Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?
|
|
- Chloe Mills
- 8 years ago
- Views:
Transcription
1 Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? IIA San Francisco Chapter October 11, 2011
2 Agenda Introductions Cloud computing overview Risks and audit strategies Q&A
3 Introductions Jeff Spivack, Grant Thornton Partner and Practice Leader Business Advisory Services, Greater Bay Area National Solution Group member for service organization matters relating to cloud computing Local leader for all Governance, Risk and Compliance services Over 25 years of consulting and industry experience in New York and Greater Bay area markets Board Member SF Chapter of IIA
4 Introductions Keith Chin, Salesforce.com Internal Audit Manager, San Francisco 12 Years internal audit experience External audit experience at Deloitte, primarily in the technology and banking industries License management and internal audit manager at Oracle Focused on global audits across a wide spectrum of business processes
5 Introductions Lisa Core, Salesforce.com Technology Audit & Compliance Program Manager 3 years of experience in KPMG's IT Advisory Group Organized and designed a full program of over 300 IT controls at Salesforce.com Leads many technology related audits and assessments Supports the Salesforce.com sales organization with the completion of highly technical RFPs/RFIs and security/privacy-related questionnaires
6 Cloud computing overview Group discussion What is your experience with cloud computing? How does your company utilize cloud computing? What level of involvement did your Internal Audit group have with your Company s cloud computing implementation? Has your company s cloud environment been audited?
7 Learning objectives Presentation focus Today s presentation will focus on the following: Understanding primary outsourced/hosted cloud computing options, industry trends, and benefits including observations from a market leader Methods for deciding if cloud computing fulfills the organization s business needs and risk appetite Understanding unique risks associated with various cloud computing models Practical controls for securing the Company s assets when using cloud computing Methods for auditing the Company s use of cloud computing technologies
8 Agenda Introductions Cloud computing overview Risks and audit strategies Q&A
9 Cloud computing overview Why the buzz? Cloud computing is the future of IT A new and flexible model for deploying technology Extremely reliable and infinitely scalable Cost benefits and ease of ownership Allows you to expand or contract as business needs dictate Pay for only what you need at any given time
10 Cloud computing overview Grant Thornton's CAE Survey More than 300 CAEs surveyed responded that 77% are at least somewhat familiar with cloud computing 69% use cloud computing; many expect cloud computing use to increase (45%) or stay the same (55%) in the next 12 months When asked to describe their view as to the security, governance, risk and controls implications in moving to a cloud environment, 43% responded "I haven t really given it much thought." 64% of respondents do not include cloud computing in their audit plan
11 Cloud computing overview Future of cloud computing Looking past the current industry hype surrounding all things Cloud, Forrester believes that Cloud computing is a sustainable, long-term IT paradigm, and the successor to previous mainframe, client/server, and network computing eras. -Forrester Research, Inc. The Evolution of Cloud Computing Markets
12 Cloud computing overview A full spectrum of definitions - simple The cloud is about immediacy, elasticity, and utility economics Mark Shuttleworth, Ubuntu & Canonical The cloud is water vapor Larry Ellison, Oracle
13 Cloud computing overview Three basic flavors of service (cont'd) #1 Infrastructure Data Center Processor Memory Storage Virtualized & Dynamic Redundant
14 Cloud computing overview Three basic flavors of service (cont'd) #2 Platform Operating System Web Servers Database Servers Operational Services Virtualized Infrastructure
15 Cloud computing overview Three basic flavors of service (cont'd) #3 Application Google Apps Salesforce Mobile Me Platform Infrastructure
16 Cloud computing overview Types and models Types of Clouds Public - Shared computer resources provided by an off-site third-party provider Private - Dedicated computer resources provided by an off-site third party or use of cloud technologies on a private internal network Hybrid - Consisting of multiple public and private clouds Models of Cloud: Software as a Service (SaaS) - Software applications delivered over the Internet Platform as a Service (PaaS) - Full or partial operating system/development environment delivered over the Internet Infrastructure as a Service (IaaS) - Computer infrastructure delivered over the Internet
17 Cloud computing overview Global Public Cloud Market Size
18 Cloud computing overview Service model attributes Software as a Service (SaaS) The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Platform as a Service (PaaS) Consumer has control over the deployed applications and possibly application hosting environment configurations. Infrastructure as a Service (IaaS) Consumer has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers).
