Business Of Cloud Computing Workshop Final

1,995 views
1,847 views

Published on

Cloud Computing presentation given by myself and three others during a workshop, The Business Cloud Workshop:
A Roadmap to The What, Why and How,
at a Cloud Computing conference, The Business of Cloud Computing 2012 held on May 21-22 in Dallas, TX.

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,995
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
43
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Used to be simpler. Every employee got a desktop, every employee got a laptop, consumer IT out-paced enterprise and now every employee wants to connect their mobile device.Cloud enables delivery of very rich applications to a mobile workforce. (expansion of capabilities). –Serious business applications can be had in the Cloud-ERP, CRM, BI. Mobile devices enable ubiquitous connectivity to this capabilities. –Any device, Any Time, Any WhereIntroduces new risks of data loss and threats. Increased threat of IP theft. –Malicious applications can attempt to steal data, create back doors, install malware, send premium text messages,Consumerization trend had added BYOD to the mix. –No longer the CEO and his iPad. Line associate want to connect their devices.Connect personal devices to clouds with company data. –How to wipe the data once device is lost/employee leaves/etc…Segregate personal and company data in BYOD scenarios–How to leave the personal data alone and only wipe company data.
  • Your cloud can walk away in your former employees pocket-Data can easily Cannot avoid this disruptive trend. –If it hasn’t come yet, it will come soon. Mobility will be growing at exponential rates in the coming decade.Employees are trying to access corporate systems and cloud from their mobile devices. –Employees want work/life balance an flexibility.Must assess the risk and devise a strategy. –Understand what's at stake and determine a strategy to manage mobility in your organization.Strike a balance between security and productivity-Security can overwhelm an IT dept or hamper user productivity.
  • How we do it at MARS-Account Management-Face of IT to the business. Validate requests for solutions. Validate scope. Compare with existing service catalog. Existing solution may fit requirements. Avoid redundancy. Work with IT Expert Centers to engage appropriate resources.Commercial-Group that focuses on vendor management, works closely with legal on contractual terms. Accountability for monitoring vendor SLAs, etc…Termination for cause including immediate for insolvency.Source Code escrow.Ability to bring the SaaS software on premise upon entering Chpt 7 Bankruptcy proceedings.Legal –Reviews contractual agreements, terms, clauses, accountability, pay-backs, etc…Executive Steering Group-Strategic vision, enterprise risk mgmt, approving material riskSenior Mgmt- Functional LeadershipEnterprise Architecture-Assess requests for new solutions against technology and enterprise architecture model(s). Strive for solution standardization. An organization may not want to implement a highly customized solution using SUSE. Security Specialists-Assess security based on questionnaires, interviews, 3rd party reports, etc…determine security threats and recommend controls to mitigate threats. Vulnerable systems, poor patching, poor change control, SaaS solution open to Internet. Make contractual recommendations to Acct Mgmt and Legal.
  • How we do it at MARS-Traditional security focuses onsecuring your perimeter.-The cloud is not a moat-Data is often beyond your 4 walls-Data could be spread amongst many data center.-Legal, regulatory and compliance challenges.-How to assess a moving target?-Focus on building assurance through assessments, audits, questionnaires, interviews and transparency.How to define a strategy for assessing Cloud. -Leverage industry Guidance from CSA. Guidance for Critical Areas. Cloud Controls Matrix (maps back to many compliance requirements).-Ask for SOC reports, 3rd party pen and vuln testing. Other assurance reports.-Assess web security against OWASAP top 10, Assess againsat SANS top 25. -Invest time to train your staff in cloud security and build a baseline of understanding.-Interviewing techniques to strive for higher transparency with providers that are very careful not to divulge information.
