SlideShare a Scribd company logo

Cloud computing usa

Download as PPT, PDF
H
harikamahandhra

The document summarizes the development of a cloud computing guide and audit handbook by WGITA from 2010-2013. It describes cloud computing models and key risks that should be managed by organizations and audited by IT auditors. These include service provider risks, technical risks, external/overseas risks, management/oversight risks, and security/connectivity/privacy risks. The handbook provides audit-related questions to help IT auditors evaluate if organizations are properly managing risks and vendors related to cloud computing. Members are asked to share any related audit questions to further update the guide.

Engineering
Related topics:
Cloud Computing Insights
1 of 23
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Cloud computing usa
2 2 2010 WGITA approved the cloud computing project with SAI USA as lead and Canada & India as members 2011 A status report was presented and comments solicited 2012 Final project description and common cloud computing risks were presented Members requested that this work be augmented with a cloud computing guide and audit handbook 2013Guide & handbook completed for CC. 2013 Will be incorporated into the overall IT Audit Guide & Handbook in cooperation with IDI
 Generally speaking, cloud computing can be thought of as anything that involves delivering hosted services over the Internet.  According to NIST Cloud computing is a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. (Special Publication 800-145) 3 3
 Cloud computing provides shared services as opposed to local servers or storage resources  Enables access to information from most web-enabled hardware  Allows for cost savings – reduced facility, hardware/software investments, support 4 4
 On-demand self-service A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.  Broad network access Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations). Source: NIST Special Publication 800-145 5 5
 Resource pooling The provider’s computing resources are pooled to serve multiple consumers Resources can be dynamically assigned and reassigned according to customer demand Customer generally may not care where the resources are physically located but should be aware of risks if they are located offshore Source: NIST Special Publication 800-145 6 6
 Rapid elasticity Capabilities can be expanded or released automatically (i.e., more cpu power, or ability to handle additional users) To the customer this appears seamless, limitless, and responsive to their changing requirements  Measured service Customers are charged for the services they use and the amounts There is a metering concept where customer resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service Source: NIST Special Publication 800-145 7 7
Infrastructure Platform Software/ Application 8 8
Infrastructure-as-a-Service (IaaS)  A service model that involves outsourcing the basic infrastructure used to support operations--including storage, hardware, servers, and networking components.  The service provider owns the infrastructure equipment and is responsible for housing, running, and maintaining it. The customer typically pays on a per-use basis.  The customer uses their own platform (Windows, Unix), and applications 9 9
Platform-as-a-Service (PaaS)  A service model that involves outsourcing the basic infrastructure and platform (Windows, Unix)  PaaS facilitates deploying applications without the cost and complexity of buying and managing the underlying hardware and software where the applications are hosted.  The customer uses their own applications 10 10
Software-as-a-Service (SaaS)  Also referred to as “software on demand,” this service model involves outsourcing the infrastructure, platform, and software/applications.  Typically, these services are available to the customer for a fee, pay-as-you-go, or a no charge model.  The customer accesses the applications over the internet. 11 11
 Data resides on servers that the customer cannot physically access  Vendors may store data anywhere at lowest cost if not restrained by agreement 12 12
13 13 The guide is about a 10 page document that describes cloud computing and areas of risk These risks should be managed by the IT organization that chooses to utilize cloud computing For IT Auditors these risks are a roadmap which you can utilize to create your audit program
14 14
What is Cloud Computing?   Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited entities still has control over the application and the data. Outsourcing may also include utilizing the vendor’s computers to store, backup, and provide online access to the organization data. The organization will need to have a robust access to the internet if they want their staff or users to have ready access to the data or even the application that process the data. In the current environment, the data or applications are also available from mobile platforms (laptops with Wi-Fi or cell/mobile cards, smart phones, and tablets). 15 15
Audit Concerns When an organization chooses to utilize cloud computing, they need to be aware of risks that they may face with the service provider, the risk they face if they are unable to effectively oversee the service provider, and other risks related to management and security weaknesses in the service providers approach. As an auditor you will need to understand what the agency has done to mitigate the risks with cloud computing. When we as auditors are asked to appraise whether an entity or organization getting the benefits of cloud computing are managing the vendor to ensure that they get the required services we need to be aware of the risks that they may face. 16 16
 Risk Areas  Service Provider Risks  Technical Risks  External (Overseas) Risks  Management/Oversight Risks  Security / Connectivity / Privacy Risks These were discussed at the last meeting along with some mitigation strategies that the IT organization could use The IT auditor would use those as a road map to frame audit questions 17 17
 The handbook provides the IT Auditor with some audit related questions that begin to explore whether the organization is managing the risks and the vendor 18 18
19 19
20 20
21 21
 As and when members conduct IT Audits that involve Cloud Computing we would like to receive your audit questions so we may update the guide  Members may contact the Chair or SAI USA for additional information 22 22
 niharika India  niharika cse Madhav Panwar panwarm@gao.gov 23 23

