SlideShare a Scribd company logo

eChallenges_e2011_JS

Download as PPT, PDF
Jonathan Sinclair, profile picture
Jonathan Sinclair

This document summarizes a presentation on auditing issues for cloud-based business services. The presentation covers fundamentals of cloud computing, compliance and auditing. It discusses challenges around cloud compliance related to data locality, multi-tenancy and data retention. The presentation aims to ensure security of consumer data, maintain compliance with privacy laws and prevent unauthorized access or transfer of customer data from cloud services.

1 of 9
Download to read offline
1
2
3
4
5
6
7
8
9
Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Auditing Issues for Cloud-based Business Services Jonathan Sinclair SAP Research Belfast UK
Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Agenda • Fundamentals of Cloud, Compliance and Auditing • Cloud Compliance Challenges • Use Case: Future Healthcare and CRM • Compliance Auditing • Conclusions
Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Fundamentals Compliance Compliance is defined as being in accordance with relevant governmental orindustrial laws, regulationsand standards through governance processes. Business Web A business model and technical framework that represents a marketplace allowing providers and consumers to negotiate the usage of products. Clouds are a large pool of easily usable and accessible virtualized resources that can be dynamically reconfigured to adjust to a variable load. Cloud Computing Auditing The process of collecting and evaluating evidence to determine whether a computer system (information system) safeguards assets, maintains data integrity, achieves organizational goals effectively and consumes resources efficiently.
Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Motivation, Problem Area “An undefined problem has an infinite number of solutions” Robert A. Humphrey Customer Data Legislation Government Auditor Compliance CheckCompliance Report Regulation Regulator creates creates Businesses have to comply with store and are responsible for use IT to improve operations IT Department have to comply with Governance Compliance Customer Data Legislation Government Auditor Compliance CheckCompliance Report Regulation Regulator creates creates Businesses have to comply with store and are responsible for use IT to improve operations IT Department have to comply with Governance Compliance
Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Research Objectives • The locality of data is of key importance to adhere to legislation – Cross-jurisdictional conflictions – Performance and Availability – Disaster Recovery and Backup • Multi-tenancy and data accessibility – Company Multi-tenancy – Systems Multi-tenancy • Data Retention – Retaining data in the Cloud – Retaining data from the Cloud “The greatest challenge to any thinker is stating the problem in a way that will allow a solution.” Bertrand Russell
Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research CloudCloud AuditorAuditor Research Approach, Methodology “Most human beings have an almost infinite capacity for taking things for granted” Aldous Huxley
Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Major Outcomes/Results “A complex system that works is invariably found to have evolved from a simple system that works” John Gaule
Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Conclusion and Outlook • Ensure the security of consumer’s data • Maintain compliance with data security / privacy laws • Assure that service providers, integrators or composers cannot • access data within a consumer’s service • transfer data from a consumer’s service “A conclusion is the place where you got tired of thinking” Harold Fricklestein
Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Thank You! Jonathan Sinclair Research Associate SAP Research Belfast SAP [UK] Ltd The Concourse, Queen‘s Road Queen‘s Island, Titanic Quarter Belfast BT3 9DT T +44 (0)28 9078 5749 E jonathan.sinclair@sap.com Blogger: cloudauditing.blogspot.com LinkedIn: jonathangsinclair Twitter: jonnygsinclair Slideshare: jonathansinclair86

More Related Content

PDF
Emerging IoT in the Energy Sector
East Midlands Cyber Security Forum
 
PPTX
cloud abstract
Bapuji Valaboju
 
PPTX
Connections Cloud Talk
Brian Schaeffer
 
PDF
The iEx.ec Distributed Cloud: Latest Developments and Perspectives
Gilles Fedak
 
PPTX
DER Integration Testbed at a Glance
Industrial Internet Consortium
 
PDF
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
Jackson Shaw
 
PPTX
Integrity for join queries
Papitha Velumani
 
PDF
Big data appliances for BI on Cloud
tdwiindia
 
Emerging IoT in the Energy Sector
East Midlands Cyber Security Forum
 
cloud abstract
Bapuji Valaboju
 
Connections Cloud Talk
Brian Schaeffer
 
The iEx.ec Distributed Cloud: Latest Developments and Perspectives
Gilles Fedak
 
DER Integration Testbed at a Glance
Industrial Internet Consortium
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
Jackson Shaw
 