  • Business Of Cloud Computing Workshop Final

    1. 1. THE BUSINESS CLOUD WORKSHOP:A Roadmap to The What, Why and How Facilitator: Dr. Tushar K. Hazra Speakers: Marc Crudgington, Nikita Reva, & Michael BennettThe Business of Cloud Computing 2012:From Transformation to SustainabilityMay 21 – 22, 2012
    2. 2. Agenda An Overview Workshop Topic and Format Introduction of Speakers Understanding Attendee Interests Part I: Introduction Setting the Stage for the Workshop Part II: Cloud Computing as Enabler Making Cloud Work for You Part III: Cloud Decisions for Your Enterprise Building on Clouds – what You Should or Must Consider Part IV: Roundtable Discussions Sharing Thoughts, Observations, and Lessons Learned 2
    3. 3. An Overview Workshop Topic and Format Foundation to Practice Different Perspectives Sharing Knowledge and Experience Introduction of Speakers Tushar K. Hazra Marc Crudgington Nikita Reva Michael Bennett Understanding Attendee Interests 3
    4. 4. Part I: Introduction Setting the Stage Foundation Definitions What, How, and Why Public, Private, Community, and Hybrid Benefits and Limitations Key Areas for You to Consider Cloud Architecture Cloud Strategy Cloud Architecture Governance Cloud Security 4
    5. 5. Business of The Cloud – Few Questions Are You Using Cloud Computing? If Yes, Why? If Not, Why Not? What Type of Cloud are You Using? Public, Private, Community or Hybrid What has been your experience like so far? What are some of the lessons you have learned? 5
    6. 6. Business of The Cloud – Foundation Fundamentals & Recapitulation What is Cloud Computing? Shift in Computing Paradigms Components of Cloud Computing Layered Architecture Service Models Cloud Architecture for Enterprise Cloud Strategy Cloud Architecture Governance 6
    7. 7. Fundamentals• What is Cloud Computing? As NIST defines – “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” 7
    8. 8. Fundamentals What is Cloud Computing? Five Key Characteristics On-demand self service Ubiquitous network access Location-independent resource pooling Rapid elasticity Pay per use 8
    9. 9. Fundamentals• What is Cloud Computing? Consumer SaaS PaaS IaaS Co Lo Application Platform Architecture Virtualized Infrastructure HardwareCo Lo Facility IaaS PaaS SaaS Provider Adapted from NIST Model 9
    10. 10. Fundamentals What Cloud Computing is NOT… Cloud computing is NOT an alternative to your internal IT • Don’t forget to manage your key IT resources Cloud computing is NOT another form of outsourcing • SLAs with your cloud providers require clear and transparent oversight Cloud computing is NOT same as Web services • Cloud computing and SOA has a relationship 10
    11. 11. Recapitulation – Shift in Computing Paradigms Cloud Computing Grid Computing Internet Computing Network Computing PC Computing Mainframe Computing Six Computing Paradigms 11
    12. 12. Recapitulation – Six Computing Paradigms • Evolution Server User PC 3. Network Computing Server User PC 2. PC ComputingUser Terminal Mainframe 1. Mainframe Computing 12
    13. 13. Recapitulation – Six Computing Paradigms• Evolution (Continued) PC User 6. Cloud Computing Cloud PC User 5. Grid Computing Grid ServerUser PC Internet Server 4. Internet Computing 13
    14. 14. Components of Cloud ComputingA Big Picture View… 14
    15. 15. Components of Cloud Computing• Layers and Service Models Application Resources – typically delivered Application over the platform of the Web – application SaaS components at enterprise level Development Resources – development Platform platform, software components, design tools, PaaS compilers, testing suites Infrastructure Infrastructure Resources – IaaS servers, disks, machines, CPU – also network, routers and switches Virtualization Servers & Storage dSaaS 15
    16. 16. Cloud Computing for Enterprise Common Types of Clouds Public – Cloud infrastructure is owned by one provider Providing services to large industry group or public Private – Cloud infrastructure is owned or leased by one organization Services are consumed by the same organization Hybrid – Cloud infrastructure is combination of two or more clouds Community – cloud infrastructure is shared by several organizations with shared concerns such as mission, security requirements, policy and compliance considerations 16
