• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
 

Cloud Connect: Manage Risk in the Cloud

on

  • 1,176 views

This presentation examines how companies can take full advantage of the cloud’s efficiency and cost benefits – while managing risk. Also examine the security and compliance factors every ...

This presentation examines how companies can take full advantage of the cloud’s efficiency and cost benefits – while managing risk. Also examine the security and compliance factors every organization should consider when evaluating cloud computing options.

Statistics

Views

Total Views
1,176
Views on SlideShare
1,168
Embed Views
8

Actions

Likes
2
Downloads
74
Comments
0

2 Embeds 8

http://www.cloud24by7.com 4
http://www.linkedin.com 4

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Cloud is no longer a “buzz” word. According to a recent poll by IDC, companies haven’t moved to cloud yet, but most have plans to do so for at least a part of their environment. The primary use case customers are evaluating cloud is for production application hosting. Companies need to understand the different cloud technologies and decide how to best leverages the advantages. “ By 2012, industrialized utility and cloud-based services will account for at least 50% of the new demand for managed IT infrastructure services.” ~ Gartner Infrastructure-as-a-Service (IaaS) expected 44% CAGR from 2010-2014 (451 Group) IaaS market made up of 3 growing provider categories (Gartner) Web hosting companies : Rapid market transformation shifting customer purchases from dedicated servers on long-term contracts to on-demand capacity utilizing primarily virtual servers Data center outsourcing providers: Gradual adoption of infrastructure utility models has introduced flexible pay-as-you-go terms, and scalable, elastic architectures Pure-play cloud-native services: Companies without a previous history in infrastructure services
  • Greater Flexibility – Leverage existing and new infrastructure and applications Lower cost – of maintenance, rolling out new services Lower risk – adapt with changing business requirements, The balance on these items might shift based on the size of the company and the economic times we are operating in
  • Cloud users live in a world of Fear Uncertainty and Doubt. It is very much a wild west where even paid users have no guarantee over the availability of their data. Case in point: A user who stored 4k+ pictures in an online image service provider had his photos mistakenly deleted by an administrator; An even larger mail service provider recently announced that a ‘bug’ caused 150K of their users to lose their mails. In both these instances, the customers got their photos and important emails thanks to faithful backup technology – however, for many anguishing hours if not days, these users had almost given up of retrieving their data. While these examples illustrate that a Cloud based platform can indeed be resilient with the right policies in place, a user’s peace of mind requires an explicit understanding of how safe that data really is and what policies are being taken to prevent such issues.
  • These risks are already addressed within an existing IT infrastructure. Hence, the Cloud will also need to mitigate these risks.
  • Multi-tenancy & Virtualization – Is Virtualization secure and will one customers be truly not overlap with another customer on the same system? Customers are often concerned that regulatory reasons might need them to stay on a dedicated system – however there is a risk/reward tradeoff to deal with. Data Governance – Customers are concerned that they don’t have direct visibility into where their data will reside or who will interact with it and how. Hence. this is ultimately about information lifecycle management Application Integration – As part of the Cloud adoption, Customers are not willing to rewrite their entire application – While the Cloud is ideal for new projects that can be contained within the Cloud, in the short term they are looking to leverage as much of their existing assets as possible (including hardware and software) to protect their current investment. This requires a hybrid approach that leverages the Cloud for part of the overall application – requiring integration with the customers datacenter or their colo footprint Monitoring – Customers who ran their own cloud are used