Cloud Computing Security Is Key To Unlocking Business Benefits

  • 1,020 views
Uploaded on

Across all UK industry sectors, the major IT initiatives of 2011 were aimed at reducing costs and improving …

Across all UK industry sectors, the major IT initiatives of 2011 were aimed at reducing costs and improving
operational efficiencies – server virtualisation and desktop virtualisation were near the top of most enterprise CIOs’
priority lists, as budgets and head-count were frozen or reduced. Now, however, as we move into 2012 and
firms plan for the future, CEOs look to IT to support business initiatives: they want to use IT to improve sales and
customer service performance, for example by using web-based applications internally and e-commerce to boost
external sales. The problem? All these initiatives rely on IT infrastructure and operations, which in many enterprises
have been starved of investment. To solve this problem they will need to use cloud computing technology,
which has the potential to lower IT costs and at the same time improve agility and flexibility. How can it do this?
Cloud technology makes it possible for IT to deliver new servers in minutes rather than months, and to purchase
computing and storage only when they are needed and to pay for only what is used. However, cloud services are
not without risk: they must be planned and implemented with due care.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,020
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
85
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cloud Computing 2012: Security is the key to unlocking business benefits November, 2011 Table of Contents Executive Summary 2 Cloud Computing is poised for rapid growth 3 Security is the top challenge holding back Cloud adoption 5 Plan your Cloud Strategy to suit your business needs 6 Appendix A: Methodology 7 About Tech:Touchstone Tech:Touchstone creates business-to-business events for the IT sector where face-to- face communication is paramount to fully understand complex issues, solutions and value propositions. The company’s portfolio of events focuses on areas of strategic industry debate and growth market sectors, with the aim of creating a collaborative learning environment for time-poor IT executives and to facilitate high value, quality interactions between all participants. For more information, visit http://www.techtouchstone.com/ About Phil Sayer Associates Phil Sayer Associates is an independent IT and telecoms consultant, specialising in advising both major enterprises as well as service providers. For more information, visit http://www.linkedin.com/company/1148015?trk=tyah© 2011, Tech:Touchstone Ltd and Phil Sayer Associates. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources.Opinions reflect judgment at the time and are subject to change.
  • 2. TECH:TOUCHSTONE | Cloud Computing 2012: Security is the key to unlocking business benefits Executive Summary Across all UK industry sectors, the major IT initiatives of 2011 were aimed at reducing costs and improving operational efficiencies – server virtualisation and desktop virtualization were near the top of most enterprise CIOs’ priority lists, as budgets and head-count were frozen or reduced. Now, however, as we move into 2012 and firms plan for the future, CEOs look to IT to support business initiatives: they want to use IT to improve sales and customer service performance, for example by using web-based applications internally and e-commerce to boost external sales. The problem? All these initiatives rely on IT infrastructure and operations, which in many enterprises have been starved of investment. To solve this problem they will need to use cloud computing technology, which has the potential to lower IT costs and at the same time improve agility and flexibility. How can it do this? Cloud technology makes it possible for IT to deliver new servers in minutes rather than months, and to purchase computing and storage only when they are needed and to pay for only what is used. However, cloud services are not without risk: they must be planned and implemented with due care. Cloud Computing: the one and only future of IT, or just another tool in the box? It is generally agreed that cloud computing technology is the future of IT: a research study carried out in July 2010 by Portio Research for Colt, entitled “European CIOs and Cloud Services”, reported that 86% of the 353 European CIOs surveyed believe that cloud services will be the operating method of the future. Some pundits think that cloud computing will entirely replace IT as know it. Nicholas Carr, in his book the “Big Switch”, uses the analogy of the public electricity grid to predict that: “The entire computing industry is going to be turned on its ear. Instead of buying new computers, companies will just subscribe to various software services served up online for a low monthly fee”. Cisco Systems quotes the CTO of one of the largest states in the US as saying that: “Five to ten years from now, I don’t foresee that our DCs will exist in their present form…We just don’t have the scale to be cost effective.” However, most users disagree, and