SlideShare uma empresa Scribd logo

To Cloud or Not To Cloud

Transferir como PPTX, PDF
Michael Yung
Michael Yung

It's easy to say "No" to cloud computing, but then again, "Why not ?" That's the slide deck presented in the ISACA China Hong Kong Chapter AsiaCACS 2015.

Tecnologia
1 de 32
To Cloud or Not To Cloud ? Michael Yung Immediate Past President - ISACA HK / CSA HKM
Why ?
Why Not ?
Myth # 1 - Cloud is Too New
Not Quite Coined by Compaq Executive George Favaloro back in 1996
Myth # 2 - Cloud is Just a Fad
Not Quite We are talking about US$ 100B Public Cloud spending in 2015 (Forrester Research)
Myth # 3 - Cloud is Costly
Cloud Services Characteristics  On-demand self-services  Resource Pooling  Rapid elasticity  Measured services Source : AWS
Capacity – Traditional Ways Source : AWS
Capacity – Wastages and Dissatisfactions Source : AWS
Elastic Capacity – The Cloud Ways Source : AWS
Myth # 4 - Cloud is Not Secure
Insecure ? Truth is that data and systems residing in public or private clouds are as secure as you make them Typically, cloud-based systems can be more secure than existing internal systems if you do the upfront work required
Barriers • Perceived Loss of control • Lack of clarity around responsibilities, liabilities and accountability • Lack of transparency / clarity in SLA / interoperability / awareness and expertise
Cloud … is not New is not a Fad is more Cost Effective is Secure *
To Jump or Not to Jump ?
Next Step ? Proper Risk Assessment
Risks and Security Concerns Vendor Lock In Poor SLA 3rd Party access to Data Poor DR Plan  Few tools, procedures or standard formats available for data and service portability  Service level affects confidentiality and availability  The needs to protect the intellectual property, trade secrets, personal data; complied to regulations / laws in different geographical regions  Business continuity and disaster recovery plans must be well documented and tested Service and contractual risks
Risks and Security Concerns Integration / Bandwidth Encryption and Identity Mgnt Testing and Monitoring Resource Allocation  How to integrate the in-house systems to the Cloud ?  High speed bandwidth ready ?  Speedy encryption / decryption – in transit, at rest, destruction;  Identity management  Provider may not allow you to do thorough PEN test, audit;  Are there good monitoring tools available ?  Overbooking, underbooking;  Handling of DOS attack; Payment cap Technology risks
Questions To Ask …  When and where to use the cloud – the business case  SLO (and then SLA)  Availability, reliability, accessibility, performance and security  Along with what best practices  People, processes, change management etc.  Along with what technologies, services, vendors  Servers, storage, network, software etc.
Bear In Mind …  Even though you are outsourcing some of your infrastructure to the cloud  You are not outsourcing to vendor, the …  Risk,  Accountability and  Compliance obligations  Find the right Cloud Services Provider – qualified, Security Standards compliance
ISO 27001, 27002, 27017, 27018, 29100 SSAE 16, HIPAA, FedRAMP, FISMA. PCI-DSS Are Security Standards the answer ?
Standards Development / Setting Organizations (SDO / SSO)  DMTF = Distributed Management Task Force  ENISA = European Network and Information Security Agency  ETSI = European Telecommunications Standards Institute  IEC = International Electrotechnical Commission  IEEE = Institute of Electrical and Electronics Engineers  INCITS = International Committee for Information Technology Standards  ISO = International Organization for Standardization  ITU-T = International Telecommunication Union – Telecom  NIST = National Institute for Standards and Technology  OASIS = Organization for the Advancement of Structured Information Standards  SNIA = Storage Networking Industry Association  TCG = Trusted Computing Group Alphabet Soup
SDO / SSO Relationships Alphabet and Spaghetti Soup
Any Pointers ?
Do Our Homework … Self Assessment
Get Help from Professionals  Companies and individuals with certifications  An objective measurement of a professional’s knowledge and skills in Security, Governance and Cloud technology  Committing the effort and resources to obtain certification indicates seriousness of prospective companies and individuals
Take Away Messages Credit : Ching Yiu
Take Away Messages  Cloud is real and here to stay  Take ownership and responsibility  Review your current set up and the Cloud Services Provider with guidelines  Focus in the SLO and SLA  Ask for expert help from services providers, and professional organizations
To Cloud or Not To Cloud ? mail@michaelyung.com
Thank You !!