to keeping track of the various thresholds of their environment for managing the health of their applications proactively. In the Cloud, customers are concerned about being in the dark about the health of their virtual assets but also the health of the overall platform – they want to know whether there is someone truly taking care of the platform as a whole Oracle - the last major issue on every CXOs mind is whether they can get Oracle to run on the virtual environment or how their apps can still run leveraging the cloud and not breaking any contract definitions Manageability – none of the previous issues can truly be addressed without any clear form of SLAs – its these SLAs that actually serve to reduce the risk for the customer. SLAs however come in varying sizes and shapes and require a deeper understanding from the customer
  • Each of these regulations address the concerns of various industries and have some specific language and requirements that pertain to their industry. However, the recommendations for IT are all based on the same set of best practices and control objectives. Under a set of fairly prevalent regulations (HIPAA, GLB, PCI) there are common security processes that SunGard follows – these security processes often required by common compliance regulations. Additionally, there are other laws/regs that customers have to comply with that have not been mentioned (i.e. FDA regs, USDA regs, broker/dealer regs), all of which contain security/data protection aspects. None of these requirements can be addressed by bolting on products. These requirements need to influence the core physical and logical architecture with security controls required at every layer of the platform with to meet current and future regulatory needs.
  • SunGard’s approach is that with set of standardized Cloud services will come a common base of security controls.
  • This ability to augment a private cloud with the resources of a public cloud can be used to maintain service levels in the face of rapid workload fluctuations. A hybrid cloud can also be used to handle planned workload spikes (sometimes called surge computing). There’s a level of interoperation between cloud types requiring secured gateways.
  • This slide provides a more detailed view of vBlock and the capabilities of the infrastructure. We should stress the importance of a managed vs. unmanaged managed solution and highlight the value added services listed above. With SunGard ECS you get a fully managed solution back by our expertise.
  • Example of an IDS event workflow used by a CSIRT – what happens for Cloud events?
  • Cloud will enable the development moving forward of our LOBs. It will allow for the delivery of a range of availability technologies by developing services that deliver productivity and expertise to IT production services.
  • Contract for base-level of committed resources (Resource Pool) Pricing fixed for the term of the contract for all short-term upgrades (Flex) or coterminous additions providing transparency Upgrades are performed on demand No utility pricing surprises Flex offers elasticity for seasonal demand or short-term projects Resource pools span ECS regions All customer VM’s are provisioned inside Virtual Private Datacenter(s) (VDCs) All VDCs come equipped with redundant firewalls, load balancers, site-to-site VPNs and up to five private VLANs Dedicated blade option available Customers may have as many VDCs as required for their use case Customers can allocate the resources to their VMs as they see fit (and can change them at any time)
  • SunGard Fully Manages our enterprise cloud infrastructure – performing patches, version upgrades, and trouble-resolution on the compute, storage, bandwidth, and networking components. Management is part of the basic package of infrastructure services.
  • Business objectives: Capex avoidance (e.g. data-center, tech refresh) Personnel related cost alignment What is an ideal project for IaaS? Applications are Loosely coupled Applications are already virtualized Applications and/or services are new Identify technical requirements Application Architecture & Dependencies Scalability & Performance Requirements Security and Network needs Availability requirements and BC plan Identify providers based on required objectives and test platforms for requirements support Select platforms and deploy to an IaaS provider