More Related Content

PDF
downtime_solution_sheet
Diego Portilla
 
PPT
Ahearn Cloud Presentation
johnjamesahearn
 
PDF
UMA as Authorization mechanism for IoT: a healthcare scenario
Domenico Catalano
 
PDF
Smart and Secure Healthcare Administration over Cloud Environment
IRJET Journal
 
PPTX
Cloud Computing
Madhusudan Partani
 
PDF
Cloud computing applications for e health
Hector Martin Garcia
 
PDF
Dit yvol3iss44
Rick Lemieux
 
PPTX
Cloud computing in healthcare
Mithisar Basumatary
 
downtime_solution_sheet
Diego Portilla
 
Ahearn Cloud Presentation
johnjamesahearn
 
UMA as Authorization mechanism for IoT: a healthcare scenario
Domenico Catalano
 
Smart and Secure Healthcare Administration over Cloud Environment
IRJET Journal
 
Cloud Computing
Madhusudan Partani
 
Cloud computing applications for e health
Hector Martin Garcia
 
Dit yvol3iss44
Rick Lemieux
 
Cloud computing in healthcare
Mithisar Basumatary
 

What's hot (19)

PDF
Cloud Computing in Healthcare IT
Mahindra Satyam
 
PPT
Presentation the internet of things - are organizations ready for a multi-tr...
Rick Bouter
 
PDF
HL7 Releases FHIR 4 - Highlights, Impact and More
CitiusTech
 
PDF
Redefining Business Mobility and Customer Experience
Citrix
 
PPTX
Impact of cloud computing on health industry
Suyati Technologies
 
PPT
Taking Healthcare to the Cloud
Jerry Collins
 
PPTX
Data Governance for End-User Computing
DATAVERSITY
 
PPT
Securing Apps & Data in the Cloud by Spyders & Netskope
Ahmad Abdalla
 
PDF
End-user computing is not a trend, it's a transformational shift
Uni Systems S.M.S.A.
 
PDF
Top 5 Healthcare Highlights from Apple WWDC 2019
CitiusTech
 
PDF
Cloud computing in healthcare
Mohammad Al-Ubaydli
 
PDF
IRDAI - NHA Joint Working Group: Sub Group on IT
Pankaj Gupta
 
PPTX
Cloud computing contracts
Meera Kaul
 
DOCX
MODERNIZATION OF NTUC INCOME
myteratak
 
PDF
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
IRJET Journal
 
PDF
WHITE PAPER▶ Insecurity in the Internet of Things
Symantec
 
PDF
Network barometer report 2014
Mūniū Karanja
 
PPTX
GridWorks SOS
Krystanne
 
PDF
Healthcare in the Clouds
Gail Wilcox
 
Cloud Computing in Healthcare IT
Mahindra Satyam
 
Presentation the internet of things - are organizations ready for a multi-tr...
Rick Bouter
 
HL7 Releases FHIR 4 - Highlights, Impact and More
CitiusTech
 
Redefining Business Mobility and Customer Experience
Citrix
 
Impact of cloud computing on health industry
Suyati Technologies
 
Taking Healthcare to the Cloud
Jerry Collins
 
Data Governance for End-User Computing
DATAVERSITY
 
Securing Apps & Data in the Cloud by Spyders & Netskope
Ahmad Abdalla
 
End-user computing is not a trend, it's a transformational shift
Uni Systems S.M.S.A.
 
