8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 1/50
1Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 2/50
AGENDA
• Overview• Risk Mitigation Strategies
• Infrastructure/Security
•
Service Level Agreements• Data Access, Protection & Location
• Vendor Relationship
•
Next Steps
Let’s Keep It Interactive!
2Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 3/50
Cloud Computing Risk Mitigation
As with the adoption of any IT solution,
The adoption of a cloud computing solutioncomes with both benefits and risks.
3Copyright © 2015 Thomas TrapplerAll Rights Reserved
h t t p : / / w w w . f l i c
k r . c o m
/ p
h o t o s
/ 6 1 0 5 6 8 9 9 @ N 0 6 / 5 7 5 1 3 0 1 7 4 1 / s i z e s /
l / i n
/ p
h o t o s t r e a m
/
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 4/50
Cloud Computing Risk Mitigation
The key question for us to explore today is:
How can we most effectively mitigate therisks associated with adopting a cloudcomputing solution so as to maximize the
benefits?
4Copyright © 2015 Thomas TrapplerAll Rights Reserved
h t t p : / / w w w . f l i c
k r . c o m
/ p
h o t o s
/ t a
k o m a b
i b e
l o t /
4 3 7 3 0 6 2 6 1 2 /
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 5/50
Cloud Computing Risk Mitigation
Transitioning to the Cloud = Paradigm Shift
From: Technically Managed
“I build it, I maintain it.”
To: Contractually Managed
“Someone else is doing this for me,
how do I ensure they’re doing it right?”
5Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 6/50
Cloud Computing Risk Mitigation
Key Ways To Mitigate Risks
Contract NegotiationEstablish the terms of the relationship
“What do I get?”
Vendor Management
Maintain the relationship“How do I ensure that I continue to get it?”
If it’s not in the contract, don’t expect to get it.Copyright © 2015 Thomas Trappler
All Rights Reserved6
h t t p : / / w
w w . f l i c
k r . c o m / p h o t o s / m e h r a n t / 4 0 7 9 7 8 4 9 8 4
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 7/50
Cloud Computing Risk Mitigation
Standard Answers
7Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 8/50
Cloud Computing Risk Mitigation A Framework of Issues to Consider
Each issue should be individually evaluated
Based upon your organization’s uniqueneeds and tolerance for risk
For each specific use case/project
8Copyright © 2015 Thomas TrapplerAll Rights Reserved
h t t p : / / c o m m o n s . w
i k i m e
d i a
. o r g
/ w
i k i / F i l e : B a r n
_ r a
i s i n g
_ -_
L e c
k i e % 2 7 s_ b a r n
_ c o m p
l e t e
d_ i n_ f r a
m e . j p
g
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 9/50
Cloud Computing Risk MitigationKey Factors
Data Sensitivity
Business Criticality
9Copyright © 2015 Thomas TrapplerAll Rights Reserved
Public Sensitive
Downtime = Tolerable
Downtime =Business Stops
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 10/50
Cloud Computing Risk Mitigation
Multiple Variations = SaaS, IaaS, PaaS
Contract Issues Are Similar
• Infrastructure/Security
• Service Level Agreements
• Data Protection, Access & Location
• Vendor Relationship
Copyright © 2015 Thomas TrapplerAll Rights Reserved
10
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 11/50
h t t p :// w w w .fli
ck
r . c o m
/ p
h o t o s
/li
s a n ol a n
/503198966
/
11Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 12/50
1) Infrastructure/Security
Physical Data Center Behind Every Cloud
All Cloud Service Vendors Are NOT
Created Equally
A New and Evolving Market Space
12Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 13/50
1) Infrastructure/Security
How do we ensure we’re getting this…
Copyright © 2015 Thomas TrapplerAll Rights Reserved
13
h t t p : / / w w w . w
i r e d . c o m / w i r e d e n t e r p r i s e / 2 0 1 2 / 1 0 / f f - i n s i d e - g o o g l e
- d a t a - c e n t e r /
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 14/50
1) Infrastructure/Security
…and not this?
h t t p : / / t h e d r u n k s y s a d m i n . c o
m / p i c t u r e s / t h e d r u n k s y s a d m i n C o m
p r e s s e d . j p g
14Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 15/50
1) Infrastructure/Security
Identify Cloud Vendor’s
Infrastructure and Security Practices
15Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 16/50
16
How?