Cloud Connect:  Manage Risk in the Cloud   Cloud Connect: Manage Risk in the Cloud Presentation Transcript

  • The Secure Enterprise Cloud Indu Kodukula Executive Vice President and Chief Technology Officer Satish Hemachandran Director Product Management
  • Production + DR are 80+% of Enterprise Cloud Priorities *IDG Research, 2010 What services are you planning to enhance with cloud computing?
  • The Cloud Promise: COST FLEXIBILITY RISK POSITIVE POSITIVE ??
  • And Reality Bears Out There is Risk… Jan 2011 : Online image service provider mistakenly deletes 4,000 pictures from a paid user’s account Feb 2011 : Online email service provider loses mails from 150K user accounts during a weekend outage
  • Traditional Enterprise IT Risks Changing Market/Business conditions might need you to expand or contract capacity Unplanned disaster scenarios can significantly disrupt regular business operations Breach of security and policy controls can lead to business and regulatory issues
  • Cloud Risks are (Mostly) Old Wine in New Bottles Security Compliance Connectivity Availability Manageability
  • Security & Compliance: Platform & Policies
  • Most Regulations Share a Common Concern: Implementation and Enforcement of Policies
    • Secure Remote Access
    • Role-Based Access Control
    • Separation of Management, Control and Customer Planes
    • Availability and Fault Isolation
    • Issue Prevention, Detection, Remediation
    • Log Management
    • Security and Auditing
    • Business Continuity & Disaster Recovery
    • Data Retention/Archival
    Tracks all access to network and cardholder data Documentation of actions & activities with 6 yr data retention Organization wide security for IT systems to support ops. and assets Protect customer information & identify/ resolve sec. violations Financial and accounting functions segregation of duties
  • Layered Security with Common Base of Controls Presentation Models and Platforms Application Interfaces Applications Data Meta Data Content Hardware Infrastructure Facilities Infrastructure Connectivity Abstract Layer Integration and Middleware Logical, Physical, and Environmental Security Host hardening, Encryption, Separation and segregation (Network, Host and Storage) Performance and security monitoring Patch and release management Abstract layer hardening, Monitoring, Separation, Patch and release management, and policy controls Identity Management Policy, Auditing, & Compliance Security Detection, Response, Containment, Eradication, and Forensics
  • Creating a Secure Cloud Foundation for Enterprise Compliance Mgmt.
  • Connectivity: Cloud, Non-Cloud/Hybrid
  • Choice of Connectivity to Meet Every Business Need Site to Site VPN INTERNET DEDICATED CIRCUIT MPLS SUNGARD ENTERPRISE CLOUD CUSTOMER WAN/REMOTE CUSTOMER WAN/DATACENTER CUSTOMERS’ CUSTOMER Public Internet Client VPN
  • Hybrid Cloud Use Case
    • Leverage existing/legacy infrastructure e.g. mainframes
    • Integrate with other external virtual clouds for burst (flex) capacity
    • Host applications requiring physical/dedicated and virtual systems (e.g. Oracle)
    • Integrate with third-party hosted applications e.g. ASP, PaaS, SaaS,
    Colocation Internal Cloud IaaS Cloud 1
  • Building a Hybrid Cloud SUNGARD NETWORK Site to Site VPN SUNGARD DATACENTER INTERNET DEDICATED CIRCUIT MPLS SUNGARD ENTERPRISE CLOUD Cross Connect CUSTOMER WAN/REMOTE CUSTOMER WAN/DATACENTER CUSTOMERS’ CUSTOMER Public Internet Client VPN
  • Manageability: Monitoring and Remote Hands
  • The Cloud Management Challenge
    • Customers are still the same
      • Complex architectures with point-to-point connections
      • Legacy platform support dependencies (Win2k, Mainframes)
      • Non-(x86)cloud integrations (Mainframes, Unix)
    • Enterprise needs from cloud providers
      • A full portfolio of management services (OS, Database, Security)
      • Migration assistance and custom policies
      • Integration of cloud & non-cloud
      • Auditability of the platform and datacenter
      • SLA’s for the platform & service
      • Periodic reporting and guidance
  • Cloud Extends Traditional Management (but with different tools)
  • ITIL Based Support Process Request for Change Incident Request for Information Service Reporting Performance Reporting Availability Reporting Configuration Reporting KPI and SLA Reporting Service Operation Tier 1 Tier 2 Tier 3 Service Desk Service Delivery Request Fulfillment Change Management Problem Management Configuration Management Resolution Portal Aggregation Engine Correlation Validation Event Management Front End Ticketing System Verification Customer Customer CMDB
  • Enterprise Cloud: Platform + Automation + Process + People Technical Focus
  • Availability: Scalability & Recovery
  • Scalability
    • Customer workloads vary in their infrastructure demands. Typically:
      • Memory Utilization
      • Storage I/O
      • Network Throughput
    • Infrastructure needs to distribute/scale load
      • Without affecting user sessions
      • Without affecting other applications
      • Maintaining application interdependencies
    • But… autoscaling is still unattainable for many
    • Replication technologies still offers the most cost effective solution for the enterprise
    • Cloud makes availability more affordable for complex applications: database and app/web server
    • Cloud done right can also reduce RTO
    Cloud Apps Virtualized Apps Simple Apps Complex Apps Legacy Apps Decreasing Availability Always Available Available in hours Available in days More Complex Cloud Enables Application Availability
  • Integrated Recovery: Achieving Continuous Uptime
    • Cloud is the production environment
    • Backup and Restore of VMs
    • Active-active deployment mode
    • Site-to-site recovery across multiple datacenters
    • Recovery of entire application with its dependencies (VMs and non-virtualized assets)
    • Cloud is your target recovery platform
