SlideShare una empresa de Scribd logo

To Cloud or Not To Cloud

Descargar como PPTX, PDF
Michael Yung
Michael Yung

It's easy to say "No" to cloud computing, but then again, "Why not ?" That's the slide deck presented in the ISACA China Hong Kong Chapter AsiaCACS 2015.

Tecnología
1 de 32
To Cloud or Not To Cloud ? Michael Yung Immediate Past President - ISACA HK / CSA HKM
Why ?
Why Not ?
Myth # 1 - Cloud is Too New
Not Quite Coined by Compaq Executive George Favaloro back in 1996
Myth # 2 - Cloud is Just a Fad
Not Quite We are talking about US$ 100B Public Cloud spending in 2015 (Forrester Research)
Myth # 3 - Cloud is Costly
Cloud Services Characteristics  On-demand self-services  Resource Pooling  Rapid elasticity  Measured services Source : AWS
Capacity – Traditional Ways Source : AWS
Capacity – Wastages and Dissatisfactions Source : AWS
Elastic Capacity – The Cloud Ways Source : AWS
Myth # 4 - Cloud is Not Secure
Insecure ? Truth is that data and systems residing in public or private clouds are as secure as you make them Typically, cloud-based systems can be more secure than existing internal systems if you do the upfront work required
Barriers • Perceived Loss of control • Lack of clarity around responsibilities, liabilities and accountability • Lack of transparency / clarity in SLA / interoperability / awareness and expertise
Cloud … is not New is not a Fad is more Cost Effective is Secure *
To Jump or Not to Jump ?
Next Step ? Proper Risk Assessment
Risks and Security Concerns Vendor Lock In Poor SLA 3rd Party access to Data Poor DR Plan  Few tools, procedures or standard formats available for data and service portability  Service level affects confidentiality and availability  The needs to protect the intellectual property, trade secrets, personal data; complied to regulations / laws in different geographical regions  Business continuity and disaster recovery plans must be well documented and tested Service and contractual risks
Risks and Security Concerns Integration / Bandwidth Encryption and Identity Mgnt Testing and Monitoring Resource Allocation  How to integrate the in-house systems to the Cloud ?  High speed bandwidth ready ?  Speedy encryption / decryption – in transit, at rest, destruction;  Identity management  Provider may not allow you to do thorough PEN test, audit;  Are there good monitoring tools available ?  Overbooking, underbooking;  Handling of DOS attack; Payment cap Technology risks
Questions To Ask …  When and where to use the cloud – the business case  SLO (and then SLA)  Availability, reliability, accessibility, performance and security  Along with what best practices  People, processes, change management etc.  Along with what technologies, services, vendors  Servers, storage, network, software etc.
Bear In Mind …  Even though you are outsourcing some of your infrastructure to the cloud  You are not outsourcing to vendor, the …  Risk,  Accountability and  Compliance obligations  Find the right Cloud Services Provider – qualified, Security Standards compliance
ISO 27001, 27002, 27017, 27018, 29100 SSAE 16, HIPAA, FedRAMP, FISMA. PCI-DSS Are Security Standards the answer ?
Standards Development / Setting Organizations (SDO / SSO)  DMTF = Distributed Management Task Force  ENISA = European Network and Information Security Agency  ETSI = European Telecommunications Standards Institute  IEC = International Electrotechnical Commission  IEEE = Institute of Electrical and Electronics Engineers  INCITS = International Committee for Information Technology Standards  ISO = International Organization for Standardization  ITU-T = International Telecommunication Union – Telecom  NIST = National Institute for Standards and Technology  OASIS = Organization for the Advancement of Structured Information Standards  SNIA = Storage Networking Industry Association  TCG = Trusted Computing Group Alphabet Soup
SDO / SSO Relationships Alphabet and Spaghetti Soup
Any Pointers ?
Do Our Homework … Self Assessment
Get Help from Professionals  Companies and individuals with certifications  An objective measurement of a professional’s knowledge and skills in Security, Governance and Cloud technology  Committing the effort and resources to obtain certification indicates seriousness of prospective companies and individuals
Take Away Messages Credit : Ching Yiu
Take Away Messages  Cloud is real and here to stay  Take ownership and responsibility  Review your current set up and the Cloud Services Provider with guidelines  Focus in the SLO and SLA  Ask for expert help from services providers, and professional organizations
To Cloud or Not To Cloud ? mail@michaelyung.com
Thank You !!

