This document discusses a presentation on virtualization and cloud computing essentials from an auditor's perspective. It begins with an introduction of the presenter and their qualifications. It then provides definitions and descriptions of key cloud concepts like virtualization, cloud models of SaaS, PaaS and IaaS. The document outlines some of the business benefits of virtualization including cost reductions, maintenance improvements, security risks, user experience and flexibility. It also discusses some common risks associated with virtualized infrastructure and networks.
4. http://www.enterprisegrc.com
What Is Cloud Services?
4
Cloud enables resources to serve multiple
needs for multiple consumers, rather than
dedicating resources for individual
infrastructure, software, or platforms
Cloud Computing
Where is it?
What is it?
Cloud delivers IT capabilities that scale with
demand, rather than being defined by a fixed set
of assets.
Cloud is delivered as a well-defined
service, instead of as a product that
needs system administrators and
maintenance.
Cloud is typically based on open Internet
technology, which increases its
interoperability.
Cloud is priced according to
recurring subscriptions or has
usage-based charges, rather than
having an up-front cost
44. http://www.enterprisegrc.com
ITIL Glossary
Applicationservice
provider
Service Design (Thisterm is now superseded by ‘SaaS service provider,’ though not exactly identical)(ITIL®phase: Service Design) An external
service provider that provides IT services using applicationsrunning at the service provider’s premises; users access the
applicationsby networkconnections to the service provider
Architecture Service Design (ITIL®phase: Service Design) The structure of a system or IT service, including the relationshipsof components to each other and
to the environment they are in; architecturealso includes the standards and guidelines,which guide the design and evolution of
the system
Assets Service Strategy Asset: (ITIL®phase: Service Strategy) Any resource or capability; assets of a service provider include anything that could
contributeto the delivery of a service; assets can be one of the following types: Management, Organization,Process,Knowledge,
People,Information,Applications,Infrastructure,and Financial Capital
Availability Service Design (ITIL®phase: Service Design) Ability of a ConfigurationItem or IT service to perform its agreed function when required;
availabilityis determined by reliability, maintainability,serviceability,performance, and security; availability is usually calculated
as a percentage;this calculation is often based on agreed service time and downtime; it is best practice to calculate availability
using measurements of the business output of the IT service
Backup Service Design (ITIL®phase: Service Design) (ITIL phase: Service Operation) Copying data to protect against loss of integrity or availability of the
original
Businesscontinuity
management
Service Design (ITIL®phase: Service Design) The business process responsible for managing risks that could seriously impact the business; BCM
safeguardsthe interestsof key stakeholders,reputation,and brand and value-creatingactivities; the BCM process involves
reducing risks to an acceptablelevel and planning for the recovery of business processes should a disruption to the business
occur; BCM sets the objectives,scope, and requirements for IT Service Continuity Management
Capacity Service Design (ITIL®phase: Service Design) The maximum throughputthat a Configuration Item or IT service can deliver while meeting agreed
service level targets; for some types of CIs, capacity may be the size or volume, for example, a disk drive
Capacity ManagementService Design (ITIL®phase: Service Design) The process responsible for ensuring that the capacity of IT services and the IT infrastructureis able
to deliver agreed service level targets in a cost-effectiveand timely manner; Capacity Management considers all resources
required to deliver the IT service and plans for short-, medium-, and long-term business requirements
Change Advisory
Board
Service Transition (ITIL®phase: Service Transition)A group of people that advises the Change Manager in the assessment,prioritization,and
schedulingof changes; this board is usually made up of representativesfrom all areas within the IT service provider, the
business,and third parties, such as suppliers
Change Management Service Transition (ITIL®phase: Service Transition)The process responsible for controlling the lifecycle of all changes; the primary objective of
Change Management is to enable beneficial changes to bemade, with minimum disruption to IT services
Charging Service Strategy (ITIL®phase: Service Strategy) Requiring payment for IT services; charging for IT services is optional, and many organizations
choose to treat their IT service provider as a cost center
Confidentiality Service Design The security goal that generates the requirement for protection from intentional or accidentalattempts to perform
unauthorizeddata reads; confidentialitycovers data in storage,during processing,and in transit (ITILphase: Service Design); a
security principle that requires that data should only be accessedby authorized people
Configuration Service Transition (ITIL®phase: Service Transition)A generic term used to describe a group of ConfigurationItems that work together to deliver an
IT service or a recognizable part of an IT service; configurationis also used to describe the parameter settings for one or more CIs
45. http://www.enterprisegrc.com
ITIL Glossary
Configuration
Management
Database
Service Transition ConfigurationManagement Database (ITIL®phase: Service Transition)A databaseused to store configurationrecords throughout
their lifecycle; the ConfigurationManagement System maintains one or more CMDBs, and each CMDB stores attributes of CIs and
the relationships with other CIs
Deployment Service Transition (ITIL®phase: Service Transition)The activity responsible for movement of new or changed hardware, software,documentation,
processes,and so on to the live environment; deploymentis part of the Release and Deployment Management process
Developer,
development
Service Design Development: (ITIL®phase: Service Design) The process responsible for creating or modifying an IT service or application; also used
to mean the role or group that carries out development work
Downtime Service Design (ITIL®phase: Service Design) (ITIL phase: Service Operation) The time when a ConfigurationItem or IT service is not available during
its agreed service time; the availability of an IT service is often calculatedfrom agreed service time and downtime
Environment Service Transition (ITIL®phase: Service Transition)A subset of the IT infrastructurethat is used for a particular purpose; for example, live
environment,test environment, and build environment.
