Kai-uwe ruhse, CISA, PCI
QSA, is a senior manager
at Protiviti Germany and is
responsible for the German
IT consulting team. He can
be reached at
kaiuwe.ruhse@protiviti.de.
Cloud Computing as an Integral
Part of a Modern IT Strategy
Examples and Project Case Studies
maria baturova is a
consultant in the IT consulting
team of Protiviti Germany
with experience in
governance, risk and
compliance, and cloud
computing. She can be
reached at
maria.baturova@protiviti.de.
Cloud computing is being labeled as a new
Internet technology that provides cost-efficient
and flexible infrastructure and applications
to the business. However, there seems to be a
gap between the technical possibilities and the
practical usage of cloud services.
This article describes real cloud computing
project case studies, which show that moving
to the cloud is an important strategic decision
for IT managers. The existing IT strategy must
be reconsidered, and possible cloud computing
scenarios must be deviated.
Current cloud projects are still characterized
as being in the testing phase and are mostly
performed for IT services that are considered to
be uncomplicated. Even these projects show that
challenges persist in the area of data security
and compliance.
STAr TIng POIn TS
Different definitions and models of cloud
computing exist and are often used as starting
points for evaluations. Figure 1 was developed
by the US National Institute of Standards and
Technology (NIST) and provides an overview
of typical characteristics, service models and
deployment models.
The characteristics section summarizes
relations and differences to existing IT services.
The service models section refers to software,
platform and infrastructure decisions based on
functional requirements and sourcing strategies.
The deployment models section covers access
rights and responsibilities. A typical choice is the
private cloud that runs solely for one organization
and can be organized and managed either
by the organization itself or by a third party.
Additionally, the cloud can be located in
Figure 1—nIST visual model of Cloud Computing
Characteristics
Do you have something
to say about
this article?
Visit the Journal
pages of the ISACA
web site ( www.isaca.
org/journal), find the
article, and choose
the Comments tab to
share your thoughts.
Go directly to the article:
Broad
Network
Access
Rapid
Elasticity
Resource
Pooling
Measured
Service
On-demand
Self-service
Service Models
Infrastructure
as a Service
(IaaS)
Platform
as a Service
(PaaS)
Software
as a Service
(SaaS)
Deployment Models
Private
Community
Public
Hybrid
Source: National Institute of Standards and Technology (NIST), http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
