Module 1: Facilitated e-learning



Similar documents
The cloud - ULTIMATE GAME CHANGER ===========================================

Chapter 7: Trends in technology impacting SDLC Learning objective Introduction Technology Trends

Cloud Computing. What is Cloud Computing?

Data Protection Act Guidance on the use of cloud computing

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

Managing Cloud Computing Risk

How To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

Everything You Need To Know About Cloud Computing

Cloud Computing; What is it, How long has it been here, and Where is it going?

Security Issues in Cloud Computing

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Security Considerations for Public Mobile Cloud Computing

Cloud Computing for SCADA

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

AskAvanade: Answering the Burning Questions around Cloud Computing

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software.

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Bring Your Own Device (BYOD) and Mobile Device Management.

EXIN Cloud Computing Foundation

Cloud Computing. Karan Saxena * & Kritika Agarwal**

Bring Your Own Device (BYOD) and Mobile Device Management

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

The Key Components of a Cloud-Based Unified Communications Offering

Choose Your Own Device (CYOD) and Mobile Device Management. gsolutionz.com

The Key Components of a Cloud-Based UC Offering

How To Protect Your Cloud From Attack

Session 11 : (additional) Cloud Computing Advantages and Disadvantages

About me & Submission details

Cloud models and compliance requirements which is right for you?

Electronic Records Storage Options and Overview

Making the leap to the cloud: IS my data private and secure?

20 th Year of Publication. A monthly publication from South Indian Bank.

CA Enterprise Mobility Management MSO

STRONGER AUTHENTICATION for CA SiteMinder

Capturing the New Frontier:

Internet threats: steps to security for your small business

White Paper on CLOUD COMPUTING

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

Cloud Computing Guide & Handbook. SAI USA Madhav Panwar

How cloud computing can transform your business landscape.

Enhancing Operational Capacities and Capabilities through Cloud Technologies

Technology & Business Overview of Cloud Computing

Secure Cloud Computing through IT Auditing

Enterprise Computing Solutions

A Comparative Study of cloud and mcloud Computing

Cloud Infrastructure Security

Introduction to Cloud Services

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Commercial Software Licensing

security in the cloud White Paper Series

Refresher on cloud computing

Creating Dynamic IT Infrastructure at Reduced Cost with Cloud Computing

How To Protect Your Cloud Computing Resources From Attack


CLOUD COMPUTING CUSTOMER RELATIONSHIP MANAGEMENT FOR SMALL AND MEDIUM ENTERPRISES

SaaS, PaaS & TaaS. By: Raza Usmani

Cloud Computing Technology

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

Quattra s Cloud Vision & Framework Value

Managing PHI in the Cloud Best Practices

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

Securing Corporate on Personal Mobile Devices

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Session 2. The economics of Cloud Computing

How cloud computing can transform your business landscape

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management

Kent State University s Cloud Strategy

Desktop Virtualization. The back-end

Your complete guide to Cloud Computing

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

Table of Contents...2 Introduction...3 Mission of IT...3 Primary Service Delivery Objectives...3 Availability of Systems Improve Processes...

PART I: The Pros and Cons of Public Cloud Computing

How to Turn the Promise of the Cloud into an Operational Reality

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

Cisco WAAS Optimized for Citrix XenDesktop

What Cloud computing means in real life

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

The Benefits of Cloud Computing to the E-Commerce Industry July 2011 A whitepaper on how hosting on a cloud platform can lower costs, improve

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen

PULSE SECURE FOR GOOGLE ANDROID

Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled

Cloud Computing An Elephant In The Dark

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Transcription:

Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1 Introduction... 3 1.2 Cloud Computing... 4 1.2.1 Understanding Cloud Computing... 4 1.2.2 Characteristics of Cloud Computing... 4 1.2.3 Features of Cloud Computing... 5 1.2.4 Types of Cloud Computing... 5 1.2.5 Cloud Service Models... 5 1.2.6 Benefits and risks in Cloud Computing... 6 Benefits... 7 Risks... 7 1.2.7 Impact of Cloud Computing on CAs... 7 Assurance Services in Cloud Computing... 7 Consulting In Cloud Computing... 8 1.3 Mobile Computing... 9 1.3.1 Technology Components... 9 1. Mobile communication... 9 2. Mobile hardware... 9 3. Mobile software... 10 1.3.2 Advantages and Security Concerns of Mobile Computing... 10 Advantages of Mobile Computing... 10 Security Issues in Mobile Computing... 10 Controls in Mobile Computing... 10 1.3.3 Opportunities for CAs... 11 Using Mobile computing in CA firm:... 11 Consulting on mobile technology implementation:... 11 Assurance services on Mobile technology implementation... 11 1

1.4 Summary... 12 1.5 References... 12 1.6 Questions... 12 1.7 Answers... 13 2

Chapter 3, Part 1: Cloud and Mobile Computing CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAS PART 1: CLOUD AND MOBILE COMPUTING Learning Objectives To gain an overview of Cloud Computing To gain an overview of Mobile Computing To Understand risks and controls in Cloud and Mobile Computing To gain an overview of opportunities for CAs in Cloud and Mobile computing 1.1 Introduction Using and embracing technology is not an option but mandatory for Chartered Accountants to perform their jobs effectively and efficiently. Chartered Accountants in their roles as consultants or auditors have to deal with Data/ Information for analysis and decision making. This data could be coming from computer systems of client which are now-a-days rapidly shifting to the Cloud. Cloud computing has its inherent business benefits but it also has its own risk, security and control issues. As Chartered Accountants we have to ensure that these inherent risks have been properly mitigated by implementing the right level of security and controls. Cloud computing exposes organisations and those who provide assurance on data which is processed and available on the cloud. These are new challenges which need to be addressed but at the same time these challenges also provide new opportunities. The biggest challenge is the inherent risks involved and the impact it has on services offered. The opportunity is that Chartered Accounts could provide consulting and assurance services to clients in the areas of Cloud Computing. Chartered Accountants have to understand concepts of cloud computing, service offerings, deployment models and the related risks and controls from two perspectives: 1. Impact on services provided to clients by accessing relevant data at clients offices or remotely; 2. Impact on how services are/ will be provided within their own offices using cloud computing. Another emerging technology trend which has changed the way a Chartered Accountant works is Mobile Computing. Today a CA is using Smartphone, Tablet with Internet connectivity for personal uses, but there is an urgent need to expand it so that the same could be used for its professional purposes. A network of mobile devices could be given to staff for efficient execution of work, but at 3

Module 1: Facilitating e-learning the same time a more mobile work force requires new levels of security and security administration. Apart from that many organisations have started offering mobile based computing like banks who adopt multi-delivery channels in response to customer demands for greater convenience and lower costs. The wireless channel has seen growing acceptance in the retail payments. Yet another big adoption has come from E-Commerce sites, most of whom have launched their mobile applications. All these areas of Mobile computing have their fair share of risks and security concerns. Chartered Accountants as control expert can offer consulting and assurance services to these organisations to help mitigate these risks. 1.2 Cloud Computing 1.2.1 Understanding Cloud Computing Cloud computing is a model for enabling, on demand networked access to a shared pool of computing resources - network/ bandwidth, servers, storage, applications, services etc. Cloud computing refers to computing power in all its totality or specified components (infrastructure, platform or service) being offered in the cloud as a utility to users, to be paid by the meter on consumption basis. As Internet connection s speeds increase and wireless Internet access broadens, more computing activities are being delivered on the Internet. In the Cloud Architecture, the front end includes the client's computer (or computer network) and the Client application required to access the cloud computing system. This could be a Web browser or unique applications that provide network access to clients. On the back end of the system are the various computers, servers and data storage systems that create the "cloud" of computing services. In theory, a cloud computing system could include practically any computer program we can imagine, from data processing to video games. Usually, each application will have its own dedicated server. Any mid-sized business like cooperative banks, Regional Rural Banks or any Marketing company would be benefited by cloud services as their needs could be met by services offered by the Cloud Service providers. 1.2.2 Characteristics of Cloud Computing 1. On-demand self-service: Automatic provisioning of computing capabilities as needed, 2. Network Access: Network should be accessible anywhere by any device - PC/laptop, PDA, smart phone. 4

