CLT Law Conference Cloud intro

417 views
371 views

Published on

Opening Address: The What, Where, How
and Why of Cloud Computing

Q A clear understanding of what Cloud
Computing is - with examples

Q What are the constituent parts of Cloud?
A detailed overview of SaaS, PaaS and IaaS
- know what you’re looking at and how to
judge it

Q How did we get to Cloud? A journey through
computing history to the Cloud Paradigm
Shift

Q Why is Cloud so important to making IT work
better - A fundamental look at what IT is for
and how Cloud is enabling it

Q How do you manage the risks vs rewards?
What about resilience, service levels and
security: to what extent are they justified

Published in: Technology, Career
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
417
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • The Secrets of Successful Cloud Adoption: what they don’t tell you

    Cloud has a seemingly unstoppable momentum behind it- but is it clear at the outset what the benefits of Cloud are beyond the shift from cap-ex to op-ex? What exactly are these benefits and how do we access them to adopt Cloud successfully?
  • Archive
  • Continutity
  • Security
  • You’ve got to understand the cloudonomics
  • Because that defines when you should use Private Cloud- assuming no security risk
  • And when to use hybrid cloud
  • Look back to see how we viewed previous paradigm shifts
  • Mainframe – pc – ultimate benefits not forseen

  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • 2010 Gartner Hype Cycle for emerging technologies
  • 2010 Gartner Hype Cycle for emerging technologies
  • What’s the problem?
  • How did I get here to be presenting in front of you about building the case for cloud?
  • Not by first great western
  • Or my brompton
  • It was many years crawling under desks
  • And fixing issues running a medium sized value added reseller. A VAR
  • To my understanding of the cloud and the benefits it brings
  • At the beginning of my journey I’m almost ashamed to say my attraction to Cloud was
  • About money. The shift from
  • Capital Expenditure, where the buyer took all the risk as to whether the software would work and fund the purchase, to
  • Operational Expenditure, where you paid for what you used, and if it didn’t work you stopped paying- or sometimes didn’t even pay at all.

    But that only the first and probably the least important benefit of cloud- the real benefits are hidden
  • About money. The shift from
  • At a time of reinvention- it is really important to ask what IT is for?
  • What do we do for the business?

    Or more specifically- what is the production function of IT???



    http://blogs.gartner.com/mark_mcdonald/2010/06/27/what-is-the-production-function-of-it/

    What is the Production Function of IT?
    by Mark McDonald  |  June 27, 2010  |  1 Comment
    Understanding IT’s role in the enterprise is complex and incomplete.  IT is the subject of great debate as some see it as the source of competitive advantage and others see it as an enabling function.  CIOs and IT professionals themselves have a tough time answering the question about IT’s role.
    Why?  because I believe we are asking the question in the wrong way.
    We need to ask,
    “What is the production function of IT?”
    Production function, sounds kind of academic right, but its simply the output you get for all the combination of inputs.   Its what you take and what you make.
    Every part of your enterprise has a production function.  So, when you ask different parts of the enterprise what they take and make you get answers like:
    SALES
    TOP LINE REVENUE: We take prospects and turn them into orders
    SUPPLY CHAIN
    PROFIT: We take orders and turn them into invoices
    FINANCE
    CASH: We take invoices and turn them into cash
    IT
    ?????? Silence  ??????
    I know its silence because I have asked the question to dozens of IT leadership teams.  They look at each other and cannot put IT’s contribution in a simple answer.  It is not because IT is more complex than these other functions.  No its more that IT professionals have thought of themselves as something apart for the enterprise, something special and therefore not falling under the same rules.
    There are two production functions for IT that can be summarized in two words SPEED and SCALE.
    SPEED:  We take strategy plans and turn them into operational performance
    IT’s production function is to deliver speed of execution against the company’s strategy and plans.  Strategy execution involves change and change requires IT participation.  The faster IT is able to execute its processes, deliver results and accelerate strategy execution the better.
    IT drives speed when it concentrates on reducing its own internal cycle times for providing IT services, solution development and governance.  Concentrating internal operations on speed of execution makes IT more responsive and innovative.  IT organizations operating at speed give their business a steady stream of value that actually expands ITs role and enterprise flexibility.
    Without speed, IT is a bottleneck to strategic execution and operational performance.  It is the reason we cannot go faster.  This is the reason why change is expensive.  The reason why I have to control IT costs, because if they cannot go fast enough for me, then I had better make sure that they do not cost too much.
    SCALE:  We take operations and increase their capacity and reduce their average cost
    IT’s other production function is to create scale of operation across the enterprise.  Scale in this sense is the ability to IT to aggregate activities and deliver greater capacity at a lower average cost.  IT creates scale through its infrastructure and operations activities that make the modern enterprise possible.  IT is one of two scale functions in the enterprise.  The supply chain is the other scale function.
    IT drives scale through the infrastructure by constantly aggregating operations, virtualization and active contract management to gain the benefits of being bigger.  Without this scale, growing transaction volumes and the cost of operating disparate infrastructures would literally consume the company’s profit.
    Without scale, operations drown in a combination of complexity, duplicate cost and faltering service levels.  You see this with high growth companies that are heroes that suddenly fail – because they do not have scale.
    ***
    What is IT’s production function?  To deliver speed and scale to the enterprise.
    Speed and scale can seem as two different things, and that can be part of the reason why they are difficult for CIOs and IT leaders to articulate.  Most go “ah ha” when they think about their role in speed and scale.
    But, when you boil it down, we know why an enterprise has a sales function, a supply chain, a finance function, etc.  We had thought that IT existed to manage the technologies that these functions depend on.
    That is true in terms of the activities IT provides, but ‘to what end’
    Speed of execution and
    Scale of operation.
  • But it’s a question I didn’t ask myself seriously enough until recently- sounds academic though doesn’t it?
  • It is a bit- but hopefully it’ll help you understand what we’re here for, just like it helped me. What does production function mean?
  • It’s the combination of all the inputs
  • Which create the outputs.
  • The problem is, that in IT, they’re hidden. Hard to find.

