Download presentation
Presentation is loading. Please wait.
Published byGrant Silvester Martin Modified over 8 years ago
1
3/14/2016 © Crown Copyright. All rights reserved. Risk Managed Cloud Computing HMG IA Approach Ian McCormack TD IA Policy and Risk CESG
2
Defining Cloud Terminology Understand Business Functions Cloud models –Public, Private
3
Service Models Software as a Service (SaaS) / Applications Citizen Engagement Service 1 Service 2 Service 3 Platform as a Service (PaaS) Database DBMS Testing Tools Directory Services Developer Tools Infrastructure as a Service (IaaS) Storage Content Distribution Network Virtual Machines App Servers Web Hosting Gov Productivity Service 4 Service 5 Service 6 Gov Enterprise Apps Service 7 Service 8 Service 9
4
Cloud in Context Government Drivers –ICT Strategy New ICT Delivery Model? Transaction Security –End to end Home / work capability gap Not just data security!
5
Cloud in Context The Benefits Service and payment on demand –Elasticity of service –Flexible capability –Scale of service otherwise unavailable Low initial investment Pace of delivery Do IA once, well and re-use What type of Cloud Service is right for your business?
6
Risk Management Risk Fundamentals Governance and risk ownership Where is your data! –How do we assure Control verses Innovation Do once, do well, re-use
7
Approach What’s changed, what’s the same? –Scope the IA Problem Government has: –Really sensitive data –Less sensitive data Enable commodity services Private Cloud –Similar Impact, Threat, Compliance regimes –Easier to gain assurance Public Cloud
8
Use commodity services –We can’t change them –How do we use them Effective assessment –Asset valuation –Threat assessment Open Standards approach –ISO 27001 –Correct scope
9
Summary Understand the service –Including benefits Scope the IA Problem Risk Management fundamentals do not change! Effective asset and service valuation Open standards approach
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.