3/8/2016 Welc lcome e to the Schne the Schneide der Do Downs s Quarterly No Quar Not- t-for-Profit Brea Breakf kfast Briefin Briefing Cloud Com Cloud Comput uting f g for the 2 the 21st Cent Centur ury y Not-for-Pr Not-f Profit it Organi Organizat zation on Presented by: Christopher R. Debo, Senior Manager, Schneider Downs Technology Advisors Jason M. Reljac, Manager, Schneider Downs Technology Advisors How does your organization USE USE the cloud? Understand – Secure – Evaluate Who we are • Jason Reljac • Patrick Armknecht • Chris Debo – Technology Advisors – Technology Advisors – Technology Advisors – Pittsburgh Office – Columbus Office – Pittsburgh Office – Sales guy with – Technically savvy, – Technically savvy, accounting security-conscious somewhat nerdy background consultant consultant – Skipped town on us but provided slides Combined 40+ years of technology consulting experience in a wide range of industries 1
3/8/2016 Agenda • Understanding the Cloud • Securing the Cloud • The Changing role of IT in the Cloud • Evaluating the cost/benefit of using the Cloud vs. on premise Defining the “Cloud” • Wik Wikipedia “a kind of Internet-based computing that provides shared processing resources and data to computers and other devices on demand.” • PC Ma PC Magazine “A communications network. The word "cloud" often refers to the Internet, and more precisely to some datacenter full of servers that is connected to the Internet.” • Merriam-W rriam-Webst ebster er “the practice of storing regularly used computer data on multiple servers that can be accessed through the Internet” Defining the “Cloud” Inve vest stop opedia ia “Cloud computing is a model IB IBM M “Cloud computing, often referred to as • • for delivering information technology simply “the cloud,” is the delivery of on- services in which resources are retrieved demand computing resources—everything from the internet through web-based tools from applications to data centers—over the and applications, rather than a direct Internet on a pay-for-use basis.” connection to a server.” Dictionary.com “Internet-based computing Dict Amazon on “"Cloud Computing", by definition, • • in which large groups of remote servers are refers to the on-demand delivery of IT networked so as to allow sharing of data- resources and applications via the Internet processing tasks, centralized data storage, with pay-as-you-go pricing.” and online access to computer services or resources.” Gar Gartner “…as a style of computing in which • scalable and elastic IT-enabled capabilities National I al Institut stitute is S Standards s and d are delivered as a service using Internet • Technology “Cloud computing is a model for Te technologies.” enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources” 2
3/8/2016 My definition A service, just like electricity, cable or water, that you or your organization subscribes to that puts data of yours in someone else’s possession while making it easy to access and forget about. This is cloud Why? I work for Schneider Downs but with iCloud my contacts are stored on Apple’s servers. 3
3/8/2016 This is NOT Cloud This is NOT Cloud I work for Schneider Downs and with Outlook web access I am accessing my Schneider Downs email over the internet but am accessing a server AT Schneider Downs. What makes up the Cloud Documents Communications Audio/Video Productivity • Amazon Cloud Drive • Conference calls • Amazon Music Player • Apple iCloud • Apple iCloud • Email • iTunes • Google Docs • Dropbox • Global Connect • Netflix • Lucidchart • Google Drive • Instant messaging • YouTube • Microsoft Office 365 • Microsoft OneDrive • Voice mail • Vimeo • Zoho Docs Enterprise Servers ERP Enterprise Applications • Amazon AWS • Microsoft • Human resources • Local providers • Oracle • Payroll processing • Microsoft Azure • SAP • Video monitoring • Rackspace Cloud • Many others… • Time and expense entry 4
3/8/2016 C LO LOUD ≠ D D AT ATA C ENTER ENTER B UT UT , , YOU ARE RE KEEPING KEEPING TRA RACK CK OF OF YOUR UR DATA CENTER , , RIGHT RIGHT ? CENTE C LO LOUD ≠ D D ISAS TER R ECO ISASTE ECOVER ERY I T ’ S A S A P IECE IECE OF OF THE THE PUZZLE UZZLE Easy Cloud Moves • Email – Usually eliminates • Servers • SPAM – Generally adds • Enhanced remote access – Easy and cost-effective – IT usually hates email servers anyway – Can’t forget about downtime 5
3/8/2016 Common Cloud Moves • Office productivity applications – Heavy macro users? – Tied to other enterprise applications? • Enterprise applications – Time & expense tracking • Human resource management • Payroll processing – Can eliminate printed pay stubs & tax filing – Can add open enrollment, self-service Involved Cloud Moves • Accounting – Lots of moving parts • ERP – Lots and lots of moving parts • Manufacturing – Inventory – Shop floor Cloud – Acronym Soup • DRP • HIPAA • ISO • PCI DSS • SOC 1 & 2 • SOX • SSL 64/128/256/512 6
3/8/2016 A SK SK & U & U NDERS NDERSTAND AND N O GUESSING UESSING ;-) ;-) Cloud – Acronym Soup DRP - Disaster Recovery plan • HIPAA - Health Insurance Portability and Accountability Act • ISO - International Organization for Standardization • PCI DSS - Payment Card Industry Data Security Standard • SOC 1 & 2 - Report on Controls at a Service Organization • SOX – Sarbanes-Oxley • 64/128/256/512 – Levels of SSL encryption • SSL – Secure Sockets Layer • I T ’ S N S NOT JUST YOU T U THAT NEEDS TO UNDERSTAND … TO Y OUR OUR VENDORS ENDORS DO DO AS AS WELL WELL I F T F THEY DON ’ T UND NDERSTAND OR SEEM EEM CONFU CONFUSED IT IT MIG MIGHT BE TIME IME TO RE - EVALUATE TH RE THEM EM AS AS A VEN ENDOR 7
3/8/2016 Why Should I Care? Why Should I Care? Why Should I Care? 8
3/8/2016 Why Should I Care? Cloud Computing Risks - Technical Ris Risk M Mitig tigati tion / / Threat reat Descri ription Co Contr ntrol Stra Strategy gy Vulnerable access Information assets could Contractual • management be accessed by agreements to clarify (infrastructure and unauthorized entities due who is allowed access. application). to faulty or vulnerable Review identity access • access management management controls measures or processes. of the cloud services This could provider (CSP), SOC 1, result from a forgery/theft SOC2. of legitimate credentials or Where possible use • a common technical your own identity practice (e.g., access management administrator permissions controls and systems override). and not the CSP’s. Cloud Computing Risks - Technical Ris Risk M Mitig tigati tion / / Threat reat Descri ription Co Contr ntrol Stra Strategy gy Data visible to other This refers to data that Contractual • tenants when resources have been stored in agreements to clarify are allocated dynamically. memory space or disk who is allowed access space that can be Encrypt all sensitive • recovered by other entities assets and data sharing the cloud by using Request the CSP’s • forensics techniques. technical specs for wiping data from systems Use a private cloud • model with no multitenancy 9
Recommend
More recommend
