cloud computing (week6)

profilehari krishna12
cc151.pptx
Home>Information Systems homework help>cloud computing (week6)

School of Computer & Information Sciences

ITS-532 Cloud Computing

Chapter 15 – Governing the Cloud

Content from:

Primary Textbook: Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS, virtualization, business models, mobile, security and more. Burlington, MA: Jones & Bartlett Learning.

Secondary Textbook: Erl, T., Mahmood, Z., & Puttini, R. (2014). Cloud computing: concepts, technology, & architecture. Upper Saddle River, NJ: Prentice Hall.

1

Learning Objectives

Define and describe corporate governance.

Define business strategy and provide examples of strategic goals.

Discuss how companies use the Capability Maturity Model (CMM) to measure their current capabilities.

Define and describe internal controls.

Define and describe IT governance.

Discuss the various types of governance a company must perform.

Discuss the role of Sarbanes-Oxley in corporate IT governance.

Discuss factors to consider when developing governance procedures for the cloud.

Risks and Challenges with Cloud Computing

Increased Security Vulnerabilities

Shared Responsibility with Cloud provider

Expansion of trust boundaries

Vendor access to the organization’s date

Reduced Operational Governance Control

Governance control usually less than on-premise IT resources

Limited Portability Between Cloud Providers

Lack of standards and customized integration

Multi-Regional Compliance and Legal Issue

Location of data and applications is needed to ensure compliance

(Erl, 2014)

The Need for True Financials

Following the DOT.com crash and corporate scandals such as Enron, Tyco, and WorldCom, pressures emerged from the government, shareholders, and numerous other stakeholders for companies to increase their financial oversight to reduce opportunity for fraud and to restore confidence in corporate financial reporting.

Why IT Is Involved

Because most of the data that drive corporate financial reports originate within data centers, the new era of governance has brought greater visibility and a greater need for controls to IT departments.

Corporate Governance

Corporate governance combines the processes, policies, laws, and controls that affect how a company operates.

The governance guides the company’s decision making and administrative processes.

Corporate governance, is complex and involves people, processes, systems, and more.

Corporate-Governance Process

Components of the corporate-governance process.

Real World: Organization for Economic Cooperation

In 1999, the Organization for Economic Cooperation and Development (OECD) published the Principles for Corporate Development. It has been revised to address corporate-governance issues.

Understanding Business Strategy

A strategy is a plan of action designed to achieve one or more particular goals.

A business strategy comprises the plans a company executes to achieve business goals.

Components of a Business Strategy

Maximizing shareholder value

Reducing or managing costs to maximize profits

Providing a high-quality work environment to attract and retain employees

Maintaining a high degree of customer satisfaction

Supporting environmentally friendly operations

Developing a sustainable, competitive advantage

Providing accurate reporting of company operations

Real World: Capability Maturity Model (CMM)

The Capability Maturity Model (CMM) was developed at Carnegie Mellon University to help businesses measure and improve their current capabilities.

Over time, as a business matures and its skills improve, a company’s CMM scores should increase.

As scores increase, so too should the predictability and reliability of the business.

Levels of CMM

Inspect What You Expect

Once a company defines its business goals and metrics, it must inspect the underlying factors that drive business results.

In other words, rather than take its financials at face value, the company should examine the sources from which the values are derived to ensure that each is accurate and free from fraud.

This inspection process is known as auditing.

Auditing

Companies must audit the source of the values they measure and report using internal or external auditors.

Internal Controls

Internal controls allow a company auditor to inspect data values at key stages.

Real World: COSO of the Treadway Commission

A key aspect of corporate governance is internal controls. An internal control is a process that provides assurance that the objectives of a company’s operational goals and legal compliance requirements are being met, as well as confidence in the accuracy of the reporting of operations.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has defined a model that companies can use to evaluate their internal controls.

The Components of the (expanded) COSO Model

Control Objectives for Information and Related Technology

Control Objectives for Information and Related Technology (COBIT) is an IT governance framework defined by the Information Systems Audit Control Association (ISACA).

COBIT defines dozens of processes an IT manager and staff can use to plan, acquire, implement, deliver, support, monitor, and evaluate IT solutions.

IT Governance

IT governance is one of many key types of governance a company must consider.

Real World: Sarbanes-Oxley

In 2002, in the aftermath of the dot-com crash and corporate scandals that included Enron, Tyco, and WorldCom, Senator Paul Sarbanes of Maryland and Representative Michael Oxley of Ohio co-sponsored a bill.

Once passed, the law became known as Sarbanes-Oxley.

The law’s goal was to improve confidence in the truthfulness of company reporting by requiring greater transparency and controls of the data that companies report.

Real World: IT Governance Institute

The IT Governance Institute (ITGI) was formed in 1998 to assist businesses in aligning IT solutions with business strategies.

The institute conducts research on the global practices and perceptions of IT governance. The institute makes many of its best practices, case studies, and research papers available for sale or download from its website.

SLA Governance Considerations

Who within the company can access the service?

Who within the cloud provider can access the service?

What can those who can access the service do?

Is the solution multitenant?

How is the service secured?

How is the service replicated or collocated?

How can the service be tested and validated?

What is the service uptime?

SLA Governance Considerations Continued

How and when is the service maintained?

What controls can be implemented and at what stages of the service?

How are errors and exceptions logged?

How can performance be monitored?

What is the upgrading and versioning process?

What auditing support is provided?

Key Terms

References

Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS, virtualization, business models, mobile, security and more. Burlington, MA: Jones & Bartlett Learning.

Secondary:

Erl, T., Mahmood, Z., & Puttini, R. (2014). Cloud computing: concepts, technology, & architecture. Upper Saddle River, NJ: Prentice Hall.

25