regard cloud as just another tool in the box. According to Portio, the majority of CIOs say cloud will have no impact of the number of internal servers. Forrester Research’s Q3 2010 Hardware survey found that over half of decision makers expected expenditure on both long term hosting and on-demand IaaS to stay about the same over the coming twelve months. Why is this? Two major issues dominate: • Firms are not ready to adopt cloud technology. To benefit from cloud, IT departments need standardised operating procedures, fully automated deployment and management, self-service access for developers and deployers, and business units sharing the same infrastructure. In 2010 Forrester Research Inc reported that only 5% of enterprises were in that position. • Immaturity of cloud services. Many of the cloud services marketed in 2010 and early 2011 were the same old hosting services rebranded as cloud – a phenomenon known as “cloud-washing”. The newer services that were genuinely cloud lacked maturity – they were offered without SLAs, and generally did not adequately address key performance and security issues such as reliability, availability, data protection, regulatory compliance, and data recovery on contract termination. 02
  • 3. TECH:TOUCHSTONE | Cloud Computing 2012: Security is the key to unlocking business benefits Cloud Computing is poised for rapid growth 2012 looks to be the year cloud computing will take off in UK enterprises. In November 2011 Tech:Touchstone surveyed the delegates attending its UK Virtualisation/Cloud Computing Executive Summit. The survey revealed that cloud computing already has a significant share of UK large organization IT budgets: the firms surveyed are now spending 10% of their IT budgets on cloud computing services, and plan to increase that number to 28% in the next 2 years. However, behind this average 10% figure there are two types or organizations: those that have embraced cloud as an important part of their future strategy and those that are still on the starting blocks. 43% of delegates surveyed were spending less than 1% of their IT budgets on cloud; the remaining 57% were spending on average 18%. The survey also confirmed that making the business case for cloud is becoming easier: earlier this year 60% of delegates at the June 2011 Tech:Touchstone Virtualisation/Cloud Computing Executive Summit with a zero spend on cloud were unsure of the financial benefits of cloud computing; now that figure is down to 27%. Figure 1 Top Reasons for zero budgets on cloud computing “If none of your IT budget is spent on cloud computing services today and no firm plans for next 2 years, why not?” Base: Sample taken from Tech:Touchstone delegates – UK CIOs/senior IT Managers Source: Survey of delegates attending the Tech:Touchstone 2011 Virtualisation/Cloud Computing Executive Summit, November 2011 Security issues dominate firms’ thinking on Cloud Many organizations are finding that security is the initial obstacle they must overcome to unlock the benefits of cloud computing. To find out what was holding back the reluctant 43% who had no firm plans for using cloud computing services, we asked them what they were worried about; 67% responded that they had technical or security concerns (See Figure 1). We conclude that security concerns are a major barrier that hinders and delays firms from entering the cloud world; the survey also confirmed that cloud security is an issue for those already spending IT budget no cloud services. In fact security is the top topic about which both existing adopters and firms new to cloud computing firms seek information and help (See Figure 2). 03
  • 4. TECH:TOUCHSTONE | Cloud Computing 2012: Security is the key to unlocking business benefits Figure 2 Top Virtualisation/Cloud Product/Service Interests “Please indicate which of the following type(s) of Virtualisation/Cloud products/services you currently have a specific interest in.” Base: 40 UK CIOs/senior IT Managers Source: Survey of delegates attending the Tech:Touchstone 2011 Virtualisation/Cloud Computing Executive Summit, November 2011 The survey confirmed that security concerns underlie all firms’ strategies for adopting cloud services. Of the organizations surveyed: • 69% reported that they had a specific interest in cloud security products and services. Firms are looking to outside expert vendors to help them find the right security solutions to meet their needs. • 67% of delegates were interested in private cloud services. Private cloud is a solution which has the benefits of cloud technology without the security risks inherent in public cloud, so this confirms the degree to which security is a top concern. • 46% were interested in hybrid cloud/public cloud services. Private cloud is not seen as the only way forward; almost half of firms would like to use hybrid or public cloud, once they can be convinced that these clouds can be made secure enough for each appropriate application. • 39% are interested in cloud based communications services. Public cloud-based email, instant messaging, and unified communications (such as Microsoft lync on-line) are all growing in popularity; adequate security is the key to the future take-off of these services. 04