    Let me contextualise it for you- What do Sales do?
  • They turn prospects into orders.

    What does the supply chain do?
  • They turn orders into invoices.

    What does finance do?
  • The turn invoices into cash.

    So what does IT do?
  • What do we do for the business?

    Or more specifically- what is the production function of IT???



    http://blogs.gartner.com/mark_mcdonald/2010/06/27/what-is-the-production-function-of-it/

    What is the Production Function of IT?
    by Mark McDonald  |  June 27, 2010  |  1 Comment
    Understanding IT’s role in the enterprise is complex and incomplete.  IT is the subject of great debate as some see it as the source of competitive advantage and others see it as an enabling function.  CIOs and IT professionals themselves have a tough time answering the question about IT’s role.
    Why?  because I believe we are asking the question in the wrong way.
    We need to ask,
    “What is the production function of IT?”
    Production function, sounds kind of academic right, but its simply the output you get for all the combination of inputs.   Its what you take and what you make.
    Every part of your enterprise has a production function.  So, when you ask different parts of the enterprise what they take and make you get answers like:
    SALES
    TOP LINE REVENUE: We take prospects and turn them into orders
    SUPPLY CHAIN
    PROFIT: We take orders and turn them into invoices
    FINANCE
    CASH: We take invoices and turn them into cash
    IT
    ?????? Silence  ??????
    I know its silence because I have asked the question to dozens of IT leadership teams.  They look at each other and cannot put IT’s contribution in a simple answer.  It is not because IT is more complex than these other functions.  No its more that IT professionals have thought of themselves as something apart for the enterprise, something special and therefore not falling under the same rules.
    There are two production functions for IT that can be summarized in two words SPEED and SCALE.
    SPEED:  We take strategy plans and turn them into operational performance
    IT’s production function is to deliver speed of execution against the company’s strategy and plans.  Strategy execution involves change and change requires IT participation.  The faster IT is able to execute its processes, deliver results and accelerate strategy execution the better.
    IT drives speed when it concentrates on reducing its own internal cycle times for providing IT services, solution development and governance.  Concentrating internal operations on speed of execution makes IT more responsive and innovative.  IT organizations operating at speed give their business a steady stream of value that actually expands ITs role and enterprise flexibility.
    Without speed, IT is a bottleneck to strategic execution and operational performance.  It is the reason we cannot go faster.  This is the reason why change is expensive.  The reason why I have to control IT costs, because if they cannot go fast enough for me, then I had better make sure that they do not cost too much.
    SCALE:  We take operations and increase their capacity and reduce their average cost
    IT’s other production function is to create scale of operation across the enterprise.  Scale in this sense is the ability to IT to aggregate activities and deliver greater capacity at a lower average cost.  IT creates scale through its infrastructure and operations activities that make the modern enterprise possible.  IT is one of two scale functions in the enterprise.  The supply chain is the other scale function.
    IT drives scale through the infrastructure by constantly aggregating operations, virtualization and active contract management to gain the benefits of being bigger.  Without this scale, growing transaction volumes and the cost of operating disparate infrastructures would literally consume the company’s profit.
    Without scale, operations drown in a combination of complexity, duplicate cost and faltering service levels.  You see this with high growth companies that are heroes that suddenly fail – because they do not have scale.
    ***
    What is IT’s production function?  To deliver speed and scale to the enterprise.
    Speed and scale can seem as two different things, and that can be part of the reason why they are difficult for CIOs and IT leaders to articulate.  Most go “ah ha” when they think about their role in speed and scale.
    But, when you boil it down, we know why an enterprise has a sales function, a supply chain, a finance function, etc.  We had thought that IT existed to manage the technologies that these functions depend on.
    That is true in terms of the activities IT provides, but ‘to what end’
    Speed of execution and
    Scale of operation.
  • IT’s production value number 1 is Speed.
  • Turning organisational strategy into execution
  • As Fast as possible- to deliver results to the business
  • And to do that IT has to be as responsive as possible
  • Because without speed IT is a bottleneck to operational performance.
  • Take operations
  • increase their capacity and reduce their average cost to again deliver operational performance.