Top 5 Healthcare Highlights from Apple WWDC 2019
CitiusTech
 
Cloud computing in healthcare
Mohammad Al-Ubaydli
 
IRDAI - NHA Joint Working Group: Sub Group on IT
Pankaj Gupta
 
Cloud computing contracts
Meera Kaul
 
MODERNIZATION OF NTUC INCOME
myteratak
 
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
IRJET Journal
 
WHITE PAPER▶ Insecurity in the Internet of Things
Symantec
 
Network barometer report 2014
Mūniū Karanja
 
GridWorks SOS
Krystanne
 
Healthcare in the Clouds
Gail Wilcox
 
Ad

Similar to Cloud computing usa (20)

PPT
Cloud-Computing_USA.ppt
SamiullahKhan794730
 
PPT
Cloud-Computing_USA.ppt
AbhishekMishra498106
 
PPT
Cloud-Computing_USA.ppt
19JemimaEstherGrace
 
PPT
Cloud-Computing_USA.ppt
ssuserf71896
 
PPTX
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
Saikiran Panjala
 
PPTX
Unit 1
Ravi Kumar
 
PPTX
ERP Implementation Services UK
Arcus Universe Ltd
 
PPT
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Lisa Abe-Oldenburg, B.Comm., JD.
 
PPT
Cloud computing..
manoj kumar
 
PPTX
A Breif On Cloud computing
Raja Raman
 
PPT
Alhadeff cloud computing cyber technology.ppt
Iftikhar70
 
PPTX
Cloud Computing - The new buzz word
Quadrisk
 
PPTX
Cloud Computing Neccesity
Arjunsinh Sindhav
 
PDF
Cloud Computing
Nadim Hossain Sonet
 
PPTX
Cloud computing overview
Dimitar Georgiev
 
PPT
Cloud Computing MODULE 1 basics of cloud computing .ppt
mithunrocky72
 
PDF
CFO Summit Series - Cloud Computing
TGO Consulting
 
PPTX
CLOUD COMPUTING.pptx
AmanJyotiPrakash
 
PPTX
Cloud computing 1
Sagar Kumar
 
PPTX
Cloud computing
Rhitik Kumar
 
Cloud-Computing_USA.ppt
SamiullahKhan794730
 
Cloud-Computing_USA.ppt
AbhishekMishra498106
 
Cloud-Computing_USA.ppt
19JemimaEstherGrace
 
Cloud-Computing_USA.ppt
ssuserf71896
 
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
Saikiran Panjala
 
Unit 1
Ravi Kumar
 
ERP Implementation Services UK
Arcus Universe Ltd
 
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Lisa Abe-Oldenburg, B.Comm., JD.
 
Cloud computing..
manoj kumar
 
A Breif On Cloud computing
Raja Raman
 
Alhadeff cloud computing cyber technology.ppt
Iftikhar70
 
Cloud Computing - The new buzz word
Quadrisk
 
Cloud Computing Neccesity
Arjunsinh Sindhav
 
Cloud Computing
Nadim Hossain Sonet
 
Cloud computing overview
Dimitar Georgiev
 
Cloud Computing MODULE 1 basics of cloud computing .ppt
mithunrocky72
 
CFO Summit Series - Cloud Computing
TGO Consulting
 
CLOUD COMPUTING.pptx
AmanJyotiPrakash
 
Cloud computing 1
Sagar Kumar
 
Cloud computing
Rhitik Kumar
 
Ad

Recently uploaded (20)

