why should the financial community care about cloud - cobis2020
DESCRIPTION
Cobis2020 presentation on cloud computingTRANSCRIPT
Cloud Computing:
Why should the Finance
Community Care?Kevin L. Jackson
Vice President
General Manager
NJVC Cloud Services
The New IT Era
rev date 3/25/2012
IDC September 2008
Data Processing Explosion
Cloud Computing
Not a new technology but a new approach in the provisioning and consumption of
information technology
A services oriented architecture (SOA) implemented typically on a virtualized infrastructure
(compute, storage, networks) using commodity components coupled with highly automated
controls enable the five essential characteristics of cloud computing.
Key Concerns Standards
Portability
Control/Availability
Security
IT Policy
Management / Monitoring
Ecosystem
Key Benefits Significant cost reductions
Reduced time to capability
Increased flexibility
Elastic scalability
Increase service quality
Increased security
Ease of technology refresh
Ease of collaboration
Increased efficiency
Cloud Computing: Value and Capabilities
Time
Reduce time to deliver/execute mission
Increased responsiveness/flexibility/availability
Cost
Optimizing cost to deliver/execute mission
Optimizing cost of ownership (lifecycle cost)
Increased efficiencies in capital/operational expenditures
Quality
Environmental improvements
Experiential improvements
Relational Databases and the Cloud
Country
Germany
BMW
Truck
Car
SUV
Volkswagen
…
…
…Audi
Japan
Toyota
Honda
Mazda
US
Ford
Chrysler
GM …
6
Search
German, BMW, Truck
German, BMW, Car
German, BMW, SUV
German Volkswagen, Truck
…
…
…
…
US, GM, SUV
3t 1t
The economics of data
storage led to the use of
content addressable
storage, flat storage
architectures and internet
scaling.
Database design,
database tuning no
longer required with
infinite scalability and
consistent
responsiveness
Traditional Analytics
• • • • • • • • • • •
• • • • • • • • • • •
• • • • • • • • • • •
• • • • • • • • • • •
• • • • • • • • • • •
• • • • • • • • • • •
7
Traditionally, lexical searches, filtering or
Boolean search attributes are used to
reduce data to a “working set”.
Analytical tools are then applied to this
“working set”.
All Data Sources / Types
Tools/Analysis Reports/Conclusions
Cloud Enables Searching All the Data, All the Time
8
• • • • • • • • • • •
• • • • • • • • • • •
• • • • • • • • • • •
• • • • • • • • • • •
• • • • • • • • • • •
• • • • • • • • • • •
Reports/Conclusions
Governance Operational
Top Threats to Cloud Computing
Go
vern
ance
an
dEn
terp
rise
Ris
k M
anag
emen
tLe
gal a
nd
Elec
tro
nic
Dis
cove
ry
Co
mp
lian
ce a
nd
Au
dit
Info
rmat
ion
Life
cycl
e M
anag
emen
t
Po
rtab
ility
an
d
Inte
rop
erab
ility
Trad
itio
nal
Secu
rity
, Bu
sin
ess
Co
nti
nu
ity,
and
Dis
aste
r R
eco
very
Dat
a C
en
ter
Op
erat
ion
s
Inci
den
t R
esp
on
se,
No
tifi
cati
on
an
d
Rem
edia
tio
nA
pp
licat
ion
Secu
rity
Encr
ypti
on
an
dK
ey M
anag
emen
t
Iden
tity
an
dA
cces
s M
anag
emen
t
Vir
tual
izat
ion
Abuse and Nefarious Use of CloudComputing
Insecure Interfaces and APIs
Malicious Insiders
Shared Technology Issues
Data Loss or Leakage
Account or Service Hijacking
Unknown Risk Profile
IT Auditing
Collecting and evaluating evidence to determine weather a computer system (information system) safeguards asset, maintains data integrity, achieves organizational goals effectively and consumes resources efficiently.
Finance and Commercial
PCI
Gramm-Leach-Bliley Act
Social and Labor
Sarbanes-Oxley (SOX)
SAS70
HIPAA
Public Safety
Data Protection Act (UK)
Federal Information Security Management Act (FISMA)
Security
ISO27000
Auditing the Cloud
Areas for Audit
Compliance
Governance and Risk
Security
Auditing Challenges
1:1 mapping no longer exists
Dynamic, global environments
Requirement to retrieve, correlate and extract meaningful data
from an ever increasing number of data sources
Auditing as a service spreads the audit trail across multiple
domains
Data Confidentiality, Privacy, Integrity
Data stored, transmitted and processed outside of
the organization
Shared computing environments
No physical control of data
Physical and logical access managed by provider
No controls to prevent data modification
No logging events on data (access, modification,
transmission)
Regulation and Compliance
Data subject to new laws
Exposure to foreign governments and subpoenas
Retention requirements vay among jurisdictions
Audit of provider’s environment
Increased complexity to comply with standards
Sli
de
14
Sli
de
15
Summary
Cloud computing is a technological evolution
“Drive for scale” (Internet) and “Drive for cheap” (Commodity
components, Extensive automation) and the economics of Moore’s Law
(Cheap storage) led to a business model revolution
Fiscal realities and business model economics are driving rapid adoption
of cloud computing
Cloud computing can enable significant application enhancements
Security: Same threat vectors. Same attacks but faster, broader and
automated using “resource concentration
Audit issues still need to be addressed.
A Prediction: “FedRAMP for Finance” is coming
16
Thank You !Kevin L. Jackson
Vice President
General Manager
NJVC Cloud Services
(703) 335-0830
http://www.NJVC.com
http://kevinljackson.blogspot.com
http://govcloud.ulitzer.com