  • IT should equal agility. Yet when we’re purchasing systems, rarely does agility factor heavily enough.
  • Traditional IT department In the past, the only way for a company to maintain control of their business process was to completely own the technology supporting the process.  The rationale was that a company's most strategic, differentiating processes are unique and therefore have to built by the company either from scratch or by heavily customizing packaged applications.  This also meant owning the entire technology stack supporting the process and the application.  So, while the intent was to create differentiated processes that were agile and differentiating, the reality has become that the technology stack is an albatross around the IT team's neck that prevents them from moving as quickly and as efficiently as they would like to.

    The result is that while IT organizations are keen to support the business, they are unable to go much beyond providing basic services.  The solution to the problem of managing the entire stack was traditionally either hosted/managed server services or outsourcing, but each introduces its own problems.



    http://blog.appirio.com/2009/05/do-your-most-strategic-apps-belong-in.html
  • Outsourcing In the case of outsourcing, the enterprise gains cost savings but relinquishes control of their business process and has to adhere to the provider's "best-practice" process.  This clearly means that outsourcing can only be applied to commodity processes rather than any differentiating processes or processes where innovation is needed.  The IT team's role shifts to primarily vendor management with little ability to innovate or drive the business.
  • Hosted/Managed Servers Hosting gets a bit closer to solving the problem because it reduces some of the IT team's pain in terms of managing infrastructure.  However, the IT team still needs to spend a lot of their time maintaining the application and the middleware stack, i.e., applying patches and bug fixes, implementing upgrades, maintaining integrations, etc.  In addition, the team also needs to manage their relationship with the hosting vendor.  So, again, the main impact is some cost savings but no real gains in terms of agility or ability to innovate or support the business.
  • IT department in the cloud Cloud computing changes the decision process completely.  No longer do companies face a choice between relinquishing all control of their business process for cost savings or dealing with the high costs and complexity of supporting an entire software stack. Platforms like Force.com and Google App Engine give companies a way to control the parts of the stack that matter most, the application and business process layer and abstract away the management of the infrastructure.  This means that the IT team can focus their energies on driving innovation and supporting the business.
  • #1 Not having to worry about scaling- the provider does
  • Less meetings
  • . #3 The provider is constantly updating its software,
  • No more upgrades or migrations
  • which means you get Richer functionality- for very little effort
  • #4 Creating Loosely coupled systems enables greater integration for less cost and dependency
  • . #2 By separating configuration and code, it enables IT to rapidly reconfigure operations
  • Less dependencies
  • Means you can Reconfigure faster
  • Aligns cost to value- Which means time to value is much quicker
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • Why are some People are unsure about Cloud Security
  • Security is often presented as a binary object. It’s not.
  • It’s much more complex than that.
  • Technical details are abstracted
  • Probably because of the relative opacity of Cloud compared to the transparency of a private network and the control you can exert on it
  • Are it’s Achilles heel
  • Without revealing to much intellectual property- the main differentiator in Cloud
  • Standards are only just emerging
  • Buyer Beware- http://en.wikipedia.org/wiki/Caveat_emptor

    Under the doctrine of caveat emptor, the buyer could not recover from the seller for defects on the property that rendered the property unfit for ordinary purposes. The only exception was if the seller actively concealed latent defects or otherwise made material misrepresentations amounting to fraud.
    Before statutory law, the buyer had no warranty of the quality of goods. In many jurisdictions now, the law requires that goods must be of "merchantable quality". However, this implied warranty can be difficult to enforce and may not apply to all products. Hence, buyers are still advised to be cautious.
  • Which is why we in cloud feel like we’re being beaten up...
  • Independent Audit?
  • There are no standards...

    There is not a best practice independent security methodology for cloud.