Recomendados

Collaborative defence strategies for network security
Collaborative defence strategies for network securityCollaborative defence strategies for network security
Collaborative defence strategies for network security
sonukumar142
 
Cyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyCyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th July
Firoze Hussain
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
TheAnfieldGroup
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
NTEN
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC Advisory Group
 
Domains of network security
Domains of network securityDomains of network security
Domains of network security
KeithThai1
 
Source 44 sc congress canada 2011-06
Source 44 sc congress canada 2011-06Source 44 sc congress canada 2011-06
Source 44 sc congress canada 2011-06
Source 44 Consulting
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
Tripwire
 

Recomendados

Collaborative defence strategies for network security
Collaborative defence strategies for network securityCollaborative defence strategies for network security
Collaborative defence strategies for network security
sonukumar142
 
Cyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyCyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th July
Firoze Hussain
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
TheAnfieldGroup
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
NTEN
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC Advisory Group
 
Domains of network security
Domains of network securityDomains of network security
Domains of network security
KeithThai1
 
Source 44 sc congress canada 2011-06
Source 44 sc congress canada 2011-06Source 44 sc congress canada 2011-06
Source 44 sc congress canada 2011-06
Source 44 Consulting
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
Tripwire
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021
Doug Newdick
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
Wolfgang Kandek
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
Lancope, Inc.
 
Austin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationAustin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber Presentation
Expressworks International
 
Smart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit RevereSmart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit Revere
hhanebeck
 
Selex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security ForumSelex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security Forum
Leonardo
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
Sounil Yu
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Tripwire
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Elasticsearch
 
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFETECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
James Wier
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trust
scoopnewsgroup
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
NetIQ
 
PACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud ConceptsPACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud Concepts
Pace IT at Edmonds Community College
 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of Things
Tripwire
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
TheAnfieldGroup
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Edureka!
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation Slides
SlideTeam
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
centralohioissa
 
Business Productivity and Automated Security Controls
Business Productivity and Automated Security ControlsBusiness Productivity and Automated Security Controls
Business Productivity and Automated Security Controls
Heather Axworthy
 
A Day in the Life of Digital Professional
A Day in the Life of Digital ProfessionalA Day in the Life of Digital Professional
A Day in the Life of Digital Professional
Michael Yung
 
iOSWatch : New Updates !
iOSWatch : New Updates !iOSWatch : New Updates !
iOSWatch : New Updates !
ChromeInfo Technologies
 

Más contenido relacionado

La actualidad más candente

Challenges2013
Challenges2013Challenges2013
Challenges2013
Lancope, Inc.
 
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFETECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
James Wier
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
TheAnfieldGroup
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation Slides
SlideTeam
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
centralohioissa
 
Business Productivity and Automated Security Controls
Business Productivity and Automated Security ControlsBusiness Productivity and Automated Security Controls
Business Productivity and Automated Security Controls
Heather Axworthy
 

La actualidad más candente (20)

PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
Austin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationAustin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber Presentation
 
Smart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit RevereSmart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit Revere
 
Selex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security ForumSelex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security Forum
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
 
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFETECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trust
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
PACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud ConceptsPACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud Concepts
 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of Things
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation Slides
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
 
Business Productivity and Automated Security Controls
Business Productivity and Automated Security ControlsBusiness Productivity and Automated Security Controls
Business Productivity and Automated Security Controls
 

Destacado

Destacado (6)

A Day in the Life of Digital Professional
A Day in the Life of Digital ProfessionalA Day in the Life of Digital Professional
A Day in the Life of Digital Professional
 
iOSWatch : New Updates !
iOSWatch : New Updates !iOSWatch : New Updates !
iOSWatch : New Updates !
 
Vimeo's Alex Dao on How Community and Product Can Work Together
Vimeo's Alex Dao on How Community and Product Can Work TogetherVimeo's Alex Dao on How Community and Product Can Work Together
Vimeo's Alex Dao on How Community and Product Can Work Together
 
David Spinks: Community and the Future of Business Organizations
David Spinks: Community and the Future of Business OrganizationsDavid Spinks: Community and the Future of Business Organizations
David Spinks: Community and the Future of Business Organizations
 
ThoughtWorks Technology Radar Roadshow - Melbourne
ThoughtWorks Technology Radar Roadshow - MelbourneThoughtWorks Technology Radar Roadshow - Melbourne
ThoughtWorks Technology Radar Roadshow - Melbourne
 
Incorporating Technology - Report
Incorporating Technology - ReportIncorporating Technology - Report
Incorporating Technology - Report
 

Similar a To Cloud or Not To Cloud

Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Tudor Damian
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
Tudor Damian
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
promediakw
 
2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili
Phil Agcaoili
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Kresimir Popovic
 
(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings
STO STRATEGY
 

Similar a To Cloud or Not To Cloud (20)

Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Unc charlotte prezo2016
Unc charlotte prezo2016Unc charlotte prezo2016
Unc charlotte prezo2016
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensen
 
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - Idealware
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11
 
Governing in the Cloud
Governing in the CloudGoverning in the Cloud
Governing in the Cloud
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud Computing
 
Public cloud and the state of security
Public cloud and the state of securityPublic cloud and the state of security
Public cloud and the state of security
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili
 