19 Agenda Introductions Cloud computing overview Risks and audit strategies Q&A
20 Risks and audit strategies System failure at Amazon.com "A widespread failure in Amazon.com s Web services business affected many Internet sites, highlighting the risks involved when companies rely on so-called cloud computing. The problems affected sites including Quora.com, Reddit.com, GroupMe.com and Scvngr.com, which all posted messages to their visitors about the issue. Most of the sites have been inaccessible for hours, and others were only partly operational " -NYTimes.com April 21, 2011
21 Risks and audit strategies Security Breach at Epsilon "A data breach at one of the world's largest providers of marketing services may have enabled unauthorized people to access the names and addresses for customers of major financial-services, retailing and other companies." -WSJ.com April 4, 2011
22 Risks and audit strategies Potential risks What are the physical components of the Clouds? Data Centers self-hosted, third-party, both, etc.? Network circuits and firewalls who s managing, who s watching, etc.? Disaster preparedness and recoverability is there a plan, is it tested, etc.? Who is aware of and managing vendor SLAs and are they adequate? Where s the data and how is it protected? In-flight, standing still/at-rest, etc.? Archives and back-up? Unintended uses? Data privacy and compliance? What is the tone at the top? Stakeholder knowledge of attributes and risks Have internal controls evolved effectively? Who is monitoring internal use of public cloud services?
23 Risks and audit strategies Service organization considerations When outsourcing parts of their business (including cloud computing), companies are still responsible for the data, processing and/or services provided by the outsourcing company (service organization). As a result, many companies (and their auditors) desire or require their service organizations to obtain an independent assessment of their security, availability, processing integrity, confidentiality and privacy practices.
24 Risks and audit strategies Service organization considerations SSAE No. 16, Reporting on Controls at a Service Organization, superseded SAS 70 on June 15, There are several reporting options for service auditors examining controls at service organizations. Financial Reporting Risks Nonfinancial Reporting Risks SOC 1 SOC 2 SOC 3 SSAE 16 With testing details "Pass" with a seal display
25 Risks and audit strategies Six additional risk areas Security Multi-tenancy Data location Reliability Sustainability Scalability
26 Risks and audit strategies 1. Security - risks The cloud provider s security policies are not as strong as the Company s data security requirements Cloud systems which store Company data are not updated or patched when necessary Security vulnerability assessments or penetration tests are not performed to ensure logical and physical security controls are in place The physical location of company data is not properly secured
27 Risks and audit strategies 1. Security audit strategy Determine if the cloud provider meets or exceeds the Company s security requirements Determine if the cloud provider s security posture is based on a security standard (i.e., ISO27001, Cloud Security Alliance, PCI DSS, etc.) Determine if the cloud provider has a security assessment performed Determine if the cloud provider s Service Organization Report (i.e., SSAE 16, SOC Reports) addresses specific security controls
28 Risks and audit strategies 2. Multi-tenancy risks Company data is not appropriately segregated on shared hardware resulting in Company data being inappropriately accessed by third parties The cloud service provider has not deployed appropriate levels of encryption to ensure data is appropriately segregated both in rest and transit The cloud service provider cannot determine the specific location of the Company s data on its systems Company data resides on shared server space which might conflict with regulatory compliance requirements for the Company
29 Risks and audit strategies 2. Multi-tenancy audit strategy Inquire of the cloud service provider s method used to secure the Company s data from being accessed by other customers/third parties Review the cloud service provider s SLA to determine if the SLA addresses security of the Company s data Review independent audit report(s) related to the Cloud provider s security posture (i.e., security settings, data encryption methods, etc.) and/or exercise the Company s right-to-audit clause Gain access to cloud system(s) and perform limited auditing procedures from the Company s location
30 Risks and audit strategies 3. Data location risks The Company is not aware of all of the cloud service provider s physical location(s) The Company does not know where their data is physically or virtually stored The Cloud service provider moves company data to another location without informing the Company Company data is stored in international locations and falls under foreign business or national laws/regulations
31 Risks and audit strategies 3. Data location audit strategy Inquire of the cloud provider the specific physical and virtual location of the Company s data Work with the Company s legal group to fully understand the impact and potential risks of the Company s data residing in a foreign country Ensure regulatory compliance is maintained if data resides in multiple locations