Ask Questions h t t p : / / w
w w . f l i c
k r . c o m / p h o t o s / c o l i n k i n n e r / 2 2 0 0 5 0 0 0 2 4 /
Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 17/50
Consensus Assessments
Initiative Questionnaire&
Cloud Controls Matrix
Standard
Information
Gathering
Questionnaire
Copyright © 2015 Thomas TrapplerAll Rights Reserved
17
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 18/50
1) Infrastructure/Security
Areas To Evaluate Include:
•
Information Security
• Physical Security
• Operations Management
18Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 19/50
1) Infrastructure/Security
Determine Which Practices Are Important
Codify Them in the Contract
as Minimum Requirements
Incorporate Responses in Contract
Copyright © 2015 Thomas TrapplerAll Rights Reserved
19
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 20/50
1) Infrastructure/Security
Once You’ve Got Them in the Contract,How Do You Verify These Things?
20Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 21/50
1) Infrastructure/Security
Third Party Certifications
No Formal Standard
• ISO/IEC 27001/27002
• SOC 2&3, AT Sec. 101 (Replaced SAS 70)
• FIPS 200/SP 800-53
• CSA Open Certification Framework
Reports S/B Provided To You
Copyright © 2015 Thomas TrapplerAll Rights Reserved
21 h t t p : / / w w w . f l i c
k r . c o m / p h o t o s / 4 2 1 0 6 3 0 6 @
N 0 0 / 4 3 8 0 8 0 3 5 3 5 /
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 22/50
h t t p ://
w w w .fli
ck
r . c o m
/ p
h o t o s
/li
s a n ol a
n/503198966
/
22Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 23/50
2) Service Level Agreements
Software as a Service
Infrastructure as a ServicePlatform as a Service
The key thing in common is “Service”.
23Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 24/50
2) Service Level Agreements
SLA Parameters
• Availability
• Performance/Response Time
• Error Correction Time
• Latency
Limit to 8-10 SLAs
24Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 25/50
2) Service Level Agreements
SLA Metrics and Minimum Levels
Quantitative and Unambiguous
Describe Data Sources & Fields,Collection Times & Frequency,
Responsibility for Collection
Relevant to Business Outcomes,
Not Technical Parameters
25Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 26/50
2) Service Level Agreements
SLA Remedies
Corrections
Penalties
26Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 27/50
2) Service Level Agreements
SLA Remedies
If You Do Include Financial Penalties…
Client Notification or Vendor Self-Audit?
Codify When/How Credit is Provided
Against Current Payment, Or Renewal
27Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 28/50
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 29/50
2) Service Level Agreements
SLA Remedies
Reputational Penalties
Disqualification From Future Contract Bids
Rewards For Exceeding Service Levels
What Remedies Meet Your Needs?
29Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 30/50
h t t p :/
/ w w w .fli
ck
r . c o m
/ p
h o t o s
/li
s a n ol a n
/503198966
/
30Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 31/50
3) Data Protection, Access & Location
h t t p : / / w w w . f l i c
k r . c o m / p h o t o s / i a n - s / 2 1 5 2 7 9 8 5 8 8 /
31Copyright © 2015 Thomas TrapplerAll Rights Reserved
Ownership of Data
Good News = More Vendors Including
This in Standard Contract
Vendors Are Willing to Listen
Your Organization Owns the Resultsof Any Processing of Your Data
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 32/50
3) Data Protection, Access & Location
To Avoid Vendor Lock-In
Plan In Advance
How You Will SwitchTo A Different Solution
32Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 33/50
3) Data Protection, Access & Location
Data Access/Disposition
•
Process• Timeframe
• Format
•Cost (Egress Fees?)
• Destruction
33Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 34/50
3) Data Protection, Access & Location
h t t p : / / w w w . f l i c
k r . c o m / p h o t o s / n o s t a l g i c g l a s s / 1 1 8 8 5 5 1 3 8 3 /
34Copyright © 2015 Thomas TrapplerAll Rights Reserved
Data Breaches
Repercussions Vary According to Data Type
Know In Advance What Type of Data You’ll Be Processing/Storing
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 35/50
3) Data Protection, Access & Location
Data Breaches
• Notification (incl. timeframe)
• Details (circumstances, type of data, etc.)