Integrity for join queries
Papitha Velumani
 
Big data appliances for BI on Cloud
tdwiindia
 

What's hot (20)

PDF
TheValueChain Beyond Simple 10-05-16 - Internet of Things
TheValueChain
 
PDF
Characterizing Incidents in Cloud-based IoT Data Analytics
Hong-Linh Truong
 
PDF
SFScon 21 - Nicola Altamura - Implementation of IOTA solutions on embedded de...
South Tyrol Free Software Conference
 
DOCX
Energy efficient fault-tolerant data storage & processing in mobile cloud
LogicMindtech Nologies
 
PDF
Tim scottkoenverheyenpresentation
Patrick Van Renterghem
 
PPTX
Benefits of cloud computing
Rishabh Dogra
 
PDF
Energy efficient fault-tolerant data storage and processing in mobile cloud
LeMeniz Infotech
 
PPSX
Cloud Computing Introduction
Presentaionslive.blogspot.com
 
PPTX
The potential of the cloud
Jisc
 
PPT
Adoptive Gateways for dIverse MuLtiple Environments
Charalampos Doukas
 
PPTX
How to Architect Smarter Systems for Healthcare
Real-Time Innovations (RTI)
 
PPTX
SMART Seminar Series: "From cloud-sourced flood mapping to connected communit...
SMART Infrastructure Facility
 
PDF
Data Science for Effective Network Operations
Kiran Inampudi
 
PDF
Engineering and OW2 Big Data Initiative: an open approach to the data-driven ...
SpagoWorld
 
PDF
Cloud computing and managed services (Sumit Dutta, CSSWA)
makinglinks
 
PPT
Asset Intelligence
Juliann2012
 
PPT
Open Source at GLA - a road less travelled
Invotra2014
 
PDF
2014.11 meetup presentation v1
gradyneff
 
PDF
NordForsk Open Access Reykjavik 14-15/8-2014:NeIC
NordForsk
 
PPTX
Improving Innovation Through Open Data - Construction Excellence Annual Confe...
21cConsultancy_2012
 
TheValueChain Beyond Simple 10-05-16 - Internet of Things
TheValueChain
 
Characterizing Incidents in Cloud-based IoT Data Analytics
Hong-Linh Truong
 
SFScon 21 - Nicola Altamura - Implementation of IOTA solutions on embedded de...
South Tyrol Free Software Conference
 
Energy efficient fault-tolerant data storage & processing in mobile cloud
LogicMindtech Nologies
 
Tim scottkoenverheyenpresentation
Patrick Van Renterghem
 
Benefits of cloud computing
Rishabh Dogra
 
Energy efficient fault-tolerant data storage and processing in mobile cloud
LeMeniz Infotech
 
Cloud Computing Introduction
Presentaionslive.blogspot.com
 
The potential of the cloud
Jisc
 
Adoptive Gateways for dIverse MuLtiple Environments
Charalampos Doukas
 
How to Architect Smarter Systems for Healthcare
Real-Time Innovations (RTI)
 
SMART Seminar Series: "From cloud-sourced flood mapping to connected communit...
SMART Infrastructure Facility
 
Data Science for Effective Network Operations
Kiran Inampudi
 
Engineering and OW2 Big Data Initiative: an open approach to the data-driven ...
SpagoWorld
 
Cloud computing and managed services (Sumit Dutta, CSSWA)
makinglinks
 
Asset Intelligence
Juliann2012
 
Open Source at GLA - a road less travelled
Invotra2014
 
2014.11 meetup presentation v1
gradyneff
 
NordForsk Open Access Reykjavik 14-15/8-2014:NeIC
NordForsk
 
Improving Innovation Through Open Data - Construction Excellence Annual Confe...
21cConsultancy_2012
 