32 Risks and audit strategies 4. Reliability risks The cloud service provider has quality of service standards which conflict with business requirements During peak system activity times, the cloud service provider experiences system performance issues that result in the following: - Company employees cannot access the Company s data when needed - Customers are unable to use the Company s systems (such as placing an order on the Company s web site) because of performance problems with the cloud provider
33 Risks and audit strategies 4. Reliability audit strategy Inquire of the cloud service provider to determine the controls in place to ensure the reliability of the cloud solution Obtain an SLA/contract from the cloud service provider which details the specific reliability agreement for the Company. Compare this information to actual performance Determine the times that the cloud provider performs system upgrades and/or patches to ensure data availability during peak business hours is not affected Review the Company s business continuity plan and determine if the plan addresses interruptions with the cloud systems used by the Company
34 Risks and audit strategies 5. Sustainability risks In the event the cloud service provider goes out of business, the Company might not be able to retrieve the Company s data. In addition, another third party might gain access/control of the Company s data The cloud service provider does not have appropriate system recovery procedures in place in the event of a disaster The Company s business continuity plan does not address the cloud s service offering being unavailable Company data is compromised as a result of a disaster
35 Risks and audit strategies 5. Sustainability audit strategy Inquire of the cloud service provider to determine if they have adequate controls in place to recover and protect the Company s data even in the event of a disaster Review the Company s business continuity plan and determine if the plan addresses interruptions with the cloud solution Inquire of the cloud service provider to determine how the Company would gain access to its data in the event the cloud service provider goes out of business
36 Risks and audit strategies 6. Scalability risks The cloud service provider s systems cannot scale to meet the Company s anticipated growth, both for a short-term spike and/or to meet a long-term strategy If the Company decides to migrate all or part of the Company s system and/or data back inhouse (or to another provider), the cloud service provider cannot (or will not) provide the data
37 Risks and audit strategies 6. Scalability audit strategy Determine if the cloud provider s system can scale to meet the Company s expected short-term spikes and/or growth over the next five years Determine if the Company has a contingency plan in the event the cloud provider s systems cannot scale to meet the Company s needs Determine who is the owner of the Company s data Determine if the cloud provider would allow the Company to move data back in house and/or to another provider. Determine the specific procedures and associated costs needed to perform this task
38 Risks and audit strategies Case study An energy solutions company is a leading provider of energy solutions with annual revenues in excess of $850 million for a payroll size of 400 employees Decision made by Senior Management to outsource their payroll system to a SaaS vendor cloud solution to allow for increased efficiency and cost savings Internal Audit identified payroll as a high-risk area since this was the Company s first use of a cloud computing solution Key Payroll data is transmitted on a bi-weekly basis to facilitate payment by the SaaS cloud provider
39 Risks and audit strategies Case study (cont'd) Company's Internal Audit department reviewed the cloud provider's Service Organization Report and did not note any exceptions Internal Audit also used existing user-ids to perform limited audit procedures and discovered they had access to view and edit another company's payroll information The Company discussed the findings with the cloud provider and determined the error occurred after a recent system upgrade
40 Agenda Introductions Cloud computing overview Risks and audit strategies Q&A
41 Q & A
42 Contact info Jeff Spivack Principal, Business Advisory Services T: E:
The Elephant in the Room: What s the Buzz Around Cloud Computing?
The Elephant in the Room: What s the Buzz Around Cloud Computing? Warren W. Stippich, Jr. Partner and National Governance, Risk and Compliance Solution Leader Business Advisory Services Grant Thornton
More informationThe silver lining: Getting value and mitigating risk in cloud computing
The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations
More informationBUSINESS MANAGEMENT SUPPORT
BUSINESS MANAGEMENT SUPPORT Business disadvantages using cloud computing? Author: Maikel Mardjan info@bm-support.org 2010 BM-Support.org Foundation. All rights reserved. EXECUTIVE SUMMARY Cloud computing
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationCloud Computing; What is it, How long has it been here, and Where is it going?