  • 5. TECH:TOUCHSTONE | Cloud Computing 2012: Security is the key to unlocking business benefits Security is the top challenge holding back Cloud adoption What is holding back cloud adoption? IDC carried out a survey which asked end user firms to rate cloud computing implementation challenges described as “significant”. Of the end users surveyed: • 89% listed Security. According to IDC, “Security is top of mind for the vast majority of IT organizations looking into public cloud delivery models”. • 88% cited Performance. According to Easynet, almost 60% of Europe’s CIOs believe that can migrate to cloud services without any updates to their corporate networks. • 85% mentioned Availability. The furore over the April 2011 Amazon EC2 outage suggests that some major firms are buying cloud services without adequate consideration of availability. All the delegates attending the Tech:Touchstone November 2011 Virtualisation/Cloud Computing Executive Summit emphasized the need for a solid business case – cloud projects will be compared for financial return with every other potential investment that a firm could make – but most considered that this was no longer a top challenge for them. Security issues dominate firms’ thinking on Cloud IDC research carried out for VMware in 2011 found that EMEA end-users are subject to stricter compliance and governance regulation than their U.S. counterparts, with additional complications due to the fragmented territory and strict data protection directives. Even when solutions are identified to security issues, IDC concluded that there is still a clear psychological barrier in knowing that data and applications reside physically somewhere else. Gartner summarises the issues as follows: • Risk of data loss. Sensitive data processed outside the enterprise brings with it an inherent level of risk. • Regulatory compliance issues. Customers are ultimately responsible for the security and integrity of their own data. • Data location. When you use the cloud, you probably won’t know exactly where your data is hosted. • Data segregation. Data in the cloud is typically in a shared environment alongside data from other customers. • Recovery. Ask your provider if it has “the ability to do a complete restoration, and how long it will take”. • Investigative support. Investigating inappropriate or illegal activity may be impossible in cloud computing. • Long-term viability. Ideally, your cloud computing provider will never go broke... Performance is overlooked in planning Cloud strategies In a report on telecomseurope.net in May 2011, Easynet CTO Justin Fielder was quoted as saying that: “CIOs must realize that the ability to deliver to end-users is a vital element of any cloud strategy.” The performance of an application running on a server in the cloud depends on several factors: • The server capacity allocated to the application. Cloud solutions are often used where the number of end-users is either highly variable or unknown; adequate server capacity is key to providing acceptable response time. 05
  • 6. TECH:TOUCHSTONE | Cloud Computing 2012: Security is the key to unlocking business benefits • Server location and application design. The speed of light may seen impossibly fast, but ‘chatty’ applications written with no regard for server location can involved hundreds of messages for every response, and will perform badly if the server is hundreds or thousands of miles away from the end-user. • Network bandwidth. Inadequate network bandwidth acts as a throttle, requiring packets to queue for delivery. In the case of private clouds, this issue can be solved by providing sufficient network capacity; in public clouds it is more difficult. Public internet performance is highly variable and rarely covered by SLA; however the biggest bottlenecks are at international gateways and users can generally minimise performance issues by using a cloud service provider with a data center in their own country. Availability requires diligent purchasing of Cloud services In April 2011 Amazon had a significant service outage of its Elastic Cloud Compute service (EC2), which affected more than 70 firms’ public-facing web services including parts of the New York Times. However, the outage only impacted one of Amazon’s data centres; Amazon offers a service called “Availability Zones” where users can specify that their service is provided by a back-up data centre if the primary fails, so the fault lies with the end user not with Amazon, for failing to think about back-up services in their enthusiasm to use to cheaper external provider of web services. End-users generally have back-up plans for critical applications provided in their own data centres; when moving these applications into the Cloud they need to purchase resilient services with the same diligence that they would apply to outsourcing their own internal IT. Plan your Cloud Strategy to suit your business needs The time to act is now: all firms should put in place a cloud strategy. According to the Verdantix/Carbon Disclosure Project published in July 2011 report entitled “Cloud Computing, the