Your SlideShare is downloading. ×
  • Like
Bringing the Cloud Back to Earth
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Bringing the Cloud Back to Earth


Cloud computing can be safe, uncomplicated and move the organization forward IF YOU DO YOUR DUE DILIGENCE!! …

Cloud computing can be safe, uncomplicated and move the organization forward IF YOU DO YOUR DUE DILIGENCE!!
It's your data and your neck so don't be afraid to ask the right questions and get them in writing

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Bringing the Cloud Back to Earth
  • 2. Presenters Marv Sauer, Principal – Plante Moran, Education Consulting Marv has more than 25 years taking clients from initial strategic planning through the successful implementation of a variety of proven and leading edge technologies. He is a talented facilitator of small to large groups working with personnel ranging from end users to executive management. Marv has given presentations at local and national conferences on topics such as Building the Network of Tomorrow, Today and With Strategic Planning First, Successful Implementation Follows. Marv holds a Master of Business Administration in Finance from the University of Michigan and a Bachelor of Science in Math and Computer Science from the University of California, Los Angeles (UCLA). Sri Chalasani, Sr. Architect – Plante Moran, IT Consulting Sri has over twenty years of experience and specializes in the design, deployment, and troubleshooting of complex networks. He also has over fifteen years of experience in the design and implementation of broadband multimedia solutions across large networks. Sri has help many organization in the design and selection of data center including strategic sourcing of cloud based solutions. He has an MBA from Wayne State University, a MS in Computer Science from Western Michigan University and a BS in Electronics Engineering from Bangalore University..
  • 3. Administration  Slides are available for download from your webcast console. A recording of today’s webinar will be added to our website in a few days.  We will allow time at the end of the presentation to respond to your questions, but please feel free to submit questions at any time.
  • 4. Administration  This is a CPE-eligible webinar. Throughout the webcast, participation pop-ups will appear.  Participants must respond to at least 75% of these popups in order to receive CPE credit.  To receive CPE credit, you need to be logged in individually to the webinar and meet the eligibility requirements (have an accrued viewing time of at least 50 minutes and 75% response to participation tracking), to receive CPE. Only attendees who are logged into the webinar will be eligible to earn CPE credit. 4
  • 5. Overview Kick it to the next level - move beyond the tutorials • Review drivers, strategy and architectures for deploying a cloud • Identify your risks • Asking the right questions • Selection criteria • The T’s and C’s 5
  • 6. Background Gartner believes enterprises will spend $112 billion cumulatively on software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS), Part of the attraction is the promise of lower total cost of ownership but, with this comes higher risks some of which are not always immediately apparent. Source: Gartner 6
  • 7. Drivers of cloud computing - Recap Drivers • Data Center pressures – increased systems and data explosion • Flexibility - system capacity (elasticity) and ubiquitous access • Minimize risk – modernize to survive / keep up with the times • Cost / predictable cash flow • Reduced operational / systems management • Accelerated access to complex applications • Allow for focus on core competencies 7
  • 8. Strategy - Recap • Goals maybe the same • Questions and priorities may be different and often competing Current IT Env. Terms & Conditions Users Cloud Strategy Risks Security C.I.A Business objectives and goals Costs Governance * Security & compliance * Impacts IT staff? * Performance & reliability? * Distributed workforce? * Agility & growth * Contract, SLA, & support? Administration * Reduce costs? TCO/ROI? * Distributed workforce? * Competitive advantages? * Risks? * Align with business goals? Roadmap Solutions Reg. & Compliance Agility Technology Business IT Staff & App. Integ / skills Process Rearch CEO CIO 8
  • 9. IT Staff Net. Admin, DBA, Programmer Applications Applications Managed services Database PaaS Operating System and Back Office Servers Infrastructure Storage Network IaaS Operating System SaaS System Software Cloud Services Four major building blocks for IT system Architectures - Recap IaaS: Infrastructure as a Service; PaaS: Platform as a Service; SaaS: Software as a Service 9
  • 10. Deployment Models - Recap  Multi-tenancy computing resources (infrastructure, OS, applications are available to other tenants  Typically hosted at a provider  Community Cloud  Collaboration between multiple org.  Involvement by invitation only  Private Cloud  Only your organization has access to the resources.  Hosted internally or hosted by a provider  Hybrid Cloud IaaS / PaaS / SaaS  Public Cloud  Combination of Private and Public  Most organizations Other: internal or external hosted 10
  • 11. Examples of the cloud - Recap IaaS Source: Cloud Taxonomy 11
  • 12. Examples of the cloud - Recap PaaS Source: Cloud Taxonomy 12
  • 13. Examples of the cloud - Recap SaaS Source: Cloud Taxonomy 13
  • 14. Examples of the cloud - Recap Cloud Software Source: Cloud Taxonomy 14
  • 15. What is at risk? • Cloud computing inherently means trusting some of your most valuable assets • Before you start – high level understanding of the risks • Two key assets exposed to risk - Data and Applications/Process • Evaluate the risk for Confidentiality, Integrity and Availability. Impact on asset if it: • Breached • Accessed by provider(s) • Process is manipulated by an outsider • Unavailable for a while 15