Recomendados

Collaborative defence strategies for network security
Collaborative defence strategies for network securityCollaborative defence strategies for network security
Collaborative defence strategies for network securitysonukumar142
 
Cyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyCyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyFiroze Hussain
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...TheAnfieldGroup
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?NTEN
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC Advisory Group
 
Domains of network security
Domains of network securityDomains of network security
Domains of network securityKeithThai1
 
Source 44 sc congress canada 2011-06
Source 44 sc congress canada 2011-06Source 44 sc congress canada 2011-06
Source 44 sc congress canada 2011-06Source 44 Consulting
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 

Recomendados

Collaborative defence strategies for network security
Collaborative defence strategies for network securityCollaborative defence strategies for network security
Collaborative defence strategies for network securitysonukumar142
 
Cyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyCyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyFiroze Hussain
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...TheAnfieldGroup
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?NTEN
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC Advisory Group
 
Domains of network security
Domains of network securityDomains of network security
Domains of network securityKeithThai1
 
Source 44 sc congress canada 2011-06
Source 44 sc congress canada 2011-06Source 44 sc congress canada 2011-06
Source 44 sc congress canada 2011-06Source 44 Consulting
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021Doug Newdick
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
Challenges2013
Challenges2013Challenges2013
Challenges2013Lancope, Inc.
 
Austin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationAustin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationExpressworks International
 
Smart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit RevereSmart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit Reverehhanebeck
 
Selex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security ForumSelex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security ForumLeonardo
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeSounil Yu
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
 
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFETECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFEJames Wier
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trustscoopnewsgroup
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
PACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud ConceptsPACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud ConceptsPace IT at Edmonds Community College
 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of ThingsTripwire
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaEdureka!
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
Business Productivity and Automated Security Controls
Business Productivity and Automated Security ControlsBusiness Productivity and Automated Security Controls
Business Productivity and Automated Security ControlsHeather Axworthy
 
A Day in the Life of Digital Professional
A Day in the Life of Digital ProfessionalA Day in the Life of Digital Professional
A Day in the Life of Digital ProfessionalMichael Yung
 
iOSWatch : New Updates !
iOSWatch : New Updates !iOSWatch : New Updates !
iOSWatch : New Updates !ChromeInfo Technologies
 

Mais conteúdo relacionado

Mais procurados

PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021Doug Newdick
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
Smart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit RevereSmart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit Reverehhanebeck
 
Selex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security ForumSelex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security ForumLeonardo
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeSounil Yu
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
 
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFETECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFEJames Wier
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trustscoopnewsgroup
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of ThingsTripwire
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaEdureka!
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
Business Productivity and Automated Security Controls
Business Productivity and Automated Security ControlsBusiness Productivity and Automated Security Controls
Business Productivity and Automated Security ControlsHeather Axworthy
 

Mais procurados (20)

PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
Austin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationAustin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber Presentation
 
Smart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit RevereSmart Grid Cyber Security Summit Revere
Smart Grid Cyber Security Summit Revere
 
Selex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security ForumSelex Es main conference brief for Kingdom Cyber Security Forum
Selex Es main conference brief for Kingdom Cyber Security Forum
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
 
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFETECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
TECHNOLOGY 101 AND THE PRACTICE OF LAW: KEEPING YOUR FIRM SAFE
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trust
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
PACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud ConceptsPACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud Concepts
 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of Things
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation Slides
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
 
Business Productivity and Automated Security Controls
Business Productivity and Automated Security ControlsBusiness Productivity and Automated Security Controls
Business Productivity and Automated Security Controls
 

Destaque

A Day in the Life of Digital Professional
A Day in the Life of Digital ProfessionalA Day in the Life of Digital Professional
A Day in the Life of Digital ProfessionalMichael Yung
 
Vimeo's Alex Dao on How Community and Product Can Work Together
Vimeo's Alex Dao on How Community and Product Can Work TogetherVimeo's Alex Dao on How Community and Product Can Work Together
Vimeo's Alex Dao on How Community and Product Can Work TogetherCMX
 
