Rob Livingstone Advisory - The risks of a fractured cloud strategy within the australian enterprise - csa 10 may 2012 (c)

556
-1

Published on

This Keynote presentation was delivered by Rob Livingstone at the Inaugural Cloud Security Alliance NSW Chapter meeting. The primary focus of my presentation was to take a business / non-IT Executive's position on the whole topic. If anyone would like more information on my other presentations, please visit http://www.navigatingthroughthecloud.com/

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
556
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Rob Livingstone Advisory - The risks of a fractured cloud strategy within the australian enterprise - csa 10 may 2012 (c)

  1. 1. © All rights reserved. Rob Livingstone Advisory Pty Ltd. Unauthorized redistribution prohibited without prior approval.‘Navigating through the Cloud’ is a Trademark of Rob Livingstone Advisory Pty Ltd. The risks of a fractured Cloud strategy within the Australian Enterprise CSA – Sydney Meeting 10th May 2012 ROB LIVINGSTONE - PRINCIPAL, Rob Livingstone Advisory Pty Ltd, and - Fellow, University of Technology, Sydney navigatingthrougthecloud.com
  2. 2. Agenda• Scope• Theme• Systemic Risks vs. Technical Risks• Cloud Strategy? What Cloud Strategy?• Risks of a fractured Cloud strategy• From consumer to corporate – the leap of faith• Recognise the forces behind Cloud adoption• Orchestrating the Hybrid Cloud ecosystem• Some risk mitigation approaches navigatingthrougthecloud.com
  3. 3. Scope HARDEST Major enterprise instances, with complexity, scale, risk, compliance, deep integration, long term Integration, enterprise governance needed Commodity / Stand-alone Cloud applications EASIEST navigatingthrougthecloud.com
  4. 4. ThemeKey Variable #1: SIZEHow big is the target organisation? A ‘no-brainer’• Sole trader• SME• Mid sized• Large• Very large Eyes wide openBroadly speaking, what is the ease of adoption and suitability of Cloud forthese organisations? navigatingthrougthecloud.com
  5. 5. ThemeKey Variable #2: COMPLEXITYHow complex is your organisation? A ‘no-brainer’• Simple – Can run it on a spreadsheet• Somewhat complex• Lots of moving parts• Very sophisticated structure, processes, etc• My head hurts thinking about it Eyes wide openBroadly speaking, what is the ease of adoption and suitability of Cloud forthese organisations? navigatingthrougthecloud.com
  6. 6. ThemeKey Variable #3: FAULT TOLERANCEHow FAULT TOLERANT is your organisation? A ‘no-brainer’• Pretty resilient – lots of workarounds• Would get by in the event of a major fault• Serious damage could result• Organisation’s viability would be threatened• High / extreme – people die, organisation Eyes wide open ceases to exist, external liability, etcBroadly speaking, what is the ease of adoption and suitability of Cloud forthese organisations? navigatingthrougthecloud.com
  7. 7. ThemeThe commercial imperative meets regulatory, security, privacy. navigatingthrougthecloud.com
  8. 8. ThemePublic Cloud : All You / Your Client have is a contract…. navigatingthrougthecloud.com
  9. 9. Systemic Risks vs. Technical Risks• Most large organisations are: – Complex systems• Systemic Risks are inherent in Complex Systems – Systems that are complex (discrete or non-linear) rather than linear – Systems that are tightly coupled – Systems that are time-dependent – Systems that contain invariant processes (independent of change) – Systems that contain little slack……. …..are more prone to systemic failure, rather than component failure• Technical Risks – Failures associated with discrete elements of the overall system ‘Normal Accidents: Living With High-Risk Technologies’. Charles Perrow, New York: Basic Books, Inc., 1984. navigatingthrougthecloud.com
  10. 10. Cloud Strategy? What Cloud Strategy?• In, and of itself a ‘Cloud Strategy’ means little• If there is a coherent…… – Enterprise business strategy, supported by coherent.. – Business Plans, of which a key component is the … – IT Business Plan, of which a key component may be … – A Cloud Strategy… … you minimise the risks of poorly defined /orphaned projects or fractured Cloud strategy• Let’s explore some of the risks associated with a Fractured Cloud Strategy …. navigatingthrougthecloud.com