PDF
737-MAX_SRG.pdf student reference guides
ssusere2119a1
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PDF
Categorization of Factors Affecting Classification Algorithms Selection
IJDKP
 
PDF
EXPLORING LEARNING ENGAGEMENT FACTORS INFLUENCING BEHAVIORAL, COGNITIVE, AND ...
johnmathew9417
 
PDF
COURSE DESCRIPTOR OF SURVEYING R24 SYLLABUS
MNANDITHACIVILSTAFF
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PPTX
UNIT - 3 Total quality Management .pptx
gokuld13012005
 
PDF
86236642-Electric-Loco-Shed.pdf jfkduklg
ddeepakbhai790
 
PPTX
6ME3A-Unit-II-Sensors and Actuators_Handouts.pptx
anukaranugi
 
PPT
INTRODUCTION -Data Warehousing and Mining-M.Tech- VTU.ppt
Subramanyam Natarajan
 
PDF
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
PPT
A5_DistSysCh1.ppt_INTRODUCTION TO DISTRIBUTED SYSTEMS
rameshwarchintamani
 
PDF
Level 2 – IBM Data and AI Fundamentals (1)_v1.1.PDF
KSRIHARISASANKA
 
PPTX
Artificial Intelligence
dikshendrasarpate2
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PDF
SMART SIGNAL TIMING FOR URBAN INTERSECTIONS USING REAL-TIME VEHICLE DETECTI...
Niraj Aarya
 
PPTX
CURRICULAM DESIGN engineering FOR CSE 2025.pptx
Amuda3
 
PDF
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
PDF
Exploratory_Data_Analysis_Fundamentals.pdf
Ashutosh Satapathy
 
PPTX
Fundamentals of safety and accident prevention -final (1).pptx
Palani kumar
 
737-MAX_SRG.pdf student reference guides
ssusere2119a1
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
Categorization of Factors Affecting Classification Algorithms Selection
IJDKP
 
EXPLORING LEARNING ENGAGEMENT FACTORS INFLUENCING BEHAVIORAL, COGNITIVE, AND ...
johnmathew9417
 
COURSE DESCRIPTOR OF SURVEYING R24 SYLLABUS
MNANDITHACIVILSTAFF
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
UNIT - 3 Total quality Management .pptx
gokuld13012005
 
86236642-Electric-Loco-Shed.pdf jfkduklg
ddeepakbhai790
 
6ME3A-Unit-II-Sensors and Actuators_Handouts.pptx
anukaranugi
 
INTRODUCTION -Data Warehousing and Mining-M.Tech- VTU.ppt
Subramanyam Natarajan
 
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
A5_DistSysCh1.ppt_INTRODUCTION TO DISTRIBUTED SYSTEMS
rameshwarchintamani
 
Level 2 – IBM Data and AI Fundamentals (1)_v1.1.PDF
KSRIHARISASANKA
 
Artificial Intelligence
dikshendrasarpate2
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
SMART SIGNAL TIMING FOR URBAN INTERSECTIONS USING REAL-TIME VEHICLE DETECTI...
Niraj Aarya
 
CURRICULAM DESIGN engineering FOR CSE 2025.pptx
Amuda3
 
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
Exploratory_Data_Analysis_Fundamentals.pdf
Ashutosh Satapathy
 
