Download
1 / 20
210 likes | 427 Vues
Cloud Computing. MIS 5205 IT Service Delivery and Support. Essential Characteristics. On-demand Self-Service Broad Network Access Resource Pooling Rapid elasticity Measured Service. Cloud Service Models. Cloud Service as a Software ( SaaS ) Ex. Amazon Elastic Cloud Computing ( EC2)
E N D
Cloud Computing MIS5205 ITServiceDeliveryandSupport
EssentialCharacteristics On-demand Self-Service BroadNetworkAccess ResourcePooling Rapidelasticity Measured Service
CloudServiceModels CloudServiceas a Software(SaaS) Ex. Amazon Elastic Cloud Computing (EC2) Could Platform as a Service (PaaS) Ex. Google App Engine CloudInfrastructure as a Service (IaaS) Ex. Gmail
DeploymentModels Private Cloud Community Cloud Public Cloud Hybrid Cloud
Key Benefits • Cost containment • Immediate provisioning (setting up) of resources • Servicer load balancing to maximize availability • Ability to dynamically adjust resources according to demand with little notice • Ability of the customer to focus on core competencies instead of devoting resources to IT operations • Mirrored solutions to minimize the risk of downtime
Risk Areas • Identity management (if the organization’s identity management system is integrated with the cloud computing system) • Security incident management (to interface with and manage cloud computing incidents) • Network perimeter security (as an access point to the Internet) • Systems development (in which the cloud is part of the application infrastructure) • Project management • IT risk management • Data management (for data transmitted and stored on cloud systems) • Vulnerability management
ControlFramework COBIT HIPPA/HITECH ISO/IEC NIST Fed RAMP PCI DSS AICPA
IdentityandAccess Management Due diligencepriorto assignment of broadcloudmanagementprivileges Implement properaccess controls for cloudmanagementinterfaces Logical access controloptions due to cloudserviceimmaturity Restrict accessor implement segregationof dutiesforcloudproviderstaff
InfrastructureSecurity VulnerabilityManagement Fixvulnerabilities introduced by cloudco-tenants and ecosystempartners Protect new vulnerabilities invirtualizationtechnologies Securepatches for proprietarycloudcomponents Patchvulnerabilities in virtualmachine templates and offlinevirtualmachines Testservices obtained fromcloudecosystempartners
InfrastructureSecurity(Continued) Network Security Protect cloudmanagementinterfacefrom targeted attacks SecureNetworktrafficbetweendistributed cloudcomponents ProtectPublic-facingattacks against distributed-denial-of-serviceattacks Defenseagainstattacks originating fromwithinthe cloudenvironment
InfrastructureSecurity(Continued) SystemSecurity Educatecustomers ofsecurity best practices Prioritize customerservice Preventattacks fromuser-side systems Secureintra-host communications amongmultiplemachines ApplicationSecurity Captureand storeapplication logs Encryption Preventcloudprovider fromaccessingencryptionkeys
DataManagement Clear ownership ofcloud-generateddata Authorizedaccessand appropriateuseof sensitivedata Complywithdata privacylaws in cross-jurisdictionaldata transfer Securedeletionof data frommultiple-use hardwareresources
IT Operations AssetManagement Comply withsoftwarelicenses due to easeof cloudresourceprovisioning ProjectManagement Clearlydefine roles and responsibilities of cloudparticipants Plan customervolume to make sure responsiveness incloudprovidercommunications
ITOperations(continued) Change Management Cloudmigration planning Align businessprocess changes withstandardized cloudserviceoptions Coordination ofsystemmaintenance
ITOperations(continued) Operation Monitoring ofcloudresourceutilization Avoid provideroversubscription to ensure availability of cloudserviceas prescribedby the SLA Physical and Environmental
BusinessResiliency and Availability TechnologyResiliency Preventoversubscriptionin peakusageperiods Testcloud continuityand disaster recoveryplan Avoidsingle-point-of-failuredue to addition of complextechnologycomponents Databackup CloudProviderContinuity SupplyChainContinuity
Residual risks Privileged user access Regulatory compliance Data location Data segregation Recovery Investigative support Long-term viability
Reference https://cloudsecurityalliance.org/download/cloud-controls-matrix-v1-4/ http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Cloud-Computing-Management-Audit-Assurance-Program.aspx http://en.wikipedia.org/wiki/Cloud_computing http://csrc.nist.gov/publications/PubsSPs.html#800-145