    17. 17. Cloud Architecture for Enterprise Best Practices to Follow before Considering Cloud Computing for Your Enterprise Assess the business situation first Understand and never underestimate the risks Consider safety measures in the use of cloud computing Recognize the connection of cloud computing with other Web technologies 17
    18. 18. Cloud Architecture for Enterprise Enterprise Architecture Governance Enterprise Enterprise Architecture Operations/ Strategy Architecture Domains Execution Support Create Cloud Formulate Cloud Facilitate Cloud Cloud Value Proposition Strategy Planning Deployment Business Business Information Strategy Architecture (Data) Business drives Portfolio BusinessBusiness Architecture Value Drivers influences influences supports Delivery Supports Application Program (SOA) Management Architecture drives IT IT Technology Transition & Strategy Architecture Architecture Operations (Infrastructure) Support Strategic Planning Solution Delivery Focus Shifts From Strategy Formulation to Solution Deployment Enterprise Architecture Measurement & Maturity 18
    19. 19. Cloud Architecture for Enterprise Steps to Offer Architectural Support to Your Enterprise for Cloud Computing Create Cloud Value Proposition – work closely with business organizations to make a business case Formulate Cloud Strategy – recognize the scope, limitations, benefits and risks associated with potential clouds Facilitate Cloud Planning – ready business and IT organizations to embrace cloud computing – prepare a roadmap for cloud transition Support Cloud Deployment – identify, evaluate and select right cloud provider(s) 19
    20. 20. Cloud Computing for EnterpriseBenefits Limitations Cost Security concerns Optimal Network Control delegation Usage Return on Innovative investment on Expandability existing IT assets Speed to implementation or Openness deployment Compliance Good for Service level environment agreements 20
    21. 21. BREAK 21
    22. 22. Part II: Cloud Computing as Enabler Making Cloud Work for You Innovation and Cloud When Can an Enterprise Leverage them? What are the Risks, Issues, and Concerns? Cloud and Mobile Computing – The Connection What Effect They May Have on Each Other What you must be aware of? Cloud, Big Data and the Enterprise What are the key challenges What works and what doesn’t ?? 22
    23. 23. Part II: Cloud Computing as Enabler Innovation and Cloud: When Can an Enterprise Leverage them? New Business Enablement (division, acquisition, spin-off) Transitioning Applications (new implementation, changing vendors, new version) Company Culture Shift (legacy mindset to cutting edge) Small Business/Start-up The Business Demands Cloud (internal/client) IT Fails To Meet NeedsMC 23
    24. 24. Part II: Cloud Computing as Enabler• Innovation and Cloud – What are the Risks, Issues, and Concerns? Unmet financial objectives (think short-term and long- term) Lack of Service Orientation (processes, interfaces, applications) Legal, Contractual, Compliance (force majeure, privacy, regs.) Cultural Fit (within IT, within the enterprise, customer/clients) Provider Quality (not meeting SLA’s, bandwidth, existence) Security (not insecure just adapt to cloud, internal concerns) There is no such thing as AaaS (Accountability as a Service)MC 24
    25. 25. Cloud and Mobile Computing – The Connection What effect they have on each other Cloud enables delivery of very rich applications to a mobile workforce. (expansion of capabilities). Mobile devices enable ubiquitous connectivity to these capabilities. Any device, Any time, Any where. Introduces new risks of data loss and threats. Increased threat of IP theft. The consumerization trend had added BYOD to the mix. Connect personal devices to company clouds. Segregate personal and company data on mobile devices.NR 25
    26. 26. Cloud and Mobile Computing – The Connection What you must be aware of Your cloud can walk away in your former employees pocket Cannot avoid this disruptive trend. Employees are trying to access corporate systems and cloud from their mobile devices. Security and compliance requirements apply to mobile devices. Must assess the risk and devise a strategy. Strike a balance between security and productivityNR 26