Fundamentals of safety and accident prevention -final (1).pptx
Palani kumar
 

Cloud computing usa

  • 2. 2 2 2010 WGITA approved the cloud computing project with SAI USA as lead and Canada & India as members 2011 A status report was presented and comments solicited 2012 Final project description and common cloud computing risks were presented Members requested that this work be augmented with a cloud computing guide and audit handbook 2013Guide & handbook completed for CC. 2013 Will be incorporated into the overall IT Audit Guide & Handbook in cooperation with IDI
  • 3.  Generally speaking, cloud computing can be thought of as anything that involves delivering hosted services over the Internet.  According to NIST Cloud computing is a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. (Special Publication 800-145) 3 3
  • 4.  Cloud computing provides shared services as opposed to local servers or storage resources  Enables access to information from most web-enabled hardware  Allows for cost savings – reduced facility, hardware/software investments, support 4 4
  • 5.  On-demand self-service A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.  Broad network access Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations). Source: NIST Special Publication 800-145 5 5
  • 6.  Resource pooling The provider’s computing resources are pooled to serve multiple consumers Resources can be dynamically assigned and reassigned according to customer demand Customer generally may not care where the resources are physically located but should be aware of risks if they are located offshore Source: NIST Special Publication 800-145 6 6
  • 7.  Rapid elasticity Capabilities can be expanded or released automatically (i.e., more cpu power, or ability to handle additional users) To the customer this appears seamless, limitless, and responsive to their changing requirements  Measured service Customers are charged for the services they use and the amounts There is a metering concept where customer resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service Source: NIST Special Publication 800-145 7 7
  • 9. Infrastructure-as-a-Service (IaaS)  A service model that involves outsourcing the basic infrastructure used to support operations--including storage, hardware, servers, and networking components.  The service provider owns the infrastructure equipment and is responsible for housing, running, and maintaining it. The customer typically pays on a per-use basis.  The customer uses their own platform (Windows, Unix), and applications 9 9
  • 10. Platform-as-a-Service (PaaS)  A service model that involves outsourcing the basic infrastructure and platform (Windows, Unix)  PaaS facilitates deploying applications without the cost and complexity of buying and managing the underlying hardware and software where the applications are hosted.  The customer uses their own applications 10 10
  • 11. Software-as-a-Service (SaaS)  Also referred to as “software on demand,” this service model involves outsourcing the infrastructure, platform, and software/applications.  Typically, these services are available to the customer for a fee, pay-as-you-go, or a no charge model.  The customer accesses the applications over the internet. 11 11
  • 12.  Data resides on servers that the customer cannot physically access  Vendors may store data anywhere at lowest cost if not restrained by agreement 12 12
  • 13. 13 13 The guide is about a 10 page document that describes cloud computing and areas of risk These risks should be managed by the IT organization that chooses to utilize cloud computing For IT Auditors these risks are a roadmap which you can utilize to create your audit program
  • 14. 14 14
  • 15. What is Cloud Computing?   Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited entities still has control over the application and the data. Outsourcing may also include utilizing the vendor’s computers to store, backup, and provide online access to the organization data. The organization will need to have a robust access to the internet if they want their staff or users to have ready access to the data or even the application that process the data. In the current environment, the data or applications are also available from mobile platforms (laptops with Wi-Fi or cell/mobile cards, smart phones, and tablets). 15 15
  • 16. Audit Concerns When an organization chooses to utilize cloud computing, they need to be aware of risks that they may face with the service provider, the risk they face if they are unable to effectively oversee the service provider, and other risks related to management and security weaknesses in the service providers approach. As an auditor you will need to understand what the agency has done to mitigate the risks with cloud computing. When we as auditors are asked to appraise whether an entity or organization getting the benefits of cloud computing are managing the vendor to ensure that they get the required services we need to be aware of the risks that they may face. 16 16
  • 17.  Risk Areas  Service Provider Risks  Technical Risks  External (Overseas) Risks  Management/Oversight Risks  Security / Connectivity / Privacy Risks These were discussed at the last meeting along with some mitigation strategies that the IT organization could use The IT auditor would use those as a road map to frame audit questions 17 17
  • 18.  The handbook provides the IT Auditor with some audit related questions that begin to explore whether the organization is managing the risks and the vendor 18 18
  • 19. 19 19
  • 20. 20 20
  • 21. 21 21
  • 22.  As and when members conduct IT Audits that involve Cloud Computing we would like to receive your audit questions so we may update the guide  Members may contact the Chair or SAI USA for additional information 22 22
  • 23.  niharika India  niharika cse Madhav Panwar panwarm@gao.gov 23 23