Simple approach to risk managed cloud implementation”.pdfVIP

Dispersing the Storm Clouds “A clear and simple approach to risk managed cloud implementation” Introduction   Ashutosh Kapse CISA, CISM, CRISC, CGEIT, IRAP   General Manager – Consulting Services   Southern Cross Computer Systems,   Melbourne, Australia   15+ years experience in RM, ICT Gov, InfoSec Agenda   Cloud Computing – fundamentals   Business drivers to adopt cloud computing   Just Cloudy or Storm front? – trends and events   Preventing the cloud-stall   Security and the cloud   Organisation’s approach to securing cloud?   Cloud service provider’s approach to security?   Summary Fundamentals   Cloud computing - broad concept of using the internet to allow users to access technology- enabled services.   The technology physical location of the computing power is transparent to the user and could be located anywhere in the world.   User may use “any” device to use the computing power NIST Definition Fundamental difference compared to traditional computing models 1.  On demand, self service 2.  Broad Network access 3.  Resource pooling 4.  Rapid elasticity 5.  “Pay per use” Cloud service models SaaS IaaS PaaS Application hosted by Cloud vendor provides Cloud vendor provides provider and made hardware (servers, SAN, Application development available across the CPUs) over the internet “Platform” + all internet underlying infrastructure • Hosted centrally by • Provides scalability • Lower up-front costs vendor, access from • No CapEX only OpEx • Rapid deployment of anywhere • Reduces dependence application (rapid • License not tied to on highly trained development ?) device technical