All our workshops take place co-located to the European Identity & Cloud Conference 2013 in Munich/Germany. With its world class list of speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, EIC has become an absolute must-attend event for enterprise IT leaders from all over Europe.
To be able to attend Cloud Provider Assurance Workshop you have to register for the European Identity & Cloud Conference 2013 workshop day.
Cloud Provider Assurance Workshop
Cloud services are outside the direct control of the customer organization and their use places control of the IT service and infrastructure in the hands of the CSP (Cloud Service Provider). A structured approach is essential to ensure organizational readiness for the cloud, to select the right service to meet business needs and other non-functional requirements like security and compliance and to enable that service to be assured. This approach applies good governance to the cloud through a combination of internal processes, standards and independent assessments.
This workshop is intended for the people in an organization that are concerned with procuring and assuring cloud services including:
This workshop uses real life scenarios to lead the participants through the steps necessary to assure that cloud services meet their organization’s business requirements. It is based on relevant industry standards and best practice including:
The workshop will use a cloud project from the participants’ organization as a working example. You will need to bring details of this project with you to the workshop.
The process of Cloud provider assurance starts in the procurement process. When moving to the cloud it is important that the business requirements for the move are understood and that the cloud service is selected meets these needs. The cost of buying cloud services is within departmental budgets and sign-off limits. This makes it easy for a group within a large organization to buy a cloud service without considering the risks in terms of legal issues such as data privacy as well as the needs for assuring the service. There should be a clear process for requesting IT services which includes cloud based services and this process should be sufficiently quick and user friendly to ensure that it is not bypassed by lines of business.
The workshop will take the participants through KuppingerCole’s five essential phases involved in a structured approach to selecting a cloud service. This approach is based on good governance and best practice, and the workshop covers the detailed requirements for each of the phases. The approach identifies the business requirements for the service. The non-functional requirements such as information security together with the technical, compliance and legal requirements also need to be taken into account. These business needs, technical requirements and risks form the basis for selecting and assuring the cloud service.
This governance based approach closes the assurance loop by setting measurable controls, which are relevant to the risks and requirements, against which performance of the service can be monitored and independently audited. It enables IT service performance to be related back to the strategic business requirements and provides verification that the on-going service provided is meeting the business needs.
The responsibility for assurance lies with both the cloud customer and the CSP. The workshop will illustrate how the responsibilities between the customer and the CSP can be divided. The customer must understand the sensitivity of the applications and data being moved to the cloud so that security and compliance can be taken account of. The customer together with the CSP should set and monitor controls to assure the service provided. The CSP should use best practice to manage the service and provide access to monitoring of performance.
There is no shortage of advice on cloud computing; there are a least 35 different standards initiatives as well as frameworks, certifications and auditing standards. This proliferation of standards and advice is causing confusion and uncertainty. The workshop will help the participants to understand which of these are relevant to their business, and the CSP. This workshop will explain the key standards and sources of advice:
Independent assessment of CSPs is another important component of assurance. While it is reasonable for the provider to make monitoring information available; it is not be practical for the provider to allow every customer to perform their own audit. Periodic certification of providers by a trusted third party is a way to satisfy this need. Certification can provide an independent confirmation of claims about services provided. However it is important to understand what these certifications and reports cover. Specifically covered will be:
This workshop will use the example cloud service that you provide to lead the participants through the process necessary to assure that cloud services meet the needs of their organization.
Continuing Education Credits
After attending this workshop you will be able to:
This event qualifies for 4 CPE
Who should attend: CIOs, CISOs, IT Managers, and the project managers and IT professionals with 3 or more years’ experience.