In this video you will learn to describe the benefits of cloud computing, describe the components of cloud security, and define the importance of a cloud governance process. Now we're going to talk about the cloud benefits, a little bit about cloud security and the importance of having a proper governance around your cloud computing environment. So what are the benefits of cloud computing based on everything that we have covered so far? So first of all, you have flexibility, right? You have the capability to grow an environment according to your business needs. You're not attached to a single place. You can have access to the resources from wherever you are in the world and you don't have limitations about it. So Cloud computing as you may guess, comes very handy and very flexible. The second one is efficiency, right? The fact that you can join a meeting using WebEx wherever you are at the time at whatever time in the world that you are, right? And the fact that you can add more resources to make speeds more efficient. That's what we call efficiency in cloud computing. And of course, and the most important thing is, the strategic value. The fact that the same flexibility that we talked about a few seconds ago, allows us to guide the strategic items about cloud computing. With our strategic goals or our organizational goals, right? So the fact that you can guide those in the same direction makes a lot for the strategic value of a business. Now let's talk about Cloud Security. When you have a Cloud, remember then in the first live, we mentioned that one of the perceptions about Cloud computing is that you don't really have security. Well that's not true, at 100%, right? You do have Cloud security, and these are just some of the items that you have to consider when you want to establish or you want to have proper controls in terms of security around Cloud. So first of all you need to have disaster recovery and business continuity planning in place, right? So you want to think about what happens if my vendor is under an attack? Or what happens if my vendor has a power outage that can't provide more services? You need to think about that in a disaster, right? So do I need to have another provider? Do I need to have a backup just in case? Do I need to have copies of my backups and run books about how I did the whole implementation of the Cloud in case I need to go and run, look for another vendor. All that needs to be well established and planned in the disaster recovery and business continuity. Then governance. And we're going to talk a little bit more about governance In the last slide, which is the next one. But you definitely need to have some governance around Cloud computing, right? Who's going to be in charge? What parties need to be involved? What is going to be the communication plan? What are going to be the flows? What am I going to expect out of the cloud environment? All that needs to be properly established. Of course compliance, and with compliance we mean for how long for example, I need to have the logs from Cloud computing. Is that Cloud computing compliant against any regulations that I might have in my organization, right? Is it compliant with the policies I have and the country that I'm based in, right? Let's talk about for example GDPR, right, in Europe. Is my cloud computing environment compliant with GDPR? Is it going to violate any information from my vendors or my customers across the world? That's something that we need to really consider about Cloud computing. Of course, availability, and this ties into the disaster recovery plan as well. What happens if my vendor is out of service? Do I have another vendor? The information that is within the cloud, what happens if it's not available anymore? Do I have a Web site? Do I have a server on site that can host the website that I have hosted in the Cloud? All of that is information that I want to have in mind when putting my security framework around the Cloud security. Of course, data security. Is information encrypted? How is it going to travel from my company to my Cloud vendor? What safeguards my cloud vendor has in place, right? That's something really important. We want to make sure we have periodic audits in our cloud, or within our cloud provider, to make sure that our data is safe out there. Particularly if we have that, or if we have an infrastructure, based on the public Cloud. And something really, really important is the identity and access management. We want to make sure and we want to have a record of who is accessing what, where, how, and why, right? That's really important. We need to make sure that access management is a must. The fact that we have a third party managing the Cloud environment doesn't mean that we still need to track and need to have access to those logs and visibility to those logs. So all of these items we just talked about in conjunction made for a good Cloud Security strategy. Now let's talk about Cloud governance, and this is going to finish the cloud security portion of the slides. In order to have an effective cloud strategy, you need to have a very good Cloud governance. And the only way you can have good governance around Cloud, is if this governance is aligned with the service and with the organization. Which is the little circles you see on your right side. And as you see there, the three of them, the governance, the service and your organization need to overlap in different places, right? You cannot have governance if it's not aligned to your service or the service you're providing in the Cloud. And of course the service you're providing on the cloud needs to be aligned with your organization goals, right? And the organization goals, of course, need to have or need to be involved with the governance. So, as you see it's a little triangle. You cannot really sacrifice any of the points on the triangle. All the three need to be there and need to be aligned, as I said, with the service. With the organization, with the governance, in order to have an effective cloud security strategy.