Cloud Security Summit - InfoSec World 2014
Cloud Security Summit - InfoSec World 2014Cloud Security Summit - InfoSec World 2014
Cloud Security Summit - InfoSec World 2014
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloud
 
Cloud Clinique Enterprise IT Certification Program - Module Matrix
Cloud Clinique Enterprise IT Certification Program - Module MatrixCloud Clinique Enterprise IT Certification Program - Module Matrix
Cloud Clinique Enterprise IT Certification Program - Module Matrix
 
(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings
 

Último

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

To Cloud or Not To Cloud

  • 1. To Cloud or Not To Cloud ? Michael Yung Immediate Past President - ISACA HK / CSA HKM
  • 4. Myth # 1 - Cloud is Too New
  • 5. Not Quite Coined by Compaq Executive George Favaloro back in 1996
  • 6. Myth # 2 - Cloud is Just a Fad
  • 7. Not Quite We are talking about US$ 100B Public Cloud spending in 2015 (Forrester Research)
  • 8. Myth # 3 - Cloud is Costly
  • 9. Cloud Services Characteristics  On-demand self-services  Resource Pooling  Rapid elasticity  Measured services Source : AWS
  • 10. Capacity – Traditional Ways Source : AWS
  • 11. Capacity – Wastages and Dissatisfactions Source : AWS
  • 12. Elastic Capacity – The Cloud Ways Source : AWS
  • 13. Myth # 4 - Cloud is Not Secure
  • 14. Insecure ? Truth is that data and systems residing in public or private clouds are as secure as you make them Typically, cloud-based systems can be more secure than existing internal systems if you do the upfront work required
  • 15. Barriers • Perceived Loss of control • Lack of clarity around responsibilities, liabilities and accountability • Lack of transparency / clarity in SLA / interoperability / awareness and expertise
  • 16. Cloud … is not New is not a Fad is more Cost Effective is Secure *
  • 17. To Jump or Not to Jump ?
  • 18. Next Step ? Proper Risk Assessment
  • 19. Risks and Security Concerns Vendor Lock In Poor SLA 3rd Party access to Data Poor DR Plan  Few tools, procedures or standard formats available for data and service portability  Service level affects confidentiality and availability  The needs to protect the intellectual property, trade secrets, personal data; complied to regulations / laws in different geographical regions  Business continuity and disaster recovery plans must be well documented and tested Service and contractual risks
  • 20. Risks and Security Concerns Integration / Bandwidth Encryption and Identity Mgnt Testing and Monitoring Resource Allocation  How to integrate the in-house systems to the Cloud ?  High speed bandwidth ready ?  Speedy encryption / decryption – in transit, at rest, destruction;  Identity management  Provider may not allow you to do thorough PEN test, audit;  Are there good monitoring tools available ?  Overbooking, underbooking;  Handling of DOS attack; Payment cap Technology risks
  • 21. Questions To Ask …  When and where to use the cloud – the business case  SLO (and then SLA)  Availability, reliability, accessibility, performance and security  Along with what best practices  People, processes, change management etc.  Along with what technologies, services, vendors  Servers, storage, network, software etc.
  • 22. Bear In Mind …  Even though you are outsourcing some of your infrastructure to the cloud  You are not outsourcing to vendor, the …  Risk,  Accountability and  Compliance obligations  Find the right Cloud Services Provider – qualified, Security Standards compliance
  • 23. ISO 27001, 27002, 27017, 27018, 29100 SSAE 16, HIPAA, FedRAMP, FISMA. PCI-DSS Are Security Standards the answer ?
  • 24. Standards Development / Setting Organizations (SDO / SSO)  DMTF = Distributed Management Task Force  ENISA = European Network and Information Security Agency  ETSI = European Telecommunications Standards Institute  IEC = International Electrotechnical Commission  IEEE = Institute of Electrical and Electronics Engineers  INCITS = International Committee for Information Technology Standards  ISO = International Organization for Standardization  ITU-T = International Telecommunication Union – Telecom  NIST = National Institute for Standards and Technology  OASIS = Organization for the Advancement of Structured Information Standards  SNIA = Storage Networking Industry Association  TCG = Trusted Computing Group Alphabet Soup
  • 25. SDO / SSO Relationships Alphabet and Spaghetti Soup
  • 27. Do Our Homework … Self Assessment
  • 28. Get Help from Professionals  Companies and individuals with certifications  An objective measurement of a professional’s knowledge and skills in Security, Governance and Cloud technology  Committing the effort and resources to obtain certification indicates seriousness of prospective companies and individuals
  • 30. Take Away Messages  Cloud is real and here to stay  Take ownership and responsibility  Review your current set up and the Cloud Services Provider with guidelines  Focus in the SLO and SLA  Ask for expert help from services providers, and professional organizations
  • 31. To Cloud or Not To Cloud ? mail@michaelyung.com