David Spinks: Community and the Future of Business Organizations
David Spinks: Community and the Future of Business OrganizationsDavid Spinks: Community and the Future of Business Organizations
David Spinks: Community and the Future of Business OrganizationsCMX
 
ThoughtWorks Technology Radar Roadshow - Melbourne
ThoughtWorks Technology Radar Roadshow - MelbourneThoughtWorks Technology Radar Roadshow - Melbourne
ThoughtWorks Technology Radar Roadshow - MelbourneThoughtworks
 
Incorporating Technology - Report
Incorporating Technology - ReportIncorporating Technology - Report
Incorporating Technology - ReportJuan Escallon
 

Destaque (6)

A Day in the Life of Digital Professional
A Day in the Life of Digital ProfessionalA Day in the Life of Digital Professional
A Day in the Life of Digital Professional
 
iOSWatch : New Updates !
iOSWatch : New Updates !iOSWatch : New Updates !
iOSWatch : New Updates !
 
Vimeo's Alex Dao on How Community and Product Can Work Together
Vimeo's Alex Dao on How Community and Product Can Work TogetherVimeo's Alex Dao on How Community and Product Can Work Together
Vimeo's Alex Dao on How Community and Product Can Work Together
 
David Spinks: Community and the Future of Business Organizations
David Spinks: Community and the Future of Business OrganizationsDavid Spinks: Community and the Future of Business Organizations
David Spinks: Community and the Future of Business Organizations
 
ThoughtWorks Technology Radar Roadshow - Melbourne
ThoughtWorks Technology Radar Roadshow - MelbourneThoughtWorks Technology Radar Roadshow - Melbourne
ThoughtWorks Technology Radar Roadshow - Melbourne
 
Incorporating Technology - Report
Incorporating Technology - ReportIncorporating Technology - Report
Incorporating Technology - Report
 

Semelhante a To Cloud or Not To Cloud

Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensenjaredcarst
 
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]Tudor Damian
 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - IdealwareIdealware
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Michael Ofarrell
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Tudor Damian
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud ComputingJoseph Williams
 
Public cloud and the state of security
Public cloud and the state of securityPublic cloud and the state of security
Public cloud and the state of securityOlivier Schmitt
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01promediakw
 
2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - AgcaoiliPhil Agcaoili
 
Cloud Security Summit - InfoSec World 2014
Cloud Security Summit - InfoSec World 2014Cloud Security Summit - InfoSec World 2014
Cloud Security Summit - InfoSec World 2014Bill Burns
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...Andris Soroka
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloudtcarrucan
 
Cloud Clinique Enterprise IT Certification Program - Module Matrix
Cloud Clinique Enterprise IT Certification Program - Module MatrixCloud Clinique Enterprise IT Certification Program - Module Matrix
Cloud Clinique Enterprise IT Certification Program - Module MatrixAdrian Hall
 
(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedingsSTO STRATEGY
 

Semelhante a To Cloud or Not To Cloud (20)

Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Unc charlotte prezo2016
Unc charlotte prezo2016Unc charlotte prezo2016
Unc charlotte prezo2016
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensen
 
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - Idealware
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11
 
Governing in the Cloud
Governing in the CloudGoverning in the Cloud
Governing in the Cloud
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud Computing
 
Public cloud and the state of security
Public cloud and the state of securityPublic cloud and the state of security
Public cloud and the state of security
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili
 
Cloud Security Summit - InfoSec World 2014
Cloud Security Summit - InfoSec World 2014Cloud Security Summit - InfoSec World 2014
Cloud Security Summit - InfoSec World 2014
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...
2015 - The Cloud for Managers @ Riga Business School - DSS - Cloud risks and ...
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloud
 
Cloud Clinique Enterprise IT Certification Program - Module Matrix
Cloud Clinique Enterprise IT Certification Program - Module MatrixCloud Clinique Enterprise IT Certification Program - Module Matrix
Cloud Clinique Enterprise IT Certification Program - Module Matrix
 
(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings
 

Último

SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 

Último (20)

SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 

To Cloud or Not To Cloud

  • 1. To Cloud or Not To Cloud ? Michael Yung Immediate Past President - ISACA HK / CSA HKM
  • 4. Myth # 1 - Cloud is Too New
  • 5. Not Quite Coined by Compaq Executive George Favaloro back in 1996
  • 6. Myth # 2 - Cloud is Just a Fad
  • 7. Not Quite We are talking about US$ 100B Public Cloud spending in 2015 (Forrester Research)
  • 8. Myth # 3 - Cloud is Costly
  • 9. Cloud Services Characteristics  On-demand self-services  Resource Pooling  Rapid elasticity  Measured services Source : AWS
  • 10. Capacity – Traditional Ways Source : AWS
  • 11. Capacity – Wastages and Dissatisfactions Source : AWS
  • 12. Elastic Capacity – The Cloud Ways Source : AWS
  • 13. Myth # 4 - Cloud is Not Secure
  • 14. Insecure ? Truth is that data and systems residing in public or private clouds are as secure as you make them Typically, cloud-based systems can be more secure than existing internal systems if you do the upfront work required
  • 15. Barriers • Perceived Loss of control • Lack of clarity around responsibilities, liabilities and accountability • Lack of transparency / clarity in SLA / interoperability / awareness and expertise
  • 16. Cloud … is not New is not a Fad is more Cost Effective is Secure *
  • 17. To Jump or Not to Jump ?
  • 18. Next Step ? Proper Risk Assessment
  • 19. Risks and Security Concerns Vendor Lock In Poor SLA 3rd Party access to Data Poor DR Plan  Few tools, procedures or standard formats available for data and service portability  Service level affects confidentiality and availability  The needs to protect the intellectual property, trade secrets, personal data; complied to regulations / laws in different geographical regions  Business continuity and disaster recovery plans must be well documented and tested Service and contractual risks
  • 20. Risks and Security Concerns Integration / Bandwidth Encryption and Identity Mgnt Testing and Monitoring Resource Allocation  How to integrate the in-house systems to the Cloud ?  High speed bandwidth ready ?  Speedy encryption / decryption – in transit, at rest, destruction;  Identity management  Provider may not allow you to do thorough PEN test, audit;  Are there good monitoring tools available ?  Overbooking, underbooking;  Handling of DOS attack; Payment cap Technology risks
  • 21. Questions To Ask …  When and where to use the cloud – the business case  SLO (and then SLA)  Availability, reliability, accessibility, performance and security  Along with what best practices  People, processes, change management etc.  Along with what technologies, services, vendors  Servers, storage, network, software etc.
  • 22. Bear In Mind …  Even though you are outsourcing some of your infrastructure to the cloud  You are not outsourcing to vendor, the …  Risk,  Accountability and  Compliance obligations  Find the right Cloud Services Provider – qualified, Security Standards compliance
  • 23. ISO 27001, 27002, 27017, 27018, 29100 SSAE 16, HIPAA, FedRAMP, FISMA. PCI-DSS Are Security Standards the answer ?
  • 24. Standards Development / Setting Organizations (SDO / SSO)  DMTF = Distributed Management Task Force  ENISA = European Network and Information Security Agency  ETSI = European Telecommunications Standards Institute  IEC = International Electrotechnical Commission  IEEE = Institute of Electrical and Electronics Engineers  INCITS = International Committee for Information Technology Standards  ISO = International Organization for Standardization  ITU-T = International Telecommunication Union – Telecom  NIST = National Institute for Standards and Technology  OASIS = Organization for the Advancement of Structured Information Standards  SNIA = Storage Networking Industry Association  TCG = Trusted Computing Group Alphabet Soup
  • 25. SDO / SSO Relationships Alphabet and Spaghetti Soup
  • 27. Do Our Homework … Self Assessment
  • 28. Get Help from Professionals  Companies and individuals with certifications  An objective measurement of a professional’s knowledge and skills in Security, Governance and Cloud technology  Committing the effort and resources to obtain certification indicates seriousness of prospective companies and individuals
  • 30. Take Away Messages  Cloud is real and here to stay  Take ownership and responsibility  Review your current set up and the Cloud Services Provider with guidelines  Focus in the SLO and SLA  Ask for expert help from services providers, and professional organizations
  • 31. To Cloud or Not To Cloud ? mail@michaelyung.com