[ad] The service leader for Cloud is now in Australia. Secure, reliable cloud and managed hosting all backed by 24x7x365 Fanatical Support. Create your free account now.
Buy an Seagate Business Storage NAS for your chance to win a holiday
[ad] Purchase a selected Seagate Business Storage NAS to receive a $20 cash-back AND go into the draw to win a $1,000 Flight Centre voucher so you can holiday in the destination of your choice. T&Cs apply.
Great articles on other sites
- Adelaide Uni on hiring blitz for tech transformation
- Human Services to cut 56 IT jobs
- Turnbull to release NBN review next week
- Canberra blitzes states with NBN take-up rates
- War on whistleblowers from Abbott, Turnbull as ICJ case arrives
- Stockland tech revamp at centre of growth plans
- Clare warns of Gonski-like backflips on the NBN
- Victoria seeks early buy-in to avoid past disasters
- Vtalk bucks the China trend with plan for Aussie build
- Booksellers bristle at Amazon's arrival
How mobile and social media affect your Customer Experience strategy
[ad] How will the adoption of mobile devices and social media affect your Customer Experience strategy? Are you reaching your organisation's customers through these touch points? Click here to download a whitepaper by Fifth Quadrant examining consumer and business attitudes to these new contact channels.
50 things top IT pros need to know
[ad] This 18 page TechRepublic whitepaper explores 10 things you should know to become an epic IT manager, 40 other essential tips to advance your IT career and practical guidance for starting an IT consulting business. Click here to access the whitepaper.
Enterprise IT, Sponsored Posts - Written by External Contributor on Tuesday, March 26, 2013 9:43 - 3 Comments
Assessing risk in cloud computing projects:
A free framework [sponsored post]
This article is a sponsored post by Microsoft Australia chief technology officer Greg Stone. Click here to download a free copy of Microsoft’s Cloud Risk Decision Framework.
sponsored post When many people come up against the term “risk” in the context of IT projects, they immediately reach for the telephone to call for their IT security experts. Risk, to many people, means the risk of data loss; in this sense, focusing on security has often been a logical proxy for more comprehensive IT risk management strategies.
However, the moves which many organisations are currently undertaking as they embrace cloud computing technologies for substantial cost reductions, performance improvements and greater scalability in their IT operations have made many IT professionals aware that such definitions of risk are not always comprehensive enough to meet their needs.
The fundamental promise of cloud computing technology is that it allows organisations to externalise many of the resources previously managed within their own operations. However, unlike traditional outsourcing, which has typically been provided by one or multiple suppliers, cloud computing involves a broad range of suppliers whose varying approaches to security, governance, resilience, availability and privacy create a level of uncertainty for organisations. This creates perceived risk.
Risk management is defined in the ISO 31000 international standard as “the effect of uncertainty on objectives”; therefore externalising IT resources via the cloud changes the risk profile for the workload and organisation. This demands a formalised approach to understanding and addressing the risk when considering a cloud-based option.
It is critical for an organisation to make a balanced assessment of this risk, because doing nothing may pose the greatest risk of all. And yet, currently, many organisations are ill-prepared to identify and weigh-up the risk landscape associated with a cloud option. With this in mind, Microsoft has developed a Cloud Risk Decision Framework; a set of tools designed to help organisations identify, analyse, assess and determine potential risk and solutions associated with deployments of cloud computing technologies.
Right now you’re probably thinking that The Cloud Risk Decision Framework is just another vendor-focused tool designed to get you to adopt Microsoft technologies. Somewhere in this document – probably just when you least expect it! – is a big fat promotion for Windows Azure, right? Or Office 365? Wrong ;)
This guide has been designed to assist IT and non-IT individuals to evaluate potential cloud-based IT capability, from a vendor-neutral standpoint. It aids the user in evaluating risk, no matter which brand of cloud computing solution you might be evaluating. No additional training should be required as this guide provides a well-structured process that should be easily followed by a competent business practitioner.
What’s more, it’s not intended to replace a comprehensive Enterprise Risk Management practice within an organisation. The Cloud Risk Decision Framework serves as support in the decision-making process as per the Risk Management best practice guidance outlined in the ISO31000 international standard.
The Cloud Risk Decision Framework in practice
Let’s go into an example of how The Cloud Risk Decision Framework can apply in practice, using the fictional example of a government department known as the Department of Citizen Engagement (DoCE).
The IT division of the department supports the IT needs of DoCE, as well as several other agencies and departments; not an uncommon situation in government, where large departments often support smaller ones. However, the number of staff being supported has increased steadily over the years. This has driven a situation where meeting load requirements has become more challenging, at the same time as in-house expertise has become more pressured for time and budget pressures have made themselves known. And of course there are ongoing concerns about IT security in a climate where external threats are growing.
The use of cloud computing technologies is one option to tackle this situation. However, it’s not an easy decision: Some of the supported agencies have stringent regulatory requirements they need to comply with, especially relating to data use and classification.
Using The Cloud Risk Decision Framework, the first task for DoCE would be establishing the scope for the potential cloud computing project. In this case, it consists of the core messaging system, identity and access systems supporting the messaging system, relevant devices accessing the messaging system (including, for example, smartphones and tablets) and business processes which touch on the messaging system.