Identity Service Operation (ITIL®phase: Service Operation) A unique name that is used to identify a user, person, or role; the identity is used to grant rights to
that user, person, or role; for example, identities might be the user name SmithJ or the role “change manager”
Integrity Service Design (ITIL®phase: Service Design) A security principle that ensures that data and ConfigurationItems are only modified by authorized
personneland activities; integrity considers all possible causes of modification,including softwareand hardware failure,
environmentalevents, and human intervention
Middleware Service Design (ITIL®phase: Service Design) Software that connects two or more software components or applications;middleware is usually
purchasedfrom a supplier, rather than developed within the IT service provider
Outsourcing Service Strategy Contractingthe services of outside suppliers instead of providing those services with the company’s own staff and assets; (ITIL
phase: Service Strategy) Using an external service provider to manage IT services
Provider Service Strategy Service provider: (ITIL phase: Service Strategy) An organization supplying services to one or more internal customers or external
customers
Requestfulfillment Service Operation (ITIL®phase: Service Operation) The process responsible for managing the lifecycle of all service requests
Resilience Service Design (ITIL®phase: Service Design) The ability of a ConfigurationItem or IT service to resist failure or to recover quickly following a
failure,for example, an armored cable will resist failure when put under stress
Resource Service Strategy (ITIL®phase: Service Strategy) A generic term that includes IT Infrastructure,people, money or anything else that might help to
deliver an IT service; resources are considered to be the assets of an organization
Security Management Service Design ISM: (ITIL®phase: Service Design) The process that ensures the confidentiality,integrity,and availability of an organization’sassets,
information,data, and IT services; Information Security Management usually forms part of an organizationalapproach to Security
Management,which has a wider scope than the IT service provider, and includes handling of paper, building access,phone calls,
and so on for the entire organization
Server Service Operation (ITIL®phase: Service Operation) A computer that is connected to a network and provides software functions that are used by other
computers
Softwarerelease Service Transition (ITIL®phase: Service Transition)A collection of hardware, software,documentation,processes,or other components required to
implement one or more approved changes to IT services; the contents of each release are managed, tested, and deployed as a
single entity
Sourcing Service Strategy Service sourcing: (ITIL®phase: Service Strategy) The strategy and approach for deciding whether to provide a service internally or
to outsource it to an external service provider; service sourcing also means the execution of this strategy
47. http://www.enterprisegrc.com
Since we only had one hour,
there were a lot of topics we
couldn’t discuss. Let’s keep
the dialogue going on
Facebook, LinkedIn and
Twitter.
Thanks for your time
This presentation was a sample of content found in Cloud Essentials™ and
Virtualization Essentials™ Curriculum. Some views and all graphics are the
copyright of EnterpriseGRC Solutions™ . For more information about
copyrighted content from CompTIA™ and ITpreneurs™ , please visit
http://www.enterprisegrc.com/index.php?option=com_content&view=article&i
d=49:edu&catid=37:edu&Itemid=62
EntepriseGRC Solutions™ is an Itpreneurs partner, Member of the Cloud
Credential Council and (ten year) sponsor to the ITGI™