• Corrective Action
•
Indemnification
35Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 36/50
3) Data Protection, Access & Location
Location of Data
Different Laws
Which Law Applies to My Data?
Identify/Restrict Data Center Location(s)
36Copyright © 2015 Thomas TrapplerAll Rights Reserved
h t t p : / /
c o m m o n s . w i k i m e d i a . o r g / w i k i / F i l e : W o r l d m a p_
L a n d A n d P o l i t i c a l . j p g
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 37/50
3) Data Protection, Access & Location
37 h t t p : / /
w w w . f l i c
k r . c o m / p h o t o s / k e n m c c o w n / 3 9 1 7 4 9 7 6 7 9 / s i z e s / l / i n / p h o t o s t r e a m /
Legal Requests for Access to Data
Notification of Requests
Before They Provide Access To Your Data
Cooperate in Managing Release
Limit Any Release to the Extent Possible, and tothe Minimum Required by Law
Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 38/50
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 39/50
4) Vendor Relationship
Issues Not Unique to Cloud Computing, but Essential
Most Leverage = Before Signing/Paying
Cost of Change = Significant
39Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 40/50
4) Vendor Relationship
Contractually Codify in Advance
Terms to Continue Using
Terms to Terminate/Change
40Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 41/50
4) Vendor Relationship
Cost to Continue Using
Renewal Price Caps as the Lesser of:
• Consumer Price Index (CPI)• A Set Percentage (0%, 3%, 5%, etc.)
• Cloud Vendor’s “List Price”
• What Others Pay
Going Forward For As Long As Possible
41Copyright © 2015 Thomas TrapplerAll Rights Reserved
h t t p : / /
w w w . f l i c
k r . c o m / p h o t o s / b a n k y 1 7 7 / 1 6 6 4 3 4 6 8 7 6 /
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 42/50
4) Vendor Relationship
Termination
Keep Decision Within Your Control
Restrict to Triggering Events
Include Customer Opportunity to Cure
Exclude Legitimate Payment Disputes
42Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 43/50
4) Vendor Relationship
43
Mergers and Acquisitions
Due Diligence
None of Us Can Predict the Future
Evolving Market Space
Terms Binding on Successors/Assigns
h t t p : / /
w w w . f l i c
k r . c o m / p h o t o s / w o k k a / 3 5 8
5 2 5 4 9 2 5 / s i z e s / l / i n / p h o t o s t r e a m /
Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 44/50
4) Vendor Relationship
Vendor Outsourcing
Increases Complexity
Vendor to Identify Third Parties
Vendor Remains Responsible
44Copyright © 2015 Thomas TrapplerAll Rights Reserved h t t p : /
/ c o m m o n s . w
i k i m e
d i a
. o r g
/ w
i k i / F i l e : C o n n e c t e
d - w
o r l d . j p
g
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 45/50
h t t p :/
/ w w w .fli
ck
r . c o m
/ p
h o t o s
/li
s a n o
l a n
/503198966
/
45Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 46/50
Next Steps
46
Cloud Computing is Big
h t t p : / / w w w . f l i c
k r . c o m / p h o t o s / k l e i n z / 3 5 5
2 0 1 2 8 5 6 /
Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 47/50
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 48/50
Next Steps
48
So Don’t Go It Alone
• Business Process Owner• IT Vendor Management
• IT - Technical• IT - Security/Policy• Procurement• Legal Affairs• Risk Management• Audit/Compliance/Governance/Privacy
Copyright © 2015 Thomas TrapplerAll Rights Reserved c o m m o n s . w i k i m e d i a . o r g / w i k i / F i l e : R o c k I s l a n d I n d e p e n d e n t s T e a m P h o t o 1 9 1 9 . j p g
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 49/50
Next Steps
49
Working Together
Effectively Manage
Develop Guidelines/Best Practices
Re: Appropriate Acquisition/Use
Copyright © 2015 Thomas TrapplerAll Rights Reserved
8/9/2019 Campus Collaboration in the Cloud (254323307)
http://slidepdf.com/reader/full/campus-collaboration-in-the-cloud-254323307 50/50
/ w w w .fli
ck
r . c o m
/ p
h o t o s
/li
s a n o
l a n
/503198966