Cloud Computing:

Why should the Finance

Community Care?Kevin L. Jackson

Vice President

General Manager

NJVC Cloud Services

Kevin.jackson@njvc.com

The New IT Era

rev date 3/25/2012

IDC September 2008

Data Processing Explosion

Cloud Computing

Not a new technology but a new approach in the provisioning and consumption of

information technology

A services oriented architecture (SOA) implemented typically on a virtualized infrastructure

(compute, storage, networks) using commodity components coupled with highly automated

controls enable the five essential characteristics of cloud computing.

Key Concerns Standards

Portability

Control/Availability

Security

IT Policy

Management / Monitoring

Ecosystem

Key Benefits Significant cost reductions

Reduced time to capability

Increased flexibility

Elastic scalability

Increase service quality

Increased security

Ease of technology refresh

Ease of collaboration

Increased efficiency

Cloud Computing: Value and Capabilities

Time

Reduce time to deliver/execute mission

Increased responsiveness/flexibility/availability

Cost

Optimizing cost to deliver/execute mission

Optimizing cost of ownership (lifecycle cost)

Increased efficiencies in capital/operational expenditures

Quality

Environmental improvements

Experiential improvements

Relational Databases and the Cloud

Country

Germany

BMW

Truck

Car

SUV

Volkswagen

…

…

…Audi

Japan

Toyota

Honda

Mazda

US

Ford

Chrysler

GM …

6

Search

German, BMW, Truck

German, BMW, Car

German, BMW, SUV

German Volkswagen, Truck

…

…

…

…

US, GM, SUV

3t 1t

The economics of data

storage led to the use of

content addressable

storage, flat storage

architectures and internet

scaling.

Database design,

database tuning no

longer required with

infinite scalability and

consistent

responsiveness

Traditional Analytics

• • • • • • • • • • •

• • • • • • • • • • •

• • • • • • • • • • •

• • • • • • • • • • •

• • • • • • • • • • •

• • • • • • • • • • •

7

Traditionally, lexical searches, filtering or

Boolean search attributes are used to

reduce data to a “working set”.

Analytical tools are then applied to this

“working set”.

All Data Sources / Types

Tools/Analysis Reports/Conclusions

Cloud Enables Searching All the Data, All the Time

8

• • • • • • • • • • •

• • • • • • • • • • •

• • • • • • • • • • •

• • • • • • • • • • •

• • • • • • • • • • •

• • • • • • • • • • •

Reports/Conclusions

Governance Operational

Top Threats to Cloud Computing

Go

vern

ance

an

dEn

terp

rise

Ris

k M

anag

emen

tLe

gal a

nd

Elec

tro

nic

Dis

cove

ry

Co

mp

lian

ce a

nd

Au

dit

Info

rmat

ion

Life

cycl

e M

anag

emen

t

Po

rtab

ility

an

d

Inte

rop

erab

ility

Trad

itio

nal

Secu

rity

, Bu

sin

ess

Co

nti

nu

ity,

and

Dis

aste

r R

eco

very

Dat

a C

en

ter

Op

erat

ion

s

Inci

den

t R

esp

on

se,

No

tifi

cati

on

an

d

Rem

edia

tio

nA

pp

licat

ion

Secu

rity

Encr

ypti

on

an

dK

ey M

anag

emen

t

Iden

tity

an

dA

cces

s M

anag

emen

t

Vir

tual

izat

ion

Abuse and Nefarious Use of CloudComputing

Insecure Interfaces and APIs

Malicious Insiders

Shared Technology Issues

Data Loss or Leakage

Account or Service Hijacking

Unknown Risk Profile

IT Auditing

Collecting and evaluating evidence to determine weather a computer system (information system) safeguards asset, maintains data integrity, achieves organizational goals effectively and consumes resources efficiently.

Finance and Commercial

PCI

Gramm-Leach-Bliley Act

Social and Labor

Sarbanes-Oxley (SOX)

SAS70

HIPAA

Public Safety

Data Protection Act (UK)

Federal Information Security Management Act (FISMA)

Security

ISO27000

Auditing the Cloud

Areas for Audit

Compliance

Governance and Risk

Security

Auditing Challenges

1:1 mapping no longer exists

Dynamic, global environments

Requirement to retrieve, correlate and extract meaningful data

from an ever increasing number of data sources

Auditing as a service spreads the audit trail across multiple

domains

Data Confidentiality, Privacy, Integrity

Data stored, transmitted and processed outside of

the organization

Shared computing environments

No physical control of data

Physical and logical access managed by provider

No controls to prevent data modification

No logging events on data (access, modification,

transmission)

Regulation and Compliance

Data subject to new laws

Exposure to foreign governments and subpoenas

Retention requirements vay among jurisdictions

Audit of provider’s environment

Increased complexity to comply with standards

Sli

de

14

Sli

de

15

Summary

Cloud computing is a technological evolution

“Drive for scale” (Internet) and “Drive for cheap” (Commodity

components, Extensive automation) and the economics of Moore’s Law

(Cheap storage) led to a business model revolution

Fiscal realities and business model economics are driving rapid adoption

of cloud computing

Cloud computing can enable significant application enhancements

Security: Same threat vectors. Same attacks but faster, broader and

automated using “resource concentration

Audit issues still need to be addressed.

A Prediction: “FedRAMP for Finance” is coming

16

Thank You !Kevin L. Jackson

Vice President

General Manager

NJVC Cloud Services

(703) 335-0830

Kevin.jackson@NJVC.com

http://www.NJVC.com

http://kevinljackson.blogspot.com

http://govcloud.ulitzer.com