Chapter 3, Part 1: Cloud and Mobile Computing 3. Resource Pooling: Serving multiple clients using multi-tenant model with different physical and virtual resources 4. Rapid Elasticity: Capabilities to meet clients' increasing requirements at any time. 5. Measured Services: Capability to monitor resource usage for each process and client. 1.2.3 Features of Cloud Computing Cloud computing typically entails the following important features: 1. High Scalability: Enables servicing of business requirements for larger audiences. 2. Agility: Works in distributed mode environment. Shares resources among users and tasks, while improving efficiency and responsiveness. 3. High Availability and Reliability: Chances of infrastructure failure are minimal. 4. Multi-sharing: Multiple users and applications can work more efficiently with cost reductions by sharing common infrastructure. 5. Virtualisation: Allows servers and storage devices to increasingly share and utilize applications. 1.2.4 Types of Cloud Computing The Cloud Computing Environment can consist of multiple types deployment models such as: Public Cloud: Refers to service providers that offer their cloud based services to the general public. Private Cloud: Refers to use of cloud computing concepts use within the confines of a private network. Some businesses like private cloud computing because it provides more control over infrastructure and security than public cloud computing. Hybrid Cloud: Businesses may decide to combine public cloud and private cloud services to create a hybrid cloud. Community Cloud: Several businesses share cloud computing resources. 1.2.5 Cloud Service Models There are three dominant cloud computing models: 1. Infrastructure as a Service (IaaS) 2. Software as a Service (SaaS) 3. Platform as a Service (PaaS). 5

Module 1: Facilitating e-learning Infrastructure as a Service (IaaS): This has the capability to provision processing, storage, networks and other fundamental computing resources that offer the customer the ability to deploy and run arbitrary software, which can include operating systems and applications. Users are not required to manage the infrastructure as they do not possess the ownership of the underlying Cloud infrastructure. Software as a Service (SaaS): This provides the capability to use the provider s applications that run on the cloud infrastructure. The applications are accessible from various client devices. Users are freed from the possession and maintenance issues of software and hardware. Platform as a Service (PaaS): This provides the user organisation s application developers access the hardware and operating system platform allowing them to simply code and deploy applications on the platform without directly interacting with the underlying infrastructure. Source: https://cloudsecurityalliance.org 1.2.6 Benefits and risks in Cloud Computing Though cloud computing offers a lot of advantages to the organisation, yet there are a lot of associated risks. The benefits and risks are outlined below: 6

Chapter 3, Part 1: Cloud and Mobile Computing Benefits Risks Gain competitive advantage. Reach new markets. Improve existing products and services. Retain existing customers. Increase productivity. Contain cost. Develop products or services that could not be possible without cloud services. Break geographic barriers. Greater dependency on third parties, wherever third party services used. Computing services do fail, leaving users unable to access programs or data. Computing services can lose customer data. Increased complexity of compliance with laws and regulations. The dynamic nature of cloud computing may result in confusion as to where information actually resides. When information retrieval is required, this may create delays. Due to the dynamic nature of the cloud, information may not immediately be located in the event of a disaster. 1.2.7 Impact of Cloud Computing on CAs Cloud computing is the new way to do business in our profession. There is absolutely nothing mystical or overly complicated about this model. Technology has and continues to change the way we function within our practices. Think about the changes that we have witnessed over the past 15 years e-mailing, document management, electronic filing, dual monitors, the scanning of source documents, the proliferation of mobile computing technologies and use of smaller, more powerful handheld devices, as well as the use of social networking as a new way to interact with prospective and existing clients and employees, and other professionals. The opportunities lie in the areas of assurance, consulting and implementation. Assurance Services in Cloud Computing In the realm of assurance services, the auditor is required to assess, How much security is enough? Criticality of the application being sent to the cloud. Outsourcer s experience with SLA and vendor management Does the present security model have to be altered? 7

