Course Description:
Cloud computing adoption is a new and major global wave of activity in IT and business. Virtually many organizations, large and small, profit or non-profit have already adopted some form of cloud computing model or are seriously contemplating migrating a whole range of IT business applications and critical systems to the cloud model.
However, as has been the case in any new technology adoption in the past, there are very important GRC and Auditing and Business Continuity (ABC) considerations associated with functioning in a cloud computing environment. Unfortunately, these issues are typically an after-thought for those entrusted with the feasibility, assessment and implementation of the cloud initiative as they are primarily concerned with the Effectiveness, Economy and Efficiency (EEE) aspects of any new technology.
Moving many of your IT activities and critical business processes to the cloud is no trivial matter. As with any new technology adoption, cloud computing brings with it many new threats and risks. As a responsible executive, CIO, technologist, technology assessor, auditor, security, compliance, legal or procurement officer, you want to minimize the risks associated with engaging cloud computing services provided by a third-party entity. One of the key mechanisms to assist you in this delicate task is to diligently prepare “your own” set of Service Level Agreements (SLAs) that reflect your specific needs.
This highly interactive course will cover principles and guidelines of GRC as they apply to cloud computing. It will provide you with the fundamental considerations to assist you in the task of developing a sound and effective set of SLAs whether you are contemplating moving to the cloud or if you are already in the cloud, to assist you in renegotiating existing service agreements.
This cloud computing seminar will focus on the following topics:
- Threats, risks and exposures in cloud computing
- Cloud Service Level Agreements (SLAs)
- Governance, risk management and compliance issues for the cloud
- Classes of Service Level Agreements for the cloud
- Practical guidelines for the safe selection of cloud service providers to ensure adequate GRC provisions are satisfied.
Learning Objective:
Upon completing this course on cloud computing, participants will learn:
- The fundamental principles and guidelines of GRC as they apply to cloud computing.
- The approaches and the key elements involved in preparing a sound set of SLAs for cloud computing.
- How to prepare their own specific set of SLAs which can also serve to effectively select the most suitable cloud service providers.
Who will Benefit:
The course will assist executives and professionals in practicing responsible due diligence for cloud computing:
- IT executives, CIOs, Systems and Datacenter Professionals
- Chief Security Officers (CSOs), Chief Technology Officers (CTOs)
- Security and Control Professionals
- Corporate and IT Governance Officers, CCOs, CFOs
- System Quality Assurance and Standards Development Professionals
- Technology Acquisition Team Leaders and Staff
- Internal and External Auditors
- Technology Assessors
- Management Consultants
- Cloud Service Providers
- Any User Department Manager Contemplating the Adoption or Use of Cloud Computing Services (internal or external)
- Legal Officers
- Procurement and Contracting Professionals
- Treasury Department Executives Dealing With Project Justification and Financial Approval
- Governance, Risk Management and Compliance (GRC) Professionals
- Any Professional Interested In or Dealing with Cloud Computing Issues
Topic Background:
In a great majority of situations, organizations that have migrated or are contemplating to move to the cloud do so without an adequate set of service requirements definitions and GRC provisions to make the transition to and operation of the cloud arrangements safe. As a result, they simply accept the “generic” terms that most cloud service providers offer to all kinds of customers who may actually have individual GRC requirements.
It is absolutely necessary for responsible organizations to prepare a set of SLAs that apply to your organization, regardless of the “generic” SLAs that the cloud service providers may offer. The set of company-oriented SLAs is necessary even if the prospective cloud providers might not be able to meet all the SLAs that your organization would ideally like to receive from the cloud provider. Having a set of SLAs that reflect your organization’s needs enables the service buyer to calibrate the provider and receiver’s SLAs and determines those areas that may be critically important to make the agreement acceptable and also assess the risk of engaging a service supplier that is not able to satisfy important SLAs.
The need to define service level requirements applies to whether an organization is considering a public, a private or a hybrid cloud option. The SLA set will also be most valuable in selecting the most suitable cloud service provider as there is a tremendous variety of provisions offered by a wide variety of cloud providers who are just, as anyone else, learning the cloud game in the absence of universal and global cloud standards.