  11. 11. Risks of a fractured Cloud Strategy• Short term commercial imperatives trump all else• Vendor predation• Inappropriate reassignment of accountabilies from IT• Dismembering of enterprise IT• Federated Cloud solution selection without federating the risks• Global Optimum vs. Local Optimum• Increased TCO• Inadequate procurement due diligence in key domains such as cost, legal, governance, compliance, security, etc…• Suboptimal architecture• Proliferation of data silos• Heightened information security vulnerability navigatingthrougthecloud.com
  12. 12. From Consumer to Corporate – a stepof faith for some? SMB  Mid Market Big end of town navigatingthrougthecloud.com
  13. 13. Recognise the forces behind Cloud adoption • Identify the origins of the change driver from Internally generated influences, which could include.... o IT Department wanting to migrate to Cloud o Business demanding IT move to the Cloud o Compelling vendor offer (maybe yours?) generates the demand to shift to the Cloud o Need for an IT system – fast! o IT just not meeting the organisation’s needs o Perceived high comparative cost of internal IT o .... And so on .... navigatingthrougthecloud.com
  14. 14. Recognise the forces behind Cloud adoption Identify the origins of the change driver from External influences : o New legislation o Merger / Acquisition o Margin / Profit squeeze o Cut ‘Time to market’ o Need to drive innovation o Mandate from overseas Headquarters o ... And so on ..... navigatingthrougthecloud.com
  15. 15. Orchestrating the Hybrid Cloud ecosystem1. Key drivers of integration effort: • Number of systems to be connected navigatingthrougthecloud.com
  16. 16. Orchestrating the Hybrid Cloud ecosystem1. Key drivers of integration effort: • Number of systems to be connected • Who is in control – you or the Cloud vendor? • Degree and scope of Integration • Risk tolerance • IT Architectural considerations • Compliance, Regulatory and Audit load • Disaster Recovery implications (Logical and Physical) X navigatingthrougthecloud.com
  17. 17. Orchestrating the Hybrid Cloud ecosystem1. Key drivers of integration effort: • Number of systems to be connected • Who is in control – you or the Cloud vendor? • Degree and scope of Integration • Risk tolerance • IT Architectural considerations • Compliance, Regulatory and Audit load • Disaster Recovery implications (Logical and Physical) • Size navigatingthrougthecloud.com
  18. 18. Orchestrating the Hybrid Cloud ecosystem1. Key drivers of integration effort: • Number of systems to be connected • Who is in control – you or the Cloud vendor? • Degree and scope of Integration • Risk tolerance • IT Architectural considerations • Compliance, Regulatory and Audit load • Disaster Recovery implications • Size • System volatility navigatingthrougthecloud.com
  19. 19. Orchestrating the Hybrid Cloud ecosystem1. Key drivers of integration effort: • Number of systems to be connected • Who is in control – you or the Cloud vendor? • Degree and scope of Integration • Risk tolerance • IT Architectural considerations • Compliance, Regulatory and Audit load • Disaster Recovery implications • Size • System volatility • Systemic complexity navigatingthrougthecloud.com
  20. 20. Orchestrating the Hybrid Cloud ecosystem1. Key drivers of integration effort: • Number of systems to be connected • Who is in control – you or the Cloud vendor? • Degree and scope of Integration • Risk tolerance • IT Architectural considerations • Compliance, Regulatory and Audit load • Disaster Recovery implications • Size • System volatility • Systemic complexity • Security and privacy navigatingthrougthecloud.com
  21. 21. Orchestrating the Hybrid Cloud ecosystem1. Key drivers of integration effort: • Number of systems to be connected • Who is in control – you or the Cloud vendor? • Degree and scope of Integration • Risk tolerance • IT Architectural considerations • Compliance, Regulatory and Audit load • Disaster Recovery implications • Size • System volatility • Systemic complexity • Security and privacy • Budgetary / cost navigatingthrougthecloud.com
  22. 22. Orchestrating the Hybrid Cloud ecosystem1. Key drivers of integration effort: • Number of systems to be connected • Who is in control – you or the Cloud vendor? • Degree and scope of Integration • Risk tolerance 1 Yr 2 Yrs • IT Architectural considerations • Compliance, Regulatory and Audit load 3 Yrs • Disaster Recovery implications 6 Mths • Size 5 Yrs • System volatility • Systemic complexity • Security and privacy • Budgetary / cost • Life expectancy of the system(s) navigatingthrougthecloud.com