Module 1: Facilitating e-learning Cloud vendor s policy on vulnerability management reporting (beyond basic Contact Us links), commitment to following up, promptly responding to reports etc. Is there an independent auditor s report? What is the impact on the auditor when client has used cloud computing and the data to be audited is with the cloud service provider? How will the auditor access and audit this data? What is the impact on compliances? What is the impact on security? Who is responsible for security of data? Who owns the data? Where does the data reside? What business continuity and disaster recovery measures are in place in the cloud infrastructure? Does the cloud provider have a backup in place? How do I audit or evaluate security controls placed on the cloud-based infrastructure? Consulting In Cloud Computing A Chartered Accountant can provide consulting to clients in the areas of Cloud Computing and can even help a client move to cloud. Following are the steps involved in moving to cloud where a Chartered Accountant can provide consulting service at perhaps every step. 1. Understand the mission. 2. Identify the culture. 3. Determine the value. 4. Understand your data. 5. Understand your services. 6. Understand your processes. 7. Understand the cloud resources. 8. Identify candidate data. 9. Identify candidate services 10. Identify candidate processes. 11. Create a governance strategy. 8

Chapter 3, Part 1: Cloud and Mobile Computing 12. Create a security strategy. 13. Bind candidate services to data and processes. 14. Relocate services, processes, and information. 15. Implement security. 16. Implement governance. 17. Implement operations 1.3 Mobile Computing 1.3.1 Technology Components Mobile Computing is a technology that allows transmission of data, voice and video via a computer or any other wireless enabled device without having to be connected to a fixed physical link. Mobile computing is not just about using mobile phones but it is about computing on the move using wireless connectivity. Mobile computing is enabled by use of mobile devices (portable and hand held computing devices) such as PDA, laptops, mobile phones, MP3 players, digital cameras, tablet PC and Palmtops on a wireless network. The key components of mobile computing are: 1. Mobile communication 2. Mobile hardware 3. Mobile software 1. Mobile communication Mobile communication refers to the infrastructure put in place to ensure that seamless and reliable communication goes on. This would include devices such as Protocols, Services, Bandwidth, and Portals necessary to facilitate and support the stated services. The data format is also defined at this stage. This ensures that there is no collision with other existing systems offering the same services. 2. Mobile hardware Mobile hardware includes mobile devices or device components that receive or access the service of mobility. They would range from Portable laptops, Smartphones, Tablet PC's, Personal Digital Assistants. These devices use an existing and established network to operate on. In most cases, it would be a wireless network. At the back end, there are various servers like Application Servers, Database Servers and Servers with wireless support, WAP gateway, a Communications Server and/or MCSS (Mobile communications server switch) or a wireless gateway embedded in wireless carrier's network (this server provides communications functionality to allow the handheld device to communicate with the Internet or Intranet infrastructure). 9

Module 1: Facilitating e-learning 3. Mobile software Mobile software is the actual program that runs on the mobile hardware. It deals with the characteristics and requirements of mobile applications. It is the operating system of that appliance. It's the essential component that makes the mobile device operate. Mobile applications popularly called Apps are being developed by organisations for use by customers but these apps could represent risks, in terms of flow of data as well as personal identification risks, introduction of malware and access to personal information of mobile owner. 1.3.2 Advantages and Security Concerns of Mobile Computing Advantages of Mobile Computing Location flexibility: Mobile Computing enables user to work from anywhere as long as there is a connection established. A user can work without being in a fixed position. Saves time: Time reduced as there is no travel required from different locations such as office and back. Enhanced productivity: Employees can work efficiently and effectively from any location they are comfortable with and at any time they want. Ease of research: Research is made easier, since users in the field searching for facts can feed data back to the system. Entertainment- Video and audio recordings can be streamed on the go using mobile computing. It makes it easy to access a wide variety of movies, educational and informative material. Security Issues in Mobile Computing Following are some of the major security issues in Mobile Computing: It is not easy to monitor the proper usage. Improper and unethical practices such as hacking, industrial espionage, pirating, online fraud and malicious destruction are some problems experienced due to mobile computing. The problem of identity theft is very difficult to contain or eradicate. Unauthorized access to data and information by hackers. Physical damage to devices, data corruption, data leakage, interception of calls and possible exposure of sensitive information. Lost devices or unauthorized access to unsecured devices allows exposure of sensitive data, resulting in loss to the enterprise, customers or employees. Mobile Apps could also represent a big security risk Controls in Mobile Computing Some of the practices to mitigate these security concerns are: Developing and implementing a Mobile computing security policy. 10