    27. 27. Part II: Cloud Computing as Enabler Cloud, Big Data and the Enterprise: What are the key challenges? Volume, velocity, variety, value Data growth (over 2220 petabytes/day, 1 petabyte = 1000 terabytes, 1 terabyte = 1000 gigabytes) Technical Talent (data architects, data scientists) Business value (transferring data to ROI, revenue, profit) Focus regarding current issuesMC 27
    28. 28. Part II: Cloud Computing as Enabler Cloud, Big Data and the Enterprise – What works and what doesn’t Plan for all dimensions of data (strategic value, future needs, operational effectiveness, regulations, redundant data, ROI Data patterns for better decision making Big Data to specific business goals Create a Center of Excellence (knowledge transfer) Plan for Performance Utilize governance to overcome lack of skills Cloud: DaaS (try before buy, lead with data not apps, internal, quality focus, training, measure resultsMC 28
    29. 29. Business of The Cloud – Questions for Attendees Innovation and Cloud What are some ways your Enterprise has utilized cloud? Have you experienced the business going around IT to implement cloud solutions? Has anyone had an issue with a vendor that caused the relationship to end or was a major disruption? Are there risks/concerns not mentioned or what do you view as the greatest risk/concern? Why?MC 29
    30. 30. BREAK 30
    31. 31. Part III: Cloud Decisions for Your Enterprise Building on Clouds: What You Should or Must Consider Business and IT Alignment The Role of a CIO • Responsibilities and Accountabilities • An Action Plan – What, How, When, Why Building a Right Team • Who is on Your Team? • Who Should be on the Table? And, Why? Law and Order in Clouds What Goes in Cloud SLA? What is Cloud Governance? Who is in it? ?? 31
    32. 32. Building on CloudsWhat You Should or Must Consider in Business and ITAlignment Variable vs. fixed (flexible, deliver value, development) Time-to-Benefit reduced (user base, IT responsive) Refocus IT resources (technologists/operators to strategist/architects) Information assets vs. hardware assets – Data management (contents, business rules, processes, quality) IT Center of Excellence – ROI focus, project management, business partner, imbed ITMC 32
    33. 33. Building on CloudsThe Role of a CIO Responsibilities and Accountabilities Business acumen (change agent, value delivery, partner) Technologist to Strategist (articulate value, identify needs, revenue streams, Chief Risk Officer) IT operations (manage staff, reallocate/retrain, relationships) Business (educator, business optimizer, governance)MC 33
    34. 34. Part III: Cloud Decisions for Your Enterprise Building on Clouds: An Action Plan – What, How, When, Why Vision (benefits, how it will transpire, end goal) Link to Business (operational value, cost savings, segment vision into action items) Portfolio Analysis (cloud ready, cloud future, not cloud, benefits for each) Materialize Strategy (how it will enable business, value delivery, why or why not cloud) Road Map Creation (financial analysis, technology change, IT personnel assessment, types of cloud/s, vendor, meet goals)MC 34
    35. 35. Part III: Cloud Decisions for Your Enterprise Building on Clouds: An Action Plan – What, How, When, Why (Continued) Contingency Plan (plan for change, plan for resistance, plan for roadblocks, plan for failure) Execute Plan (IT staff changes, IT/business interaction, vendor management, start simple/small) Training (end user training, vendor/IT relationship building, executive briefings) Metrics (progress of implementation, value achieved, cost savings, stakeholder value) Re-assess (to improve, to avoid, what was missed)MC 35
    36. 36. Part III: Cloud Decisions for Your EnterpriseBuilding the right team Who is on your team? Who should be at the table? Avoid redundant solutions and ‘Cloud Creep’. – Business • Key business stakeholders. – IT • Account Management-Face of IT to the business • Commercial-Vendor mgmt • Legal-Contractual agreements • Executive Steering Body-Risk council • Senior Mgmt-Leadership • Enterprise Architecture-Solution Feasibility and Integration • Security Specialists-Assess Security Engage others as necessaryNR 36
    37. 37. Part III: Cloud Decisions for Your Enterprise Building the right process What should be the process? Establish gates to assess Cloud GOVERNANCE PROJECT CLOSE GATE FEASIBILITY GATE GATE Top 3 Boxes Green None of 12 Boxes Red All 12 Boxes Green Sponsorship Benefits Case Business Strategy Functionality Usability and Access Solution Maturity Scalability/Flexibilty Support and Interoperability Standardization Security and Information Performance Compliance ManagementNR 37
