企業資訊系統採用雲端運算之設計研究

A Design for Cloud Computing Adoption in an Enterprise Information System

陳聖棋；黃永婷

雲端運算 ； 系統雲端化 ； 資訊治理 ； Cloud Computing ； Cloudified System ； IT Governance

電腦稽核

27期（2013 / 01 / 01）

112 - 122

繁體中文

不同組織採用雲端服務所面臨的問題會依其採用服務種類以及使用方式有所不同。雲端運算服務所提供的資訊架構及流程相較於傳統資訊架構複雜許多，因此，採用雲端服務前需逐步對整體雲端服務採用進行全面性的評估，掌握各環節潛藏的風險，同時，對於潛在風險可能造成的衝擊，亦需與服務提供者事先明確地完成協議以降低帶來的傷害，才能享受雲端服務所帶來的效益。伴隨雲端運算的發展，組織內資訊系統隨著雲端特性的演進、技術發展的成熟、服務標準的建立已逐漸影響資源的整合與業務的發展。本研究以組織導入雲端運算的觀點提出一個系統雲端化的資訊治理架構，從需求、設計、到驗證的階段，分別提出具體的評估程序，歸納並推導嚴謹的系統雲端化的流程。此經過嚴謹設計的評估準則可做為未來企業導入雲端化的參考。

While moving to the cloud, organizations are facing different challenges depend on different service models and method selections. Cloud computing services usually bring a more complicated information architecture and process than usual. Therefore, it is necessary to have a comprehensive assessment of cloud computing strengths, weaknesses, benefits, risks, and impact before the actual cloud adoption. Apart from this, to reach an agreement and consensus with service providers in advance is also important, which is the key to rapid and effective success. This study proposes a method for system cloudified under IT Governance. For each phase of requirement analysis, design, and validation, it concludes criteria to guide companies to transfer systems in cloud computing. It will be a useful reference for private sectors that are willing to adopt cloud services.

1. Federal Risk and Authorization Management Program (FedRAMP)(Dec. 2011), website available at http://www.gsa.gov/portal/category/102371, U.S. General Service Administration.
2. Microsoft Azure(Jun. 2010),“ Cloud Governance”, website available at http://azuredecisions.com/2010/06/10/cloud-governance/
3. Brunette G. and Mogull R.(Dec. 2010)“, Security Guidance for Critical Areas of Focus Cloud Compution V2.1”, Cloud Security Alliance, https://cloudsecurityalliance.org/
4. Liang S. and Ulander P(Dec. 2010),“ Seven Requirements for Building Your Cloud Infrastructure”, http://www.cio.com
5. Websence D. H. and Zscaler M. S.(Mar. 2010), “Top Threats to Cloud Computing V1.0”, Cloud Security Alliance, https://cloudsecurityalliance.org/
6. Bentley Y.(Jul. 2010)“, Cloud Computing: Is ITIL Still relevant?” website available at http://h30499.www3.hp.com/t5/IT-Service-Management-Blog/Cloud-computing-Is-ITIL-still-relevant/ba-p/2410316
7. Kundra V.( Feb. 2011),“ Federal Cloud Computing Strategy”, The US White House..
8. Addis, B.(2010).Autonomic Management of Cloud Service Centers with Availability Guarantees.Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing
9. Ahmad, R.,Janczewski, L.(2011).Governance Life Cycle Framework for Managing Security in Public Cloud: From User Perspective.Proceedings of the 2011 IEEE 4th International Conference on Cloud Computing
10. Buyya, R.,Yeo, C. S.,Venugopal, S.(2008).Market-Oriented Cloud Computing: Vision, Hype, and Reality for Delivering IT Services as Computing Utilities.Proceedings of the 10th IEEE International Conference on High Performance Computing and Communications
11. Faini, F.,Bahsoon, R.(2011).Engineering Proprioception in SLA Management for Cloud Architectures.Proceedings of 9th Working IEEE/IFIP Conference on Software Architecture
12. Frank, E. G.(2009).,Forrester Research Inc.
13. Geelan, J.(2008).Twenty One Experts Define Cloud Computing.Virtualization Journal
14. Hayes, B.(2008).Cloud Computing.Communications of the ACM,51(7),9-11.
15. Hogan, M. D.(2011).,National Institute Standards and Technology.
16. Linthicum, D. S.(2009).Cloud Computing and SOA Convergence in Your Enterprise.Addison-Wesley.
17. Liu, F.(2011).,National Institute Standards and Technology.
18. Morin, J. H.,Aubert, J.,Gateau, B.(2012).Towards Cloud Computing SLA Rick Management: Issues and Challenges.Proceedings of 45th Hawaii International Conference on System Sciences

1. 蔡璧如,陳芃婷,張博遠,洪玄姿,林鈞浩,易穎欣,何彥霖(2019)。教育雲端資訊系統之安全性評估模式。資訊安全通訊，25(2)，17-36。
2. 蔡文隆、陳聖棋(2015)。資訊服務雲端化橋接機制之概念設計與發展。電腦稽核，32，74-81。
3. 鄭弘翊、許文西(2013)。雲端運算服務之個資保護及治理機制。電腦稽核，27，123-135。