Some time would then spent on agreeing on definitions regarding the impact and likelihood of various types of risks. For example, if a low risk eventuated, it might be able to be easily absorbed by normal business operations on the day concerned, while a severe risk, if it eventuated, might result in serious (but not complete) damage to assets of the department or its reputation. It’s important also at this stage that the diverse stakeholders in the project become involved in further analysis – including technical staff such as a representative from the department’s IT security team and its CIO, but also representatives from the department’s finance, legal and operations divisions, for example.
The next stage of the project would involve identifying the risks inherent in the department’s current system. This step can be crucial, as it can reveal some critical risks in the existing environment which might not be widely known, or be perceived as benign when they are actually more serious.
After that, DoCE would be able to evaluate the risks involved with using a public cloud computing platform as a replacement option, for example, and compare them with the risks involved in maintaining its currently platform. The same process can be applied to several specific cloud computing solutions in more detail to compare risks between different solutions.
What the department would end up with from this process was four major categories of risk (compliance, strategic, operational and market & finance), cross-linked with the likelihood of those risks eventuating. This would then flow into conclusions about which risks could be reasonably managed, and which couldn’t, and a comparison of the risks inherent in staying with their current platform, compared with the risks involved in migrating.
The last several steps in DoCE’s process would involve treating risks with risk mitigation strategies – for example, by implementing a hybrid cloud email system which would make some use of public cloud infrastructure while retaining in-house control over some sensitive accounts – and then producing a formal report which can be presented to the department’s executive council.
This may, or may not, result in an immediate decision to proceed with the project – but it may allow high-level decision-makers to authorise further in-depth investigation of the various options. The initial risk assessment conducted through the use of The Cloud Risk Decision Framework would then form a ‘launching point’ for further research.
You can see from this example that a department like DoCE would have had quite sensible fears about migrating its core messaging platform to a cloud computing solution. But here’s the thing about fear: When it’s broken down in its constituent parts and analysed, it starts to seem manageable, rather than unsurmountable. This is what The Cloud Risk Decision Framework is all about – building in a needed level of discipline amongst professional buyers of IT products and services. In the process, risk management turns from being an impediment to IT projects proceeding to an enabler of positive, considered change. And I think we can all agree that’s a very good thing.
Latest Delimiter 2.0 articles (subscriber content)
|Politicians from Australia’s major parties need to stop issuing ludicrous blanket pardons for the intelligence community’s ongoing misdemeanours and start applying a basic modicum of transparency and accountability to this important national security function.|
|The independent pro-fibre National Broadband Network movement is doing a far better job of promoting Labor’s Fibre to the Premises-based NBN policy than Labor itself. When is Labor going to wake from its slumber and start supporting this scrappy but energetic grassroots network of activists?|
|Ziggy Switkowski's first substantial public appearance since being appointed NBN Co chief executive has starkly demonstrated just how different he is from his predecessor, Mike Quigley, and just how strictly he will adhere to the guidelines which his patron, Communications Minister Malcolm Turnbull, has set for him.|
|Australian technology companies have been virtually absent from the the nation’s public stockmarket over the past decade as the stigma of the dot com bust took its toll on investor confidence. But a clutch of new listings planned for the closing months of 2013 shows renewed interest in the sector and that local entrepreneurs are smelling money in the air once again.|
|NBN Co’s Strategic Review process gives the company an unmissable opportunity to re-evaluate the early decision to deploy its FTTP network primarily through Telstra’s underground ducts. The company and its new Coalition masters must now seriously consider deploying more fibre aerially on power poles in an effort to speed up its rollout substantially.|
|That moment which many Australian technologists fervently hoped for but never expected to see has come to pass: Simon Hackett has been appointed to the board of the National Broadband Network Company. But what questions should the Internode founder be asking NBN Co’s executive management team? Here’s five ideas to start with.|
|The rapid replacement of respected NBN Co chief operating officer Ralph Steffens with a Telstra executive who appears less experienced with fibre rollouts but better politically connected represents a key signal that NBN Co’s senior executive hiring process has now become completely politicised and is no longer independent from the Federal Government.|
Enterprise IT, News - Dec 6, 2013 12:50 - 0 Comments
More In Enterprise IT
- Payroll disaster: Queensland sues IBM
- End of an era: Oracle Australia’s ‘safe hands’ leaves
- Qld launches whole of government IaaS panel
- Defence finally allows staff iPhones, iPads
- NSW Govt refreshes ICT Advisory Panel
News, Telecommunications - Dec 6, 2013 11:54 - 144 Comments
More In Telecommunications
- NBN Co internal FTTN analysis: Turnbull refuses to retract inaccurate claim
- Defying the Senate: Turnbull to release NBN Review by end of 2013
- Senate to force Turnbull to publish NBN Review
- Get on with FTTN job, Quigley tells NBN Co
- Senate circus shows politics has no place in NBN
More In Industry
- Xbox One goes off with a bang … but will the PS4 launch eclipse it?
- It’s not just Freelancer: Aussie tech IPOs are back in general
- Freelancer’s IPO: A billion reasons to care
- Australian retailers online: Late to the party and much to do
- DesignCrowd picks up another $3m
Digital Rights, News - Dec 5, 2013 14:08 - 25 Comments
More In Digital Rights
- Global privacy group files formal ASD complaint
- Labor open to surveillance discussion
- Snowden an “American traitor”, says Australia’s Attorney-General
- ASD goes rogue with Aussie metadata
- It’s live: Delimiter publishes AGD FoI mirror