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
More informationCloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5
Cloud Computing: The atmospheric jeopardy Unique Approach Unique Solutions Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Background Cloud computing has its place in company computing strategies,
More informationWhy Migrate to the Cloud. ABSS Solutions, Inc. 2014
Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System
More informationGETTING THE MOST FROM THE CLOUD. A White Paper presented by
GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationAuditing Software as a Service (SaaS): Balancing Security with Performance
Auditing Software as a Service (SaaS): Balancing Security with Performance Goals for Today Defining SaaS (Software as a Service) and its importance Identify your company's process for managing SaaS solutions
More informationCloud Services Overview
Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationThe Keys to the Cloud: The Essentials of Cloud Contracting
The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationAuditing Cloud Computing and Outsourced Operations
Session 136 Auditing Cloud Computing and Outsourced Operations Monday, May 7, 2012 3:30 PM 5:00 PM Mike Schiller Director of Sales & Marketing IT, Texas Instruments Co Author, IT Auditing: Using Controls
More informationSecuring Oracle E-Business Suite in the Cloud
Securing Oracle E-Business Suite in the Cloud November 18, 2015 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Agenda The
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationCloud Security: Evaluating Risks within IAAS/PAAS/SAAS
Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk
More informationCloud Computing. What is Cloud Computing?
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationLegal Issues in the Cloud: A Case Study. Jason Epstein
Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types
More informationCloud Security & Risk. Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com
Cloud Security & Risk Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com Agenda About Compass Overcast - Cloud Overview Thunderheads - Risks in the Cloud The Silver Lining - Security Approaches
More informationCloud Computing Safe Harbor or Wild West?
IT Best Practices Series Cloud Computing Safe Harbor or Wild West? With IT expenditures coming under increasing scrutiny, the cloud is being sold as an oasis of practical solutions. It s true that many
More informationData Privacy and Security for Market Research in the Cloud
Data Privacy and Security for Market Research in the Cloud Peter Milla IIeX2015 NA Agenda Page 2 1. Background 2. Why the Cloud? 3. Data Privacy and Data Security in the Cloud 4. How do We Deal with It?
More informationCloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week
Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions
More informationCloud Computing. Bringing the Cloud into Focus
Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationCompliance and the Cloud: What You Can and What You Can t Outsource
Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick
More informationPublic Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value
More informationTips For Buying Cloud Infrastructure
27 Tips For Buying Cloud Infrastructure A Comprehensive list of questions to ask yourself when reviewing potential cloud providers By Christopher Wilson @chrisleewilson Table of Contents Intro: Evaluating
More informationPrivate vs. Public Cloud Solutions
Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationCloud Computing Phillip Hampton LogicForce Consulting, LLC
Phillip Hampton LogicForce Consulting, LLC New IT Paradigm What is? Benefits of Risks of 5 What the Future Holds 7 Defined...model for enabling ubiquitous, it convenient, ondemand network access to a shared
More informationPresentation to the ACC Information Technology & Ecommerce Committee June 5, 2008
Cloud Computing: What to Ask When the Clouds Roll In Presentation to the ACC Information Technology & Ecommerce Committee June 5, 2008 Randall S. Parks and James A. Harvey, Partners and Co-Chairs, and
More informationCloud Computing: Background, Risks and Audit Recommendations
Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For
More informationCONSIDERATIONS BEFORE MOVING TO THE CLOUD
CONSIDERATIONS BEFORE MOVING TO THE CLOUD What Management Needs to Know Part I By Debbie C. Sasso Principal When talking technology today, it s very rare that the word Cloud doesn t come up. The benefits
More informationRequirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Whitepaper: Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider WHITEPAPER Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider Requirements Checklist
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More informationHow To Understand Cloud Computing
Cloud Computing Information Security and Privacy Considerations April 2014 All-of-Government Cloud Computing: Information Security and Privacy Considerations April 2014 1 Crown copyright. This copyright
More informationOFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:
More informationCloud Computing are you ready?
Cloud Computing are you ready? Steven Krenz ITSM Practice Lead Agenda Introduction Presentation Topics The traditional Data Center: How it compares to The Cloud Cloud Computing and IT Service Management:
More informationClinical Trials in the Cloud: A New Paradigm?
Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationWith Eversync s cloud data tiering, the customer can tier data protection as follows:
APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software
More informationTime to Value: Successful Cloud Software Implementation
Time to Value: Successful Cloud Software Implementation Cloud & Data Security 2015 Client Conference About the Presenter Scott Schimberg, CPA, CMA Partner, Consulting, Armanino Scott became a Certified
More informationCloud Computing Trends, Examples & What s Ahead
Cloud Computing Trends, Examples & What s Ahead Mike Klein President, Online Tech June 21, 2010 Cloud Computing Defined One Definition: On-Demand Computing Elastic & Scalable Rapidly Provisioned Virtualized
More informationCloud Computing An Internal Audit Perspective. Heather Paquette, Partner Tom Humbert, Manager
Cloud Computing An Internal Audit Perspective Heather Paquette, Partner Tom Humbert, Manager March10 2011 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationCloud Computing: Risks and Auditing
IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG
More informationDaren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD
Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National
More informationEnhancing Operational Capacities and Capabilities through Cloud Technologies
Enhancing Operational Capacities and Capabilities through Cloud Technologies How freight forwarders and other logistics stakeholders can benefit from cloud-based solutions 2013 vcargo Cloud Pte Ltd All
More informationClarity in the Cloud. Defining cloud services and the strategic impact on businesses.
Clarity in the Cloud Defining cloud services and the strategic impact on businesses. Table of Contents Executive Summary... 3 Cloud Services... 4 Clarity within the Cloud... 4 Public Cloud Solution...
More informationPCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:
PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On
More informationHow cloud computing can transform your business landscape
How cloud computing can transform your business landscape Introduction It seems like everyone is talking about the cloud. Cloud computing and cloud services are the new buzz words for what s really a not
More informationUnderstanding Financial Cloud Services
Understanding Financial Cloud Services A Complete Guide for Hedge Funds About RFA RFA (Richard Fleischman & Associates) has been a Financial Cloud and trusted technology partner to our financial services
More informationCloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu
Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the
More informationStrategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security
Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities
More informationWhite Paper on CLOUD COMPUTING
White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples
More informationConnecting Your Business to the Cloud. Jeff Coomans Sr. Manager New Product Development Hawaiian Telcom
Connecting Your Business to the Cloud Jeff Coomans Sr. Manager New Product Development Hawaiian Telcom Agenda What is the Cloud? Top Cloud Apps How Do I Get Started? Examples Business Benefits Migration
More informationRequirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider Requirements Checklist for As the importance and value of corporate data grows, complex enterprise IT environments need
More informationCloud Assurance: Ensuring Security and Compliance for your IT Environment
Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationMaster the Might of the Hybrid Cloud
Reach for the Sky Master the Might of the Hybrid Cloud WHITE PAPER As an IT decision maker at a global enterprise, you face unique challenges in managing a complex infrastructure with varied resources
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationTitle: Number: Responsible Office: Last Revision:
Title: Number: Responsible Office: Last Revision: Cloud Computing: Opportunities Used Safely G4 004D Information Security and Privacy Office July 2011 The following guidance was developed and published
More informationTHOUGHT LEADERSHIP. Journey to Cloud 9. Navigating a path to secure cloud computing. Alastair Broom Solutions Director, Integralis
Journey to Cloud 9 Navigating a path to secure cloud computing Alastair Broom Solutions Director, Integralis March 2012 Navigating a path to secure cloud computing 2 Living on Cloud 9 Cloud computing represents
More information2014 HIMSS Analytics Cloud Survey
2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation
More informationCommercial Software Licensing
Commercial Software Licensing CHAPTER 12: Prepared by DoD ESI January 2013 Chapter Overview Most software licenses today are either perpetual or subscription. Perpetual licenses involve software possession
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationCloud Computing Thunder and Lightning on Your Horizon?
