Above the Clouds

Above the Clouds: Managing Risk in the World of Cloud Computing

KEVIN T. MCDONALD
Copyright Date: 2010
Published by: IT Governance Publishing
Pages: 166
https://www.jstor.org/stable/j.ctt5hh4xc
  • Cite this Item
  • Book Info
    Above the Clouds
    Book Description:

    Above the Clouds: Managing Risk in the World of Cloud Computing acts as a primer and strategic guide to identify Cloud Computing best practices and associated risks, and reduce the latter to acceptable levels. From software as a service (SaaS) to replacing the entire IT infrastructure, the author serves as an educator, guide and strategist, from runway to getting the organization above the clouds. Valuable tips on how to choose your provider of Cloud Services are also offered.

    eISBN: 978-1-84928-032-7
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 2-4)
  2. PREFACE
    (pp. 5-8)
  3. ABOUT THE AUTHOR
    (pp. 9-9)
  4. ACKNOWLEDGEMENTS
    (pp. 10-10)
  5. Table of Contents
    (pp. 11-15)
  6. INTRODUCTION
    (pp. 16-27)

    When discussing Cloud Computing, it is helpful to have a lexicon of common terms handy. Additional resources and expanded definitions are available on the National Institute of Standards and Technology website that have contributed greatly to the discussion of Cloud Computing.

    http://csrc.nist.gov/groups/SNS/cloud–computing/

    Cloud Computing provides widely accessible, on-demand, elastic computing power. These services are metered and charged back based on usage.

    The capital investment in the data center is assumed by the Cloud provider and operation costs are passed on to the Cloud data center users. This shifting from a capital-intensive model to an operating-expense model shifts the material...

  7. CHAPTER 1: SETTING COURSE TO THE CLOUDS
    (pp. 28-47)

    If you have tried to hire any IT folks lately, you may notice that a) it is difficult to find and keep staff, and b) once you are staffed, they may not always be all that productive. Part of the reason is that the skill set required to put the average organization’s IT on the burner is so massive and complex, that the staff may only perform one or two of the critical functions on a monthly basis, not on a weekly basis, much less a daily basis. As a result, when you hear of a computer installation gone wrong...

  8. CHAPTER 2: PREFLIGHT CHECK
    (pp. 48-63)

    A US government CIO when asked, “Assuming that the Cloud is the future for a lot of current computing functions, what can an organization do now to prepare and future-proof their organization?” replied, “Find out what you have. That is the best place to start”.

    So, from that, we begin a discussion of your computing architecture. Architecture may seem a bit boring. Enterprise architects analyze and document the current system design, starting with a high level of how systems are connected, burrowing down into the application connections and sometimes even the connections within an application. Understanding the current environment is...

  9. CHAPTER 3: TAXI RUNWAY
    (pp. 64-95)

    The data centers of today have some great capabilities. It is nearly free to connect one, it is much easier to start one up and it may not take all that much care and feeding once it is established.

    That can translate into lots of folks offering you a bit of their Cloud, like Amazon’s EC2 service. And if some of the more dodgy start-ups (Amazon excepted, of course) haven’t done their homework, their Cloud could spring a hole and deflate. That puts you, your organization and maybe everyone else that you do business with at risk.

    With all of...

  10. CHAPTER 4: TOWER CLEARANCE
    (pp. 96-119)

    In embarking on a Cloud Computing project, it is important to assess the risks, come up with strategies to mitigate the risks and communicate any that aren’t sufficiently covered.

    In practical terms, this involves a mix of project management and business continuity best practices to arrive at a) the overall risk of the project, and b) what can be done to mitigate or lower the risk to acceptable levels.

    Risk assessments take into account fire, flood and other intentional and unintentional disruptions caused by people. These are multiple pathways that can disrupt the people, processes and technology that drive an...

  11. CHAPTER 5: SECURING THE CABIN
    (pp. 120-126)

    There is a saying that a cart that overturns in the road ahead is a warning to the one behind. The closer the organization can stay with the mainstream of computing research, the more likely the organization will be able to benefit from someone else’s overturned cart.

    Conversely, every organization adopting the same systems and sharing open access among a largely unregulated and unsupervised workforce may also be vulnerable to the same attack.

    A random email or spam can be opened by the lowliest clerk or the highest executive. A website that appears to be only advertising the services of...

  12. CHAPTER 6: TAKE OFF
    (pp. 127-159)

    Reducing these operational risks may be enough of a motivation to at least examine the possibility of moving to Cloud Computing. The same restrictions apply. First, seek to understand your current systems. Second, look at the available options and goals for the organization. Where there are overlaps for Cloud Computing advantages, the disadvantages that may exist below the surface are likely to be security and transportation costs. If you fail to factor these into your analysis, it may turn out to be less advantageous in the short run to convert even one application to Cloud Computing.

    If you have a...

  13. CHAPTER 7: ABOVE THE CLOUDS
    (pp. 160-163)

    An understanding of the current environment, the risks and rewards of converting, the number of hurdles, and internal stakeholder support all have to be factored into making any conversion project successful.

    Starting along this path is never easy. It is critical to consider what will be gained from a successful implementation. It is also critical to consider what might be lost if the implementation fails.

    Determine what is crucial in your current environment, what key applications are contributing to your success, and which applications are or are not commodities.

    Start a dialogue internally regarding which applications the current users think...

  14. ITG RESOURCES
    (pp. 164-166)