Ad

Viewers also liked (14)

PDF
Infographic RBD Nordic-Baltic - 2016 Final
Yvette Entius
 
PDF
Presentation Kenzen Paleo Bar™ Slide Show 4-16-16
Pamela Hoffner Schuler
 
PDF
Natives_guide_2017.compressed
Stephan Morse
 
PPTX
Bursting The Filter Bubble
NicoleBranch
 
PPTX
What are the Key Customer Experience Mistakes that Brands Make?
Incubeta NMPi
 
PDF
MikeGTaylor
taylormike4
 
PPTX
Paola medina
medinrio
 
PDF
Fcb
david cabellos Mulet
 
DOCX
stroud-david-resume (1) (1) (1)
David Stroud
 
PPTX
Λεωφορείο-Μέσο συγκοινωνίας
Elvira Athanasopoulou
 
PPTX
Bonitasoft BPMN Presentation
Kashif Captain
 
PDF
Informal email 3º
Estela Albaladejo Martínez
 
PPTX
Presentation by Chris Uttley, Stroud RSuds Project Officer - Delivery of Natu...
Countryside and Community Research Institute
 
DOCX
Production schedule
Ege1072
 
Infographic RBD Nordic-Baltic - 2016 Final
Yvette Entius
 
Presentation Kenzen Paleo Bar™ Slide Show 4-16-16
Pamela Hoffner Schuler
 
Natives_guide_2017.compressed
Stephan Morse
 
Bursting The Filter Bubble
NicoleBranch
 
What are the Key Customer Experience Mistakes that Brands Make?
Incubeta NMPi
 
MikeGTaylor
taylormike4
 
Paola medina
medinrio
 
Fcb
david cabellos Mulet
 
stroud-david-resume (1) (1) (1)
David Stroud
 
Λεωφορείο-Μέσο συγκοινωνίας
Elvira Athanasopoulou
 
Bonitasoft BPMN Presentation
Kashif Captain
 
Informal email 3º
Estela Albaladejo Martínez
 
Presentation by Chris Uttley, Stroud RSuds Project Officer - Delivery of Natu...
Countryside and Community Research Institute
 
Production schedule
Ege1072
 
Ad

Similar to eChallenges_e2011_JS (20)

PPTX
Cloud Compliance Auditing - Closer 2011
Jonathan Sinclair
 
PPTX
Cloud Audit and Compliance
Quadrisk
 
DOCX
Cloud Computing - Emerging Opportunities in the CA Profession
Bharath Rao
 
PDF
Cloud Auditing
Jonathan Sinclair
 
PPT
Auditing in the Cloud
tcarrucan
 
PDF
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
 
PPT
Cloud computing security and privacy christian goire
goire
 
PDF
Security And Legal In The Cloud Ats V2
dbarton944
 
PPTX
Non-functional Issues in Cloud Based Systems by Kees Blokland and Martin Pol
Kees Blokland
 
PDF
Legal issues in the cloud renzo marchini & gene landy
IFCLA - International Federation of Computer Law Associations
 
PPTX
cloud security.pptx
SourodeepChakraborty3
 
PDF
Cloud Computing and Data Governance
Trillium Software
 
PPTX
Review_2013
Jonathan Sinclair
 
PPTX
Legal & Commercial, Issues of a Cloud Service
subtitle
 
PPTX
Towards secure and dependable storage
Khaja Moiz Uddin
 
PDF
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Alan Yau Ti Dun
 
PPT
Simultaneously Supporting Privacy and Auditing in Cloud Computing Systems
Tyrone Grandison
 
PDF
It auditing to assure a secure cloud computing
ingenioustech
 
PPSX
Why the Cloud can be Compliant and Secure
InnoTech
 
PDF
Bird&Bird
Frits Bussemaker
 
Cloud Compliance Auditing - Closer 2011
Jonathan Sinclair
 
Cloud Audit and Compliance
Quadrisk
 
Cloud Computing - Emerging Opportunities in the CA Profession
Bharath Rao
 
Cloud Auditing
Jonathan Sinclair
 
Auditing in the Cloud
tcarrucan
 
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
 
Cloud computing security and privacy christian goire
goire
 
Security And Legal In The Cloud Ats V2
dbarton944
 
Non-functional Issues in Cloud Based Systems by Kees Blokland and Martin Pol
Kees Blokland
 
