Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Services Measurement, Audit – and Standards Martin Kuppinger Founder and Principal Analyst, KuppingerCole

Similar presentations

Presentation on theme: "Cloud Services Measurement, Audit – and Standards Martin Kuppinger Founder and Principal Analyst, KuppingerCole"— Presentation transcript:

1 Cloud Services Measurement, Audit – and Standards Martin Kuppinger Founder and Principal Analyst, KuppingerCole

2 Abstract Cloud computing provides an opportunity for organizations to optimize the procurement of IT services from both internal and external suppliers However - many organizations are sleepwalking into the Cloud. Moving to the cloud may outsource the provision of the IT service, but it does not outsource responsibility. This session will look at the issues that may be forgotten or ignored when adopting the cloud computing. These include: – Ensuring legal and regulatory compliance – Assuring data security – Ensuring business continuity – Avoiding lock in 2

3 Agenda The Seven Deadly sins The Ten Cloud commandments Summary 3


5 Seven Capital Vices Used by the Christian church to teach the origin of sin. – Wrath – Greed – Sloth – Pride – Lust – Envy – Gluttony 5

6 Cloud Computing Seven Deadly Sins Sloth – Not knowing you are using the Cloud – Not assuring legal and regulatory compliance – Not knowing what data is in the cloud – Not managing identity and access to the cloud – Not managing business continuity and the cloud – Becoming Locked-in to one provider. – Not managing your Cloud provider. 6


8 Summary To Avoid the Seven Deadly Sins of Cloud follow the ten commandments: 1.Know that you are using the Cloud 2.Use Good Governance for the Cloud and other IT Services 3.Choose the right kind of Cloud 4.Assure Compliance 5.Assure Information Security 6.Manage Identity and Access 7.Assure privilege management 8.Include the Cloud in your Business Continuity Plan 9.Avoid Lock-in 10.Manage the Cloud Service Provider 8

9 #2 Use Good Governance for the Cloud as well as other IT Services

10 Cloud Governance 10 Assure Delivery of Cloud Service Assess Risk Probability and Impact and Risk Response Specify Service to meet business needs Identify Business Requirements

11 #10 Manage the Cloud Service Provider

12 Legal Risk - Contract In General - Outsourcing Contracts are negotiated SLAs Cloud Provider Contracts are – Largely “take it or leave it” – May have less onerous obligations on provider – Almost total exclusion of liability 12 ProbabilityVery High ImpactHigh Legal Considerations Cloud computing contracts, Kristof de Vulder, DLA Piper LLP computing/GroupDocuments/DLA_Cloudcomputing%20legal%20considerations.pdf

13 Cloud Service Delivery Management Check the implementation of agreements, monitor compliance and manage changes to ensure that the services delivered meet all requirements agreed with the third party. 13 ISO 27001 Control 10.2 Customer Responsibility Ensure service levels and security controls in the Cloud service agreement are implemented, operated, and maintained Provider Responsibility Provide data on service levels and controls and certification through external audits.

14 What’s out there? Cloud Security Alliance „Cloud Controls Matrix“ – Approach to enhance Internal Controls Frameworks to Cloud Services ISO 27001 – Independent of deployment model, works for Cloud Services as well Data Protection Requirement Analysis („Schutzbedarfsanalyse“ – BSI approach) – Focus on information assets which have to be protected – Can be enhanced for cloud Carnegie Mellon SMI – Cloud Service Measurement Initiative Consortium – Set of KPIs for measuring cloud services NIST – Just published a definition of „Cloud“ Who else? – … 14

15 Cloud Security Alliance: CCM 15

16 ISO 27001 16

17 What you need Selection – Quick, prepared, comprehensive, focused, risk-aware – Short list of questions Internal Controls – Less time-sensitive, probes, prepared, limited, risk-aware – Comprehensive control frameworks 17

18 Vorgehensmodell und Voraussetzungen 18 Evaluate Information Protection RequirementsMap to service featuresDevelop a questionnaireDecideDefine and apply controls

19 Service Governance Process Governance Information Governance Traditional (System Governance) Advanced (Information Governance) Cloud basics (Information and Service Governance) Cloud ready (Full Governance) Systems Services


21 21

Download ppt "Cloud Services Measurement, Audit – and Standards Martin Kuppinger Founder and Principal Analyst, KuppingerCole"

Similar presentations

Ads by Google