    38. 38. Part III: Cloud Decisions for Your Enterprise Security in the Cloud Why traditional security does not work? • Traditional Information Security focuses on protecting your moat. • The cloud is not a moat. The cloud is ubiquitous. How to define a strategy for assessing Cloud. • Avoid the rain. Build a strategic Cloud Assessment Program. • Do not reinvent the wheel. Leverage industry recognized Guidance. Industry Best Enterprise Strategic Cloud Practices Gap Analysis Assessment ProgramNR 38
    39. 39. Business of The Cloud – Questions for Attendees• Building on Clouds: What You Should or Must Consider • Has your business experience better alignment through cloud implementation? • How have you seen the role of the CIO/IT change since adapting cloud strategies? • What are some best practices you can share for adopting cloud?• Building the right team • Have you found it challenging to define a strategy? • Once you have defined a strategy, have you found it challenging to engage the right people? • Do you feel your organization has a mature understanding of the cloud? 39
    40. 40. Business of The Cloud – Questions for Attendees• Building the right process • Do you have a process for assessing cloud solutions, if so what does it look like? • What are some of the best practices you can share?• Security in the Cloud • What are you biggest concerns with Cloud Security? • How does your organization assess Cloud Security? • Some organizations feel the cost and efficiency savings outweigh security concerns. What is your stance? • Do you implicitly trust the big players (Google, Microsoft)? 40
    41. 41. Law and Order in Clouds Data Security Transparency –Audit Rights – Geographic Concerns –Confirmation – Processes – Data Security PracticesMB 41
    42. 42. Law and Order in the Cloud: Security HIPAA FTC HITECH Act Stored Communications GLB Act Federal Financial Electronic Institutions Examination Communications Council Regulations Privacy Act PIPEDA PCI SOXMB 42
    43. 43. Law and Order in the Cloud: SLAsUptime Other SLAs “Planned” vs. Break/Fix “Emergency” Downtime Reporting Measurement Helpdesk Tools BPO - Responsiveness Remedy vs. Focusing Processing Tool Disaster Recovery Reporting Period Timing of Maintenance Persistent Downtime What Happens After SLA Triggered? Disastrous DowntimeMB 43
    44. 44. Law and Order in the Cloud Warranties Functionality/Lack of Description Changing Functionality Services No Price Guarantees Disclaimers Limitations of Liability Indemnity Subpoenas, Litigation Holds, Legal ProcessMB 44
    45. 45. Law and Order in the CloudGovernance, Does it Exist? External Governance Internal Governance Return of Data Understand Data Suspension Backup/DR Plans Leverage Breach Notification Multi-tenancy Plan Public/Private Hybrid Transition Plan Public Sources of Privacy Pre-Audit Information Data Map Create AwarenessMB 45
    46. 46. BREAK 46
    47. 47. Part IV: Roundtable Discussions• Sharing Thoughts, Observations, and Lessons Learned – Suggested Topics 47
    48. 48. Part IV: Roundtable Discussions• Managing Cloud Computing at Your Enterprise – What is the due diligence process for evaluating cloud providers? • Independent Evaluation • Internal Assessment • Incorporation of Industry best practice – What & how Cloud Service is being Managed? • Recognition of cloud management capabilities • Consistency of the management with target usage and users 48
    49. 49. Part IV: Roundtable Discussions• Managing Cloud Computing at Your Enterprise – Few other areas of discussion – How are heterogeneous systems supported? – How are availability commitments ensured? – How is system integration enabled? – What is integrated within services management? – How is regulatory compliance accommodated? – How is security management implemented? 49
    50. 50. Thank you for your time!! Tushar K. Hazra, PhD Chief Technology Officer & Founder tkhazra@epitomione.com Tel. (443)540 -2230 Marc Crudgington marccrudginton@yahoo.com Tel. (832)592-3854 Nikita Reva Nikita.Reva@effem.com Tel. (312)391-8825 Michael Bennett Mbennett@edwardswildman.com Tel. (312)201-2679 50

    ×