  • 16. What is at risk? • Understand risk by mapping the asset to • Possible deployment models • The potential flow of data between your users and CSPs • Assurances on safety of data? • SOC standards provide some level of assurance – CSA, GSA, NIST • CSA / GSA / NIST - tools to assess security requirements & services • Onus is still on you, do have to conduct your own due diligence 16
  • 17. Protect your assets – ask the questions 1. Who’s managing my data? • Qualifications and backgrounds of staff • Who else (partners/sub-contractors) can touch your data? 2. Where’s my data actually located? • Regulatory and compliance requirements for data export • Primary and secondary (replication sites) • Conformance to local laws – data discovery • Map how data is stored and handled 17
  • 18. Protect your assets – ask the questions • Why does location matter? - Country Risk Ratings for Security and Privacy Source: 18
  • 19. Protect your assets – ask the questions 3. What access controls are in place? • What are the physical controls and logical controls? • CSPs disclose data access control processes in place • Frequency of testing of access controls 4. How will my data be physically secured & separated from other customers? • Common hardware or applications with logical controls? • Testing of data encryption / data leakage 5. How’s my data encrypted? • Understand security for data at rest and data in transit • Data at rest - encryption types • Data in transit - encrypted, authenticated and integrity protected 19
  • 20. Protect your assets – ask the questions • Map the potential flow of data between your users (internal and external), other providers and the cloud service CSP2 Organization CSP1 Data App Users Servers CSP3 Backup Backup Backup Users 20
  • 21. Protect your assets – ask the questions 6. What authentication mechanisms are supported by the CSP? • 2-pass authentication - passwords with tokens and certificates • Integration using LDAP and SAML with Dir. Svcs or Identity Mgmt. systems 7. What happens if there’s a data breach? • Incident Response Plan (IRP) - proactive processes and technologies in place to detect if an application or data is under attack. Create your own too • Response times and notification process; request history • Technology Errors & Omissions policy and/or Cyber Liability coverage 21
  • 22. Protect your assets – ask the questions 8. Can the CSP pass muster with the auditors? • Security assessment by a 3rd party or accreditation process • Process for accommodating the needs of the your auditors • Conduct a forensic investigation? 9. Is your cloud computing service SOC 2/SSAE16 (formerly SAS 70) compliant? • No assurances but a step in the right direction • Demonstrates methodical and repeatable process • Security certification and other regulatory requirements HIPAA, FERPA etc. 10. What is CSP’s stability factor? • CSP acquired or out of business? • Timely transition, removal and destruction of your data 22
  • 23. Protect your assets – ask the questions 11. Does the CSP offer backup and recovery services? • Data retention, backup and recovery • Backed up to where. Basic backup services or beyond? • Recovery process from an outage • What is included in your service – does this match you RPO/RTO? 12. What are the contract terms? • SLA, breach notification, intellectual properties, limitation of liability, etc. • More on this later 23
  • 24. Eeny, meeny, miny, moe – Picking a CSP No different than any other selection project • Identify what is important to you • Identify what “must haves” and “like to have” • Don’t ignore security and growth • For each of the identified areas, assign weightage • Seek “written” answers you are looking for • When in doubt err on the conservative side • Reference – ask for a list of clients, not just references • Not to be taken lightly – your data, your neck • Add skill sets to the IT mix to manage and administer vendor contracts • Viewed as a partnership - cannot abdicate management of the vendor / service though they provide the service 24
  • 25. Eeny, meeny, miny, moe – Picking a CSP 25
  • 26. Eeny, meeny, miny, moe – picking a CSP Reference: Intel’s Intel Cloud Finder 26
  • 27. Contractual considerations Negotiate key terms and conditions to mitigate risk and cost exposure: • Uptime Guarantees • SLA penalties • SLA penalty exclusions • Security • Business Continuity and Disaster recovery 27
  • 28. Contractual considerations Negotiate key terms and conditions to mitigate risk and cost exposure: • Data privacy conditions • Suspension of service • Termination • Liability 28
  • 29. Where’s my checklist?  Do I have a “strategy” or am I “piecemealing this”?  Have a process for identifying suitable applications / systems / workloads ideal for “cloudifying” – business objective first  Define your selection criteria - requirements for security, compliance, growth, performance, etc.  Identify issues around migrating existing workloads  Identify vendor(s), vendor lock-ins and flexibilities  Identify the costs? CapEx, OpEx, sunk costs, staff retraining  Identify your questions - have written responses, talk to existing clients  Determine the impact on your IT staff (skills and headcount)?  Understand your contract – have your requirements clearly identified It is not an all or nothing proposition – think hybrid 29
  • 30. Q&A Q&A
  • 31. Thank you for attending Marv Sauer, Principal 248.223. 3120 Sri Chalasani, Sr. Architect 248.223.3707 To view a complete calendar of upcoming Plante Moran webinars, visit