Management /
Ease of technology refresh Monitoring
Ease of collaboration Ecosystem
Increased efficiency
5. Cloud Computing: Value and Capabilities
Time
Reduce time to deliver/execute mission
Increased responsiveness/flexibility/availability
Cost
Optimizing cost to deliver/execute mission
Optimizing cost of ownership (lifecycle cost)
Increased efficiencies in capital/operational expenditures
Quality
Environmental improvements
Experiential improvements
6. Relational Databases and the Cloud
German, BMW,
Truck
Truck The economics of data
storage led to the use of
BMW Car content addressable German, BMW,
Car
storage, flat storage
SUV architectures and internet
German, BMW,
scaling. SUV
Germany …
Volkswagen … German
Volkswagen, Truck
Audi …
Search …
Toyota
Country
Japan Honda
…
Mazda
Database design,
Ford database tuning no …
longer required with
US Chrysler
infinite scalability and
consistent …
GM …
responsiveness
US, GM, SUV
3t 1t 6
7. Traditional Analytics
Traditionally, lexical searches, filtering or
Boolean search attributes are used to
••••••••••• reduce data to a “working set”.
Analytical tools are then applied to this
“working set”.
•••••••••••
•••••••••••
•••••••••••
••••••••••• Tools/Analysis Reports/Conclusions
•••••••••••
All Data Sources / Types
7
8. Cloud Enables Searching All the Data, All the Time
•••••••••••
•••••••••••
•••••••••••
•••••••••••
••••••••••• Reports/Conclusions
•••••••••••
8
9. Computing
Malicious Insiders
Data Loss or Leakage
Unknown Risk Profile
Shared Technology Issues
Insecure Interfaces and APIs
Account or Service Hijacking
Abuse and Nefarious Use of Cloud
Top Threats to
Cloud Computing
Governance and
Enterprise Risk
Management
Legal and
Electronic Discovery
Compliance and Audit
Governance
Information
Lifecycle Management
Portability and
Interoperability
Traditional
Security, Business
Continuity,
Data Center
and Disaster Recovery
Operations
Incident Response,
Notification and
Remediation
Application
Security
Operational
Encryption and
Key Management
Identity and
Access Management
Virtualization
10. IT Auditing
Collecting and evaluating evidence to determine weather a computer system
(information system) safeguards asset, maintains data integrity, achieves
organizational goals effectively and consumes resources efficiently.
Finance and Commercial
PCI
Gramm-Leach-Bliley Act
Social and Labor
Sarbanes-Oxley (SOX)
SAS70
HIPAA
Public Safety
Data Protection Act (UK)
Federal Information Security Management Act (FISMA)
Security
ISO27000
11. Auditing the Cloud
Areas for Audit
Compliance
Governance and Risk
Security
Auditing Challenges
1:1 mapping no longer exists
Dynamic, global environments
Requirement to retrieve, correlate and extract meaningful data
from an ever increasing number of data sources
Auditing as a service spreads the audit trail across multiple
domains
12. Data Confidentiality, Privacy, Integrity
Data stored, transmitted and processed outside of
the organization
Shared computing environments
No physical control of data
Physical and logical access managed by provider
No controls to prevent data modification
No logging events on data (access, modification,
transmission)
13. Regulation and Compliance
Data subject to new laws
Exposure to foreign governments and subpoenas
Retention requirements vay among jurisdictions
Audit of provider’s environment
Increased complexity to comply with standards
16. Summary
Cloud computing is a technological evolution
“Drive for scale” (Internet) and “Drive for cheap” (Commodity
components, Extensive automation) and the economics of Moore’s Law
(Cheap storage) led to a business model revolution
Fiscal realities and business model economics are driving rapid adoption
of cloud computing
Cloud computing can enable significant application enhancements
Security: Same threat vectors. Same attacks but faster, broader and
automated using “resource concentration
Audit issues still need to be addressed.
A Prediction: “FedRAMP for Finance” is coming
16
17. Thank You !
Kevin L. Jackson
Vice President
General Manager
NJVC Cloud Services
(703) 335-0830
Kevin.jackson@NJVC.com
http://www.NJVC.com
http://kevinljackson.blogspot.com
http://govcloud.ulitzer.com