Cloud Computing Thunder and Lightning on Your Horizon? Overview As organizations automate more and more of their manual processes, the Internet is increasingly becoming an important tool in the delivery
More informationNAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC
Main Types of Cloud Environments: - Public Cloud: A service built on an external platform run by a cloud service provider such as IBM, Amazon Web Services or Microsoft Azure. Subscribers can get access
More informationCloud Computing Paradigm Shift. Jan Šedivý
Cloud Computing Paradigm Shift Jan Šedivý Business expectations Improving business processes Reducing enterprise costs Increasing the use of information/analytics Improving enterprise workforce effectiveness
More informationCloud Computing. Cloud Computing An insight in the Governance & Security aspects
Cloud Computing An insight in the Governance & Security aspects AGENDA Introduction Security Governance Risks Compliance Recommendations References 1 Cloud Computing Peter Hinssen, The New Normal, 2010
More informationNCTA Cloud Architecture
NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,
More informationThe Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing
Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?
More informationHow To Choose A Cloud Computing Solution
WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More informationWhat Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.
What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model
More informationSecure Cloud Computing through IT Auditing
Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the
More informationCLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS
CLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS Copyright 2012 by the Construction Financial Management Association. All rights reserved. This article first appeared in CFMA Building Profits.
More informationThings You Need to Know About Cloud Backup
Things You Need to Know About Cloud Backup Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective and reliable method of safeguarding the increasing
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationCloud Computing: Compliance and Client Expectations
Cloud Computing: Compliance and Client Expectations February 15, 2012 MOSS ADAMS LLP 1 TODAY S PRESENTERS Moderator Kevin Villanueva, CPA, CISA, CISM, CITP, CRISC Sr. Manager, Infrastructure and Security
More informationCloud Computing. Introductions 10/20/2010
Cloud Computing An In-Depth Discussion Introductions Nathaniel Gates President of Cloud49, Anchorage AK Nathaniel Gates is a lifelong Alaskan who understands the unique challenges businesses face operating
More informationDispelling the vapor around Cloud Security
Dispelling the vapor around Cloud Security The final barrier to adopting cloud computing is security of their data and applications in the cloud. The last barrier to cloud adoption This White Paper examines
More informationIs a Cloud ERP Solution Right for You?
Is a Cloud ERP Solution Right for You? By Spencer Arnesen, CPA There s been a lot of hype recently about how cloud software solutions are the wave of the future. In the consumer environment, you can use
More informationIT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011
IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 Cloud Basics Cloud Basics The interesting thing about cloud computing is that we've redefined cloud computing to include everything
More informationA Vendor s Journey to SaaS & the Cloud
A Vendor s Journey to SaaS & the Cloud Mark Sherry Partner Marval North America ITIL Expert ISO 20000 Consultant MBA, MA, BComm 25+ ITIL implementations Trained Service Managers Globally 10 Years in Industry
More informationThe Benefits of Cloud Computing to the E-Commerce Industry July 2011 A whitepaper on how hosting on a cloud platform can lower costs, improve
The Benefits of Cloud Computing to the E-Commerce Industry July 2011 A whitepaper on how hosting on a cloud platform can lower costs, improve productivity and stability and remove issues around scalability.
More informationThe Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management
The Cloud at Crawford Evaluating the pros and cons of cloud computing and its use in claims management The Cloud at Crawford Wikipedia defines cloud computing as Internet-based computing, whereby shared
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationCloud Computing in a Regulated Environment
Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2
More informationSecurity and Privacy in Cloud Computing
Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges
More informationLibrary Systems Security: On Premises & Off Premises
Library Systems Security: On Premises & Off Premises Guoying (Grace) Liu University of Windsor Leddy Library Huoxin (Michael) Zheng Castlebreck Inc. CLA 2015 Annual Conference, Ottawa, June 5, 2015 Information
More informationIT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
More informationSECURITY AND EXTERNAL SERVICE PROVIDERS
SECURITY AND EXTERNAL SERVICE PROVIDERS How to ensure regulatory compliance and manage risks with Service Organization Control (SOC) Reports Jorge Rey, CISA, CISM, CGEIT Director, Information Security
More informationHosted ediscovery: Adoption, Use, and Results. September, 2011
Hosted ediscovery: Adoption, Use, and Results September, 2011 SaaS is a Delivery Model Of Cloud Computing Attitudes About SaaS Are Still Evolving Legal Community Embracing SaaS In general, are you leaning
More information