Вы находитесь на странице: 1из 39

How to provide assurance in the cloud

CA ANAND PRAKASH JANGID

Agenda of the workshop

Check in

How Cloud have changed Business dynamics

Cloud auditing environment- Characteristic and challenge

Cloud computing risk and audit consideration

Check out- key take aways

Check in

The Future is not, What it used to be

Famous Technology Predictions

I think there is a world market for maybe five computers.’

Thomas Watson, Chairman of IBM, 1943

‘There is no reason why anyone would want a computer in the home.’

Ken Olson, Present, Chairman and founder of Digital Equipment Corporation,

1977

‘640K should be enough for anybody.’

Bill Gates, 1981

‘So far, Java seems like a stinker to me…I have a hunch that it won't be a very successful language.’

Paul Graham, Author

Understanding Cloud

Understanding Cloud

What is Cloud Computing?

What is Cloud Computing? Privileged and Confidential 6
Auditor
Auditor
Auditor

Cloud A force

Cloud – A force Privileged and Confidential 10

Introduction

Definition

Source

Definition

Gartner

“a style of computing in which massively scalable IT-related capabilities are provided “as a service” using internet

technologies to multiple external customers”

IDC

“an emerging IT development, deployment and delivery model, enabling realtime delivery of products, services and

solutions over the internet”

The 451

“a service model that combines a general organizing principle for IT delivery, infrastructure components, an architectural approach and an economic model basically, a confluence of grid computing, virtualization, utility computing, hosting and software as a service”

group

Merrill

“the idea of delivering personal and business productivity

Lynch

applications from centralized servers”

personal and business productivity Lynch applications from centralized servers” Privileged and Confidential 11

Conventional model vs Cloud model

Conventional

cloud

Manually Provisioned

Self-provisioned

Dedicated Hardware

Conventional

Shared Hardware

Fixed Capacity

Elastic Capacity

Pay for Capacity

Pay for Use

Capital & Operational

Operational Expenses

Expenses

Managed

Characteristics of Cloud By CSA and NIST

CSA

On demand self Broad network services access
On demand
self
Broad
network
services
access

Resource

pooling

Measured

Service

Rapid

Elasticity

Multi

Tenacity

NIST

access Resource pooling Measured Service Rapid Elasticity Multi Tenacity NIST Privileged and Confidential 14

Five Key Cloud Attributes by NIST:

Shared / pooled resources

Broad network access

On-demand self-service

Scalable and elastic

Metered by use

Privileged and Confidential 16

Advantages of the Cloud

Control Intro Risks Forensics and Audit
Control
Intro
Risks
Forensics
and
Audit

Cost

Effectiveness

Convenience

Accessibility

Storage

Backup

Flexibility

Software

Audit Cost Effectiveness Convenience Accessibility Storage Backup Flexibility Software Privileged and Confidential 20

Disadvantages of the Cloud

Control Intro Risks Forensics and Audit
Control
Intro
Risks
Forensics
and
Audit

Lack of

Controls

Lack of

Features

No

Redundancy

Limited

Hardware

Costs

Bandwidth

Issues

Controls Lack of Features No Redundancy Limited Hardware Costs Bandwidth Issues Privileged and Confidential 21

Cloud Computing Risks and

Audit Considerations

Privileged and Confidential 23
Privileged and Confidential 24

Privileged and Confidential

24

Privileged and Confidential 25

Privileged and Confidential

25

Appendix

Appendix

Appendix

Appendix

Appendix

Appendix

Appendix

Appendix

Appendix

Appendix

Appendix

Appendix

Questions???

Questions??? Privileged and Confidential 38

Thank You

CA ANAND PRAKASH JANGID

+91 9620233516

anandjangid@gmail.com

Thank You CA ANAND PRAKASH JANGID +91 9620233516 anandjangid@gmail.com