  23. 23. Orchestrating the Hybrid Cloud ecosystem2. Blending legacy, on premise and other IT systems• The cost of building the integration points may exceed the cost of your Cloud application• What are the business requirements for: • Data integration  Drives enterprise data matching  Dashboards and ‘Business Intelligence’  ...... And so on • Application integration  Do you want to create an integrated user experience? – ie: Single screen rather than having a use a myriad of screens from different systems navigatingthrougthecloud.com
  24. 24. Orchestrating the Hybrid Cloud ecosystem3. Localised Clouds leading to federated IT / Cloud Silos• Organisations with poor ITBusiness engagement and alignment facilitate the growth of local cloud applications that: • Meet a local business need • Are easily managed by the local ‘owner’ navigatingthrougthecloud.com
  25. 25. Orchestrating the Hybrid Cloud ecosystem4. Local optimum vs. Global optimum• What’s good for a local instance may be save time, cost, etc• Does this approach scale?• Factored in costs, effort and risks of Administering multiple systems?• Centralise Decentralise discussion starts all over again• Take an evolutionary approach?• Do you only mandate in the case of risk, privacy, security? navigatingthrougthecloud.com
  26. 26. Orchestrating the Hybrid Cloud ecosystem5. Hybrid architectures including hybrid security model• How do you manage security in a federated, distributed model? navigatingthrougthecloud.com
  27. 27. Orchestrating the Hybrid Cloud ecosystem6. Potential points of conflicts with CSO / CFO / CIO / COO • Gain consensus from all stakeholders in your organisation on the settings for enterprise risk, governance including • Compliance, discovery, forensics, logging and fault finding challenges7. Enterprise data warehousing and integration • Network speeds and related considerations8. Enterprise data warehousing and ‘Big Data’ • Quo Vadis? navigatingthrougthecloud.com
  28. 28. Some risk mitigation approaches• Be crystal clear on the drivers behind Cloud for the organisation.• Understand and accurately map the solution to the organisation’s legislative, regulatory and compliance environment• Know the minimum privacy, security and data jurisdictional needs clearly.• Map to the organisation’s potential client’s regulatory environments if needed• Resolve integration complexities – Map cost exposures in cloud brokerage and integration environments navigatingthrougthecloud.com
  29. 29. Some risk mitigation approaches• Assess the volatility of your cloud provider’s ecosystem – What will your provider look like in 2 years time?• Delivery through Service Value Chains means that the weakest link effect is to be recognised and managed• Identify inconsistencies in Security, Privacy, Governance, Regulatory compliance through the Cloud provider’s chain• Confirm executive accountabilies for risk!Reshape the role of your IT Department• Shift from a technology provider to a Services broker• Differing skills mix for in-house IT• Technology enabled business services is the direction to take for enterprise IT navigatingthrougthecloud.com
  30. 30. Some risk mitigation approaches• Perform your own due diligence, and seek absolutely independent, experienced, financially disinterested advice if needed• Stress test your business case by: – Conducting a sensitivity analysis for feasible business, legal and operational scenarios – Pricing in risk – Defining and costing your exit strategy for each stage of the life cycle in your Cloud – Defining the Cloud roles and accountabilities clearly. E.g. How do they compare to the roles defined in the NIST CCRA? navigatingthrougthecloud.com
  31. 31. Subscribe to my Podcast Channel – Interviews,Discussions and independence + PDF Transcripts navigatingthrougthecloud.com
  32. 32. QUESTIONS / DISCUSSIONROB LIVINGSTONE- PRINCIPAL, Rob Livingstone Advisory Pty Ltd, and- Fellow, University of Technology, SydneyRob Livingstone Advisory Pty Ltd ABN 41 146 643 165W1: www.rob-livingstone.comW2: www.navigatingthroughthecloud.comE: rob@rob-livingstone.comP: +61 2 8005 1972P: +1 609 843 0349M: +61 419 632 673F: +61 2 9879 5004 rladvisory© All rights reserved. Unauthorised redistribution not without prior approval navigatingthrougthecloud.com

×