Cloud Computingdemystified!

ISACA-IIA Joint Meeting Dec 9, 2014

By: Juman Doleh-AlomaryOffice of Internal Audit

jdoleh@wayne.edu

If cloud computing is so simple, then what’s the big deal?

2

People are driving a convergence of information, social interaction, mobility, and cloud.

Estimated to be

29% of 2014 IT spending

89% of all IT spending growth

77% of Market is moving to cloud or non-traditional storage by 2016

IDC #237886, Volume: 1, Tab: Markets. Storage Systems: Forecast Update

3

What is the Big Deal?

4

Data Explosion

Cloud Computing is the ability to gain access and use of a shared pool of

computing resources.

(e.g. network, servers, storage, applications, and services)

5

What is Cloud Computing?

6

The Cloud Evolution

Source: CPE Interactive

Cloud Computing has two dimensions

1. Type of cloud

2. Services provided by the cloud

7

Cloud Computing Dimensions

8

Types of Cloud

Internal /Private cloud – its infrastructure is operated solely for a single organization, whether managed internally or by a third-party and hosted internally or externally.

9

Type: Private Cloud

Individual Company LAN with virtualization

Tailored to the company’s needs.

Accessed only by company employees and vendors.

Hosted internally or externally exclusively for the organization.

Reliable and more controlled.

10

Private Cloud

Public cloud – its infrastructure provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.

11

Type: Public Cloud

Publically Shared Services

Open to all users

Easy to set-up

Inexpensive, cost is covered by provider

Pay as you go - if there is cost

Location indepndent

12

Public Cloud

Community cloud – its infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. .

13

Type: Community Cloud

Healthcare community cloud

Subset of a public cloud

Tailored to provide security and regulatory requirements in line with HIPAA (Health Insurance Portability and Accountability Act)

Users share common need for the cloud

14

Community Cloud

Hybrid cloud – its infrastructure is a composition of two or more distinct cloud types (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability and use.

15

Type: Hybrid Cloud

16

Cloud based Services

Software as a Service (SaaS)

Is a case where you use the complete software application that’s running on someone else’s servers. The best example of this is Google Docs, which you can use for creating and storing text documents, presentations, spreadsheets and so on…

User install zero software

Application accessed through the web

Maintenance & upgrades are completed by the vendor

17

What is SaaS?

Platform as a Service (PaaS) User creates applications using web-based tools so they run on

systems software and hardware provided by another company. As an example, consider a situation where you develop your own e-commerce website but have the whole thing, including the shopping cart, checkout, and payment mechanism running on a merchant’s server.

the underlying computer and storage resources scale automatically to match application demand

User may install a thin client to access the service

Maintenance & upgrades are completed by the vendor

18

What is PaaS?

Infrastructure as a Service (IaaS) Is basically when you buy raw computing hardware to use over the

net, usually servers, or online storage. You buy what you need and pay-as-you-go. The best and the most basic example of this type of cloud computing is buying a web hosting for your website. You pay monthly fee to a hosting company for the storage on their servers and to have them serve up files for your website from those servers

User may install needed software

User access the service through the internet or carrier clouds (dedicated virtual private networks).

Maintenance & upgrades are completed by the vendor

19

What is IaaS?

20

Cloud View

Internet

Company user machine

PaaS

SaaS

IaaS

**All logos are copyrighted by their perspective company

On-demand self-service

Accessible from anywhere – Mobile, computer, tablet

Collaboration capabilities

Scalability Cloud Bursting (organization only pays for extra compute resources )

Backup and disaster recovery

Don’t need to retain SMEs Resource pooling

21

Benefits

Each cloud service offers tradeoffs between extensibility (openness) and security responsibility

SaaS: least extensibility and greatest amount of security responsibility taken on by the Cloud provider

IaaS: greatest extensibility and least amount of security responsibility taken on by the Cloud provider

PaaS: somewhere in the middle, with extensibility and security features that is leveraged by the customer

22

Tradeoffs: Openness vs Security

Which Cloud Solution is best for my business?

23

Step 1.Why I need the cloud?

Identify the business need for the cloud

Interview the business stakeholders

Identify the specific need

Ensure it is aligned with the organization objective

24

Assessing for the Cloud

Step 2.Who will use it and where?

Identify the users for the cloud service

Understand the users base for the service globally

Categorize them based on their job function

Capture the projected total number of users

25

Assessing for the Cloud

Step 3. When does the company need it?

Identify the timeline that the services need to be deployed

Obtain the IT strategy plan to identify possible deployment time

Understand your resources availability to work on the Cloud deployment

26

Assessing for the Cloud

Step 4. What type of service is needed from the cloud?

Identify which service is needed (IaaS, PaaS, SaaS)

Research companies that offer the service needed with requirements gathered

Compare each provider’s pros and cons

Ensure the technology interfaces with company’s systems

27

Assessing for the Cloud

How do I assess the Cloud?

28

Questions Checklist:

How long has the provider been in business?

What is the BBB rating and reviews?

Are there any lawsuits?

Where is the company incorporated? For compliance

29

Assessing the Cloud

Questions Checklist:

What critical data is stored or processed in the cloud?

Where will the data be hosted?

Who owns the data? Or uploaded transactional material?

30

Assessing the Cloud

Questions Checklist:

What is the security profile of the cloud? Security risks and controls in place for compliance

Access

Encryption

Durability

Availability

How to obtain security assurance from the cloud service provider? SOC1,2,3 or SSAE16, or ISO 27001

31

Assessing the Cloud

Cloud Computing is here to stay – Driven by you!

Dimensions of the cloud Type: Private, Public, Community, & Hybrid

Service: IaaS, PaaS, SaaS

Benefits & Trade Offs On Demand

Accessibility from anywhere

Scalable

Security & Control

Assessing the Cloud is a must!

32

Summary

QUESTIONS?

Juman Doleh-Alomary, Office of Internal Auditjdoleh@wayne.edu, 313-577-6406