Chapter 3, Part 1: Cloud and Mobile Computing Use of encryption technology such as virtual private networks. Use of power-on passwords. Use of encryption for stored information. Installing security software. Educating the users on proper mobile computing ethics. Enforcing proper access rights and permissions. Auditing mobile security policy and implementation. 1.3.3 Opportunities for CAs As with any IT, CAs have to understand mobile computing technology from three perspectives: Using Mobile computing within a CA firm. Provide consulting services on mobile computing for clients. Provide assurance services on mobile computing for clients. Using Mobile computing in CA firm: Mobile computing can be used by CAs in their own offices for enhancing overall efficiency and effectiveness of services rendered by the firm. However, implementation has to be based on the overall IT Strategic plan of the firm and should take into consideration the current technology deployed, organisation structure, technical competency of the staff, services offered currently and planned in the future, client profile, usage of technology by clients, cost benefit analysis, etc. A detailed project plan with specific milestones and timelines has to be prepared and implemented considering all the above factors rather than just buying mobile devices with connectivity. Consulting on mobile technology implementation: The areas where Chartered Accountants can add value and provide consultancy services are: 1. Business strategy/business process transformation. 2. Risk Assessment, risk mitigating strategy and security at different layers of technology. 3. Designing security policy for the enterprise. 4. Access controls at different layers of technology and for devices/employees. 5. Application and business process controls to be implemented. 6. Training to users on risks, security and controls. Assurance services on Mobile technology implementation Some of the areas where auditors can have a significant role in providing assurance services: 1. Information systems audit of all/any aspect of security policy, business continuity, environmental access, physical access, logical access and application security. 2. Compliance with enterprise policies, procedures, standards and practices as relevant. 3. Physical verification or confirmation of usage of mobile devices. 11

Module 1: Facilitating e-learning 4. Compliance with regulations as applicable. 5. Network security, Database security and Penetration testing as required. 1.4 Summary Accelerated adoption of emerging technologies like Cloud Computing and Mobile Computing has provided a lot of advantages to organisations. However; at the same time the technology implementation has inherent risks which have to be properly understood and mitigated. Chartered accountants have to understand the inherent risks in these technologies so that these could be considered while auditing. An understanding of these technologies will also open new opportunities to the Chartered Accountants in providing related assurance and consulting Services. 1.5 References www.isaca.org/cloud www.cloudconnectevent.in www.cloudsecurityalliance.org/ www.csrc.nist.gov/groups/sns/cloud-computing/ www.opencloudconsortium.org/ www.opencloudmanifesto.org/ www.cloud-standards.org/wiki/ www.searchcloudcomputing.techtarget.com/ www.cloudcomputing.sys-con.com/ www.cloudsecurity.org/ www.cloudaudit.org/ 1.6 Questions 1. Which of the following is not a service model for cloud? A. IaaS (Infrastructure as a service) B. Paas (Platform as a Service) C. SaaS (Software as a Service) D. DaaS (Display as a Service) 2. Which of the following would not be a reason to move to cloud computing? A. Agility B. Scalability C. Security 12

Chapter 3, Part 1: Cloud and Mobile Computing D. Resource Pooling 3. Which of the following is not a benefit of cloud computing? A. Vendor lock in B. Ability to access the application & data from anywhere C. Reduce Hardware Costs D. Reduce need for physical space 4. Which of the following is not an advantage of Mobile Computing? A. Saves time B. Entertainment C. Health hazard D. Location flexibility 1.7 Answers 1 D 2 C 3 A 4 C 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information