Legal issues in the cloud renzo marchini & gene landy
IFCLA - International Federation of Computer Law Associations
 
cloud security.pptx
SourodeepChakraborty3
 
Cloud Computing and Data Governance
Trillium Software
 
Review_2013
Jonathan Sinclair
 
Legal & Commercial, Issues of a Cloud Service
subtitle
 
Towards secure and dependable storage
Khaja Moiz Uddin
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Alan Yau Ti Dun
 
Simultaneously Supporting Privacy and Auditing in Cloud Computing Systems
Tyrone Grandison
 
It auditing to assure a secure cloud computing
ingenioustech
 
Why the Cloud can be Compliant and Secure
InnoTech
 
Bird&Bird
Frits Bussemaker
 

eChallenges_e2011_JS

  • 1. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Auditing Issues for Cloud-based Business Services Jonathan Sinclair SAP Research Belfast UK
  • 2. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Agenda • Fundamentals of Cloud, Compliance and Auditing • Cloud Compliance Challenges • Use Case: Future Healthcare and CRM • Compliance Auditing • Conclusions
  • 3. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Fundamentals Compliance Compliance is defined as being in accordance with relevant governmental orindustrial laws, regulationsand standards through governance processes. Business Web A business model and technical framework that represents a marketplace allowing providers and consumers to negotiate the usage of products. Clouds are a large pool of easily usable and accessible virtualized resources that can be dynamically reconfigured to adjust to a variable load. Cloud Computing Auditing The process of collecting and evaluating evidence to determine whether a computer system (information system) safeguards assets, maintains data integrity, achieves organizational goals effectively and consumes resources efficiently.
  • 4. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Motivation, Problem Area “An undefined problem has an infinite number of solutions” Robert A. Humphrey Customer Data Legislation Government Auditor Compliance CheckCompliance Report Regulation Regulator creates creates Businesses have to comply with store and are responsible for use IT to improve operations IT Department have to comply with Governance Compliance Customer Data Legislation Government Auditor Compliance CheckCompliance Report Regulation Regulator creates creates Businesses have to comply with store and are responsible for use IT to improve operations IT Department have to comply with Governance Compliance
  • 5. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Research Objectives • The locality of data is of key importance to adhere to legislation – Cross-jurisdictional conflictions – Performance and Availability – Disaster Recovery and Backup • Multi-tenancy and data accessibility – Company Multi-tenancy – Systems Multi-tenancy • Data Retention – Retaining data in the Cloud – Retaining data from the Cloud “The greatest challenge to any thinker is stating the problem in a way that will allow a solution.” Bertrand Russell
  • 6. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research CloudCloud AuditorAuditor Research Approach, Methodology “Most human beings have an almost infinite capacity for taking things for granted” Aldous Huxley
  • 7. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Major Outcomes/Results “A complex system that works is invariably found to have evolved from a simple system that works” John Gaule
  • 8. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Conclusion and Outlook • Ensure the security of consumer’s data • Maintain compliance with data security / privacy laws • Assure that service providers, integrators or composers cannot • access data within a consumer’s service • transfer data from a consumer’s service “A conclusion is the place where you got tired of thinking” Harold Fricklestein
  • 9. Session 2b, 26th October 2011 eChallenges e-2011 Copyright 2011 SAP Research Thank You! Jonathan Sinclair Research Associate SAP Research Belfast SAP [UK] Ltd The Concourse, Queen‘s Road Queen‘s Island, Titanic Quarter Belfast BT3 9DT T +44 (0)28 9078 5749 E jonathan.sinclair@sap.com Blogger: cloudauditing.blogspot.com LinkedIn: jonathangsinclair Twitter: jonnygsinclair Slideshare: jonathansinclair86