Solution is within.

*Cloud ComputingRisks and Controls

7/4/2011

*It’ every where but why?

Model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

7/4/2011

*Cloud Models

7/4/2011

*Evolution Continues

7/4/2011

*Technical Building Blocks

Cloud computing combines several technical innovations from the last 10 to 15years that constitute its fundamental technical building blocks, including:

SOA 뾃 library of proven, functional software applets that can be connected to become a useful application

Application programming interfaces (APIs) 뾗Tags to direct applets about the Internet

XML 뾋 Identifier tags attached to information (data, pages, pictures, files, fields, etc.) that allow them to be transported to any designated application located on the Internet

7/4/2011

*Cloud Computing Challenges

* Data Location

* Commingled Data

* Cloud Security Policy / Procedure Transparency

* Cloud Data Ownership

* Lock-in with CSP’s proprietary APIs

* CSP business viability

* Record keeping for forensic audits

* Identity and Access Management (IAM)

* Penetration detection

* Screening of other cloud computing clients

* Compliance Requirements

* Disaster Recovery

7/4/2011

*Governance in the cloud

* Data Location

* Commingled Data

* Cloud Security Policy / Procedure Transparency

* Cloud Data Ownership

* Lock-in with CSP’s proprietary APIs

* CSP business viability

* Record keeping for forensic audits

* Identity and Access Management (IAM)

* Penetration detection

* Screening of other cloud computing clients

* Compliance Requirements

* Disaster Recovery

7/4/2011

*Cloud Factors

7/4/2011

*Risk IT for the Cloud

* Strategic

* Environmental

* Market

* Credit

* Operational

* Compliance

*Risk Hierarchy

*Key Questions

*Risk Management

*Assessing Sun Cloud

You decide what degree of assessment would suffice your needs.

7/4/2011

7/4/2011

*Deliverables

*Assessment Report(s)

*SLAs

*Accessibility Report

*Vulnerabilities

*Risks

*Compliance

*Responsibility & Accountability Metrics

7/4/2011

*Need more info?

*Please contact:

Azim Tirmizi

Azim@AustinTechInc.com

214-473-4274