    • Web-based backup/replication of data to cloud based on industry leading technologies
    • VM cloning and startup
    • Mapping of cloud-based data to recovered instances
    Customer Applications & Data Enterprise Cloud Customer Data-center VMs on Cloud-site 1 VMs on Cloud-site 2
  • SunGard Enterprise Cloud Services
  • SunGard Enterprise Cloud Services Vision Deliver Managed and Recovery Services for enterprise-grade applications that ensure availability of business operations
    • SunGard manages all necessary compute, network, storage and security resources, offering a complete, cost-effective solution
    Fully Managed Infrastructure-as-a-Service Compute
    • Virtualized environment providing hypervisor and OS system services
    • Customize your virtual machine configurations to specific requirements
    • SunGard Software Licensing Services options available
    Network
    • Broad networking options including multiple VLAN support, robust internet connectivity, MPLS and dedicated circuit options
    Storage
    • Managed storage with integrated backup and restore
    Security
    • Managed firewall and virtual private network connectivity
    • Platform built to support compliance requirements
    Rapid Provisioning
    • Ability to store custom VM templates in your own private image library
    • Virtualized instances deployed within minutes
    Management & Monitoring
    • 24/7/365 management and monitoring of your virtualized infrastructure
    • 99.95% availability Service Level Agreement (per month / per VM)
    Portal & Reporting
    • Customer management portal to view and request compute resources on demand
    • Multi-tenant enterprise cloud and dedicated private cloud
    • All services fully managed by SunGard’s IT experts
    • Infrastructure architected for compliance and security
    • All solutions built on enterprise-grade infrastructure
    • Designed for production workloads
    • Predictable contract pricing with flexibility for rapid response to the changing IT demands
    • Customized solutions designed to enterprise needs
    • Comprehensive consulting services provide complete Cloud Readiness Assessments and Migration services
    Cloud Services for the Enterprise
  • Why SunGard Enterprise Cloud Services?
    • Commitment to service delivery and process discipline
    • SLA and commitment to reliability
    • SunGard's emphasis on compliance & process
    • Consultative relationship with the customer
    Customer Buying Scenario
    • Leverage new technology platform to improve time to market, management, and scalability
    • Implementing new SAP application and the customer had no prediction regarding growth
    • Customer supports client fulfillment for health services customers (e.g., including pharmacies and health care providers)
    • Small business located in Western US supporting over 5,000 industry subsidiaries
    • New SAP implementation
    Customer Solution Requirements
    • Wanted to leverage the cloud technology to implement new SAP application
    • Needed a solution that would scale quickly and efficiently (4x scale)
    • Required an enterprise-level solution that was fully managed by the service provider due to lack of internal expertise
    • Looking for a secure and compliant infrastructure
    Customer Deployment – Pharmaceutical Supplier Customer Overview
  • Why SunGard Enterprise Cloud Services?
    • Industry expertise
    • Data c enter security
    • Reputation with financial and large enterprise companies
    • SunGard's emphasis on compliance and process
    • Future investments in c loud services
    Customer Buying Scenario
    • Appeal to current customers and prospects to sell archiving software via new delivery method, avoiding s/w, and h/w CapEx
    • Elastic SaaS Model to support rapid build-out of infrastructure for on demand E-discovery or growth for any size firm
    • Customer is a provider of enterprise-class electronic content archiving software
    • Services include E-Discovery, compliance, records management, and storage optimization
    • Assists large firms in mitigating risk and managing digital assets from a single point of control and unified set of policies
    Customer Solution Requirements
    • Looking to increase sales, market size, and penetration
    • End-customers want to reduce CapEx and shift to OpEx budget
    Customer Deployment – Software Provider Customer Overview
  • SunGard Internal Use of Cloud
    • Focused on using cloud for new projects in 2011
    • Using cloud for:
      • Development
      • Test/QA
      • Production
    • Currently implementing projects for
      • Enterprise Mobility (IaaS)
      • Single Sign-On (IaaS)
      • Store Front/Billing (SaaS)
      • Ticketing (SaaS)
      • Email (SaaS)
      • CRM (SaaS)
  • Pragmatic Path to Enterprise Cloud Phase II Phase III Phase IV Phase I Cloud Readiness Assessment Cloud Design & Architecture Cloud Implementation & Transition Steady State Production
    • Rapid provisioning and ability to scale up and down to support new business ventures and peak periods where infrastructure may only be needed for a short time
    • Flexible contract pricing to respond to your IT requirements
    • Shift from CapEx to OpEx model so you can pay as you go and only pay for what you need while experiencing faster payback of investment
    • Reduce labor costs via elimination of time spent on day to day infrastructure management
    • Highly secure and resilient platform built on IT security best practices and meeting numerous compliance standards
    • Fully managed infrastructure reduces the IT administrative burden and allows redirection of staff to strategic business initiatives
    Key Solution Benefits - Summary Secure enterprise-grade cloud Improved IT agility & scalability Financial flexibility & increased ROI
  • For More Information
    • Find out More about SunGard Availability Services’ Enterprise Cloud Solution: visit www.sungardas.com/cloud