IT solution for the 21st Century”, by 2020 69% of US $1billion-plus enterprises’ IT budgets for infrastructure, platform and software will be spent on cloud services, compared with 10% today. The top benefits cited by Tech:Touchstone summit delegates in our survey were cost-efficiency, agility and flexibility; however there are many others; you should start by asking what your business needs from IT. We suggest using the following three imperatives to help you plan your cloud strategy: Imperative 1: Adopt a strategy based on business need First you need to assess your business priorities: these will vary from firm to firm. For example, Citigroup’s Paul Stemmler says: “Carbon reduction is one driver, but not the primary driver. Our primary driver is time to market. Developers used to take 45 days to get new servers, but in our virtualized private cloud environment, it takes just a couple of minutes.” For Dhritiman Dasgupta at Juniper Networks, the drivers for cloud computing can be summarized as cost, resiliency and efficiency. Other end users have different priorities; for example Matthew Dines, Head of Group IT Strategy & Architecture for Aviva, says: “We see the cloud as reducing the administration and headache side of IT, allowing our leadership to focus on things that are critical to the business” (Quotes from the Verdantix/Carbon Disclosure Project July 2011 report entitled “Cloud Computing, the IT solution for the 21st Century”.) 06
  • 7. TECH:TOUCHSTONE | Cloud Computing 2012: Security is the key to unlocking business benefits In summary, start with a business case assessment of applications where you want to use cloud, then: • Plan to replace obsolete systems so you can virtualise all your servers • Complete standardisation, virtualisation and automation projects to take full advantage of cloud services. • Add automated systems management to start to build an internal cloud Imperative 2: Start simple and build from there According to 451 Group, the most popular places to start are web applications, test and development, and collaboration: • Use public cloud services for your public web apps. Delivery is via the Internet anyway, so security is already addressed. You can scale up to meet demand, deal with peaks cost-effectively, and only pay for what you need. • Test & Development is often a good place to start using public cloud services. You are not dealing with live data, and need speed of deployment and flexibility. You can use role-based access control (RBAC) deployment tools, and build to practices that automate promotion to QA, then production. • Collaboration uses the cloud for delivery. Email is where most firms start in moving collaboration to the cloud, when they wonder whether they really want to operate their own Exchange server, or to use a vendor with greater scale and expertise. Instant Messaging often follows, and then SharePoint and many firms are looking at Communications-as-a-Service tools such as Lync on line. Imperative 3: Work with a partner that you trust Find a provider that can add value to IT’s approach by using professional and managed services to plug your organization’s skill gaps. According to Forrester Research, the top attributes that firms look for in selecting a cloud service provider are that they: • Offer competitive pricing • Offer performance level assurances/ SLAs • Understand my business and industry • Can move cloud offerings back on-premise Tech:Touchstone summit delegates in our survey indicated that their top choice for a provider of cloud services was a global Systems Integrator such as IBM or HP; second choice was a global telco such as Orange or Verizon. Both these types of vendor certainly have the in-depth skills and services, including security services, to meet end- user needs; however they may not always be the most cost-effective or most flexible. In summary firms should purchase cloud services with exactly the same diligence and skills that they would apply to negotiating an IT outsource contract. Appendix A: Methodology For this study, Tech:Touchstone conducted an online survey of a sample of 40 participants at its November 2011 Virtualisation/Cloud Computing Executive Summit, held at the Richmond Hill Hotel. Delegates included UK-based CIOs and other IT decision-makers directly involved in their organization’s architecture, management, and/or operations strategy decisions, in UK and global organizations in both the private and public sectors. The online survey provided to participants included questions about their strategy, priorities, adoption, budgets, and preferred suppliers for virtualization and cloud computing products and services. 07
  • 8. TECH:TOUCHSTONE | Cloud Computing 2012: Security is the key to unlocking business benefits If you are involved in Information Security initiatives for your organisation why not have a look at our Information Security Executive Summit being held in Richmond, Surrey on 28th-29th February 2012. RICHMOND HILL HOTEL. SURREY. 28-29 FEBRUARY 2012 Or our other Executive summits: Join the Techtouchstone Group to keep updated on the latest industry news, white papers and events. Follow us on 08