    Clouds are opaque. Technical complexity is abstracted. Proper audit / DD requires transparency. But transparency would reveal IP.
  • Independent 3rd party is so important to validate claims in depth

    SAS 70, CESG etc
  • Spot the missing one?
  • ISO 27001- ISO 27001 doesn’t fit the cloud- 5 year old standard currently- to be reviewed in 2012- CSA helping update controls for the Cloud
  • ·          Should you adopt ISO 20071? What sort of protection will it grant you?
     
    Yes. Because it’s a framework for managing security. A process. Set of Documentation. Set of controls.
     
    Working out how much acceptable risk
     
    What risk are you exposed to
     
    Which are greater than the accpectable risck
     
    What controls do you need to manage- taken from annex A
     
    Deploy the controls in an auditable way- constantly approve
     
    Compliance- testing
     
    Governance
     
    Risk
     
    Complaince- testing to make sure your controls
     
    It Scales
  • Control and governance; what should be the basis of your Cloud Data Best Practice Policy- ENISA
  • ·          Investigating availability guarantees and penalties and examining your supplier’s disaster recovery strategy
     
    Important- they do what they say the do
     
    The bar to what you set that at needs to be relevant to what you have already- BASELINE!!! Realistic expectation
     
    Based on the data you’re going to outsource
     
    Look at historical performance- not a predictor for the future- but relevant
     
    Look at their DR strategy- if you have 2 data centres- that should be the expectation
     
    Map your requirements to the provider

  • ·          Data compliance; the importance of clarifying where your data will be stored and who will have access to your information
     
    Jurisdiction
     
    EU/ Patriot / RIPA / Safe Harbour
  • ·          Ultimately, who has control over your data?
     
    When you save your data- need to understand
     
    Look at service providers to the same extent
     
    MBTF- encryption look at service providers
     
    Cloud should be architected differently
     
    People shouldn’t be fooled by “cloud” technology
     
    See behind the fog
     
    Often it’s really hard because of the opaqueness
     
     
     
    Integretity of Data Critical
     
    End to end vs middleware
     
    Designed to hook together
     
     
    Managing service provider obligations
     
    Asses the risk- make sure the risk you’re willing to accept is related in the SLA
     
    Review- annually?
     
    Any deviation look for recompense or additional controls
     
    Blunt instrument
     
    Make sure compliance and information governance are involved early on in the process of negotiating SLA- lawyers don’t know about GRC
  • The key is to understand your current risks- baseline them
  • i.e. Where are we today?
  • Users
    Applications
    File shares
    Email
    Document management
  • Sysadmins
    User based access
    Server access
    Database access
  • Others:
    Internet
    VPN
    Extranet
    Customer/Partner portals
    API’s
    Suppliers
    Telco’s
    Tape warehousing
    Backup delivery personnel
  • Ends up in a Permissions Nightmare- or a brittle infrastructure
  • How are we managing those risks today?
  • Are you given the budget / skills to do it?
  • “Quis custodiet ipsos custodes?”

    Who will guard the guards themselves?
    Decimus Iunius Iuvenalis
  • Cloud can be a way to become a guard’s guard, instead of the guard
  • Reasons to go Cloud Security
  • Reason to go Cloud security #1 It’s their business- and their reputation depends on it
  • #2 Money - they are held financially responsible
  • Reason #3 Scale- Cloud platforms have scale that customers could never achieve on their own- protecting against large scale attacks
  • Reason #4 Specialised Skills- employ specific people to do specialised job. Cumulative effect of multiple customers
  • Cumulative effect of multiple customers
  • Best Practice embedded in organisation and distributed. Not dependent on one person
  • Not just about competence and budget- but focus. It’s all they do.
  • Cloud can be a way to become a guard’s guard, instead of the guard
  • Buyer Beware- http://en.wikipedia.org/wiki/Caveat_emptor

    Under the doctrine of caveat emptor, the buyer could not recover from the seller for defects on the property that rendered the property unfit for ordinary purposes. The only exception was if the seller actively concealed latent defects or otherwise made material misrepresentations amounting to fraud.
    Before statutory law, the buyer had no warranty of the quality of goods. In many jurisdictions now, the law requires that goods must be of "merchantable quality". However, this implied warranty can be difficult to enforce and may not apply to all products. Hence, buyers are still advised to be cautious.
  • But make it proportional to risk- especially to CURRENT RISKS
  • The Secrets of Successful Cloud Adoption: what they don’t tell you

    Cloud has a seemingly unstoppable momentum behind it- but is it clear at the outset what the benefits of Cloud are beyond the shift from cap-ex to op-ex? What exactly are these benefits and how do we access them to adopt Cloud successfully?
  • CLT Law Conference Cloud intro

