Homework 6
ghv1293
CloudServicesManagement.pptxHarrisburg University ISEM 547
Cloud Services Management
Objectives
Cloud Computing Overview
Cloud Computing Characteristics
Cloud Computing Models
Cloud Computing Deployment Models
Demarks of Ownership
Cloud Computing Opportunities
Cloud Computing Controls & Accountability
Outsourcing Considerations with Cloud Computing
2
Cloud Computing Models
Definitions, Structures, and Pros & Cons
3
What is Cloud Computing?
Cloud computing, also on-demand computing, is a kind of Internet-based computing that provides shared processing resources and data to computers and other devices on demand.
The cloud computing model is composed of five essential characteristics, three service models, and four deployment models
4
Cloud Computing Models Characteristics
The cloud computing model essential characteristics
On-demand self-service
Broad Network Access
Resource Pooling
Rapid Elasticity
Measured Service
5
Cloud Computing Models
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
6
Cloud Computing Deployment Models
Private Cloud
Community Cloud
Public Cloud
Hybrid
7
Cloud Computing Models - Ownership
8
Cloud Computing Models - Opportunities
Staff Specialization
Platform Strength
Resource Availability
Backup & Recovery
Mobile Endpoints
Data Concentration
9
Cloud Computing Models - Accountability
Loss of Control
Service Agreements
Security & Privacy
Governance
Compliance
Laws & Regulations
Data Location
10
Cloud Computing Models - Accountability
Electronic Discovery
Trust
Data Ownership
Composite Service
Visibility
Ancillary Data
Risk Management
11
Cloud Computing Models - Accountability
Architecture
Virtual Machine Environments
Virtual Network Protection
Client Side Protection
Identity & Access Management
Data Protection & Availability
Data Sanitization
12
Cloud Computing Models - Accountability
Availability - Outages
Incident Response
Incident Analysis & Resolution
13
Cloud Computing Models – Preliminary Activities
Preliminary Activities when considering the use of cloud services
Specify Requirements
Exit Strategy
Compliance
Service Agreement
Security & Privacy Risk Assessments
Underlying Technology
14
Cloud Computing Models – Preliminary Activities
Cloud Provider Viability & Competency
Experience and technical expertise of personnel
The vetting process personnel undergo
Quality and frequency of security and privacy awareness training provided to personnel
Account management practices and accountability
The type and effectiveness of the security services provided and underlying mechanisms used
The adoption rate of new technologies
Change management procedures and processes
The cloud provider’s track record
The ability of the cloud provider to meet the organization’s security and privacy policy, procedures, and regulatory compliance needs
Position and financial strength in the industry
15
Cloud Computing Models – Preliminary Activities
Cloud Provider Contractual Obligations
A detailed description of the service environment, including facility locations and applicable security requirements
Policies, procedures, and standards, including vetting and management of staff
Predefined service levels and associated costs
The process for assessing the cloud provider’s compliance with the service level agreement, including independent audits and testing
Specific remedies for harm caused or noncompliance by the cloud provider
The period of performance and due dates for any deliverable
The cloud provider’s points of interface with the organization
The organization’s responsibilities for providing relevant information and resources to the cloud provider
Procedures, protections, and restrictions for collocating or commingling organizational data and for handling sensitive data
The cloud provider’s obligations upon contract termination, such as the return and expunging of organizational data
16
Cloud Computing Models – Preliminary Activities
Additional areas where the terms of the service agreement should have extreme clarity to avoid potential problems.
Ownership rights over data
Locus of organizational data within the cloud environment
Security and privacy performance visibility
Service availability and contingency options
Data backup and recovery
Incident response coordination and information sharing
Disaster recovery.
17
Cloud Computing Models – Preliminary Activities
An effective operational continuous monitoring program as one that includes:
Configuration management and control processes for information systems;
Security impact analyses on proposed or actual changes to information systems and environments of operation;
Assessment of selected security controls (including system-specific, hybrid, and common controls) based on the defined continuous monitoring strategy;
Security status reporting to appropriate officials; and
Active involvement by authorizing officials in the ongoing management of information system-related security risks.
18
Readings & Assignments
Chapters 5, 6, 8, 10 (IT Managers Handbook)
19