    1. 1. 416style
    2. 2. tipiro
    3. 3. dolescum
    4. 4. neilalderney123
    5. 5. matthewbradley
    6. 6. minifig
    7. 7. mescon
    8. 8. Ronan_C
    9. 9. szeke
    10. 10. 416style
    11. 11. tipiro
    12. 12. William Vambenepe
    13. 13. matteopenzo
    14. 14. quicheisinsane
    15. 15. markwainwright
    16. 16. Drewski2112
    17. 17. cronewynd
    18. 18. davestfu
    19. 19. Carrick
    20. 20. Mess of Pottage
    21. 21. ThisIsIt2
    22. 22. tipiro
    23. 23. zoutedrop
    24. 24. bionicteaching
    25. 25. russelldavies
    26. 26. 2009 = 36%
    27. 27. 2010 = 56%
    28. 28. 2012 = 70%
    29. 29. aturkus
    30. 30. Paul Wicks
    31. 31. Andrew®
    32. 32. Ben Cooper
    33. 33. nep
    34. 34. ParaScubaSailor
    35. 35. Wen Nag (aliasgrace)
    36. 36. LIVING_BY_THE_MOMENT
    37. 37. wwarby
    38. 38. Ian Muttoo
    39. 39. wwarby
    40. 40. le niners
    41. 41. Daniel Mohr
    42. 42. bewarenerd
    43. 43. a_sorense
    44. 44. edwin.11
    45. 45. ilovememphis
    46. 46. labanex.com
    47. 47. jamesjyu
    48. 48. alancleaver_2000
    49. 49. Daniel Mohr
    50. 50. TexasEagle
    51. 51. Jeffrey Barke
    52. 52. Warren D
    53. 53. Chris Devers
    54. 54. Domingos Soares Neto
    55. 55. ....Tim
    56. 56. Detroit Public Library
    57. 57. ABB
    58. 58. Picture Taker 2
    59. 59. @appirio
    60. 60. Picture Taker 2
    61. 61. sasamaster
    62. 62. xetark
    63. 63. @appirio
    64. 64. stev.ie
    65. 65. Kevin H.
    66. 66. @appirio
    67. 67. CarbonNYC
    68. 68. Arno & Louise
    69. 69. @appirio
    70. 70. Picture Taker 2
    71. 71. technicallyCreative
    72. 72. tipiro
    73. 73. Dru!
    74. 74. thinkpanama
    75. 75. Rev. Xanatos Satanicos Bombasticos (ClintJCL)
    76. 76. The Doctr
    77. 77. Bert Kommerij
    78. 78. Seven Morris
    79. 79. ElenahNeshcuet
    80. 80. sadashotit
    81. 81. Dave ®
    82. 82. Phillie Casablanca
    83. 83. lisatozzi
    84. 84. James Marvin Phelps (mandj98)
    85. 85. 57%
    86. 86. 62%
    87. 87. jessicafm
    88. 88. MarkOMeara
    89. 89. cdw9
    90. 90. stev.ie
    91. 91. Rev. Xanatos Satanicos Bombasticos (ClintJCL)
    92. 92. Andrew Coulter Enright
    93. 93. dok1
    94. 94. Moff
    95. 95. salmannas
    96. 96. schoschie
    97. 97. viralbus
    98. 98. mayakamina
    99. 99. jeffc5000
    100. 100. gxdoyle
    101. 101. ScottMJones
    102. 102. Leo Reynolds
    103. 103. wallyg
    104. 104. Mykl Roventine
    105. 105. Leo Reynolds
    106. 106. massdistraction
    107. 107. TheTruthAbout
    108. 108. Yukon White Light
    109. 109. IXQUICK
    110. 110. Duminda Jayasena
    111. 111. Chuck “Caveman” Coker
    112. 112. Chris D 2006
    113. 113. Thai Jasmine (Take good care :-))
    114. 114. leftcase
    115. 115. Tambako the Jaguar
    116. 116. marimoon
    117. 117. Patrick Q
    118. 118. jo'nas
    119. 119. The Prime Minister's Office
    120. 120. “Quis custodiet ipsos custodes?”
    121. 121. matt.hintsa
    122. 122. Esthr
    123. 123. wwarby
    124. 124. laffy4k
    125. 125. SarahMcD ॐ
    126. 126. Leo Reynolds
    127. 127. Lars Plougmann
    128. 128. Chris Campbell
    129. 129. jeffc5000
    130. 130. gxdoyle
    131. 131. nathansnostalgia
    132. 132. DrJohnBullas
    133. 133. 416style

    ×