• Like

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

CLT Legal Cloud Conference

  • 541 views
Uploaded on

Cloud for lawyers!

Cloud for lawyers!

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
541
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
11
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • The Secrets of Successful Cloud Adoption: what they don’t tell youCloud has a seemingly unstoppable momentum behind it- but is it clear at the outset what the benefits of Cloud are beyond the shift from cap-ex to op-ex? What exactly are these benefits and how do we access them to adopt Cloud successfully?
  • To Microsoft Exchange
  • Security
  • Continutity
  • Archive
  • Bringing all the benefits of Google apps- horizontal scalability, reliability, etc
  • To Microsoft Exchange
  • What systems are your peers moving to the Cloud?- Present research from the Mimecast Cloud Survey
  • Look back to see how we viewed previous paradigm shifts
  • Mainframe – pc – ultimate benefits not forseen
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • 2010 Gartner Hype Cycle for emerging technologies
  • 2010 Gartner Hype Cycle for emerging technologies
  • What’s the problem?
  • How did I get here to be presenting in front of you about building the case for cloud?
  • Not by first great western
  • Or my brompton
  • It was many years crawling under desks
  • And fixing issues running a medium sized value added reseller. A VAR
  • To my understanding of the cloud and the benefits it brings
  • At the beginning of my journey I’m almost ashamed to say my attraction to Cloud was
  • About money. The shift from
  • Capital Expenditure, where the buyer took all the risk as to whether the software would work and fund the purchase, to
  • Operational Expenditure, where you paid for what you used, and if it didn’t work you stopped paying- or sometimes didn’t even pay at all.But that only the first and probably the least important benefit of cloud- the real benefits are hidden
  • About money. The shift from
  • At a time of reinvention- it is really important to ask what IT is for?
  • What do we do for the business?Or more specifically- what is the production function of IT???http://blogs.gartner.com/mark_mcdonald/2010/06/27/what-is-the-production-function-of-it/What is the Production Function of IT?by Mark McDonald  |  June 27, 2010  |  1 CommentUnderstanding IT’s role in the enterprise is complex and incomplete.  IT is the subject of great debate as some see it as the source of competitive advantage and others see it as an enabling function.  CIOs and IT professionals themselves have a tough time answering the question about IT’s role.Why?  because I believe we are asking the question in the wrong way.We need to ask,“What is the production function of IT?”Production function, sounds kind of academic right, but its simply the output you get for all the combination of inputs.   Its what you take and what you make.Every part of your enterprise has a production function.  So, when you ask different parts of the enterprise what they take and make you get answers like:SALESTOP LINE REVENUE: We take prospects and turn them into ordersSUPPLY CHAINPROFIT: We take orders and turn them into invoicesFINANCECASH: We take invoices and turn them into cashIT?????? Silence  ??????I know its silence because I have asked the question to dozens of IT leadership teams.  They look at each other and cannot put IT’s contribution in a simple answer.  It is not because IT is more complex than these other functions.  No its more that IT professionals have thought of themselves as something apart for the enterprise, something special and therefore not falling under the same rules.There are two production functions for IT that can be summarized in two words SPEED and SCALE.SPEED:  We take strategy plans and turn them into operational performanceIT’s production function is to deliver speed of execution against the company’s strategy and plans.  Strategy execution involves change and change requires IT participation.  The faster IT is able to execute its processes, deliver results and accelerate strategy execution the better.IT drives speed when it concentrates on reducing its own internal cycle times for providing IT services, solution development and governance.  Concentrating internal operations on speed of execution makes IT more responsive and innovative.  IT organizations operating at speed give their business a steady stream of value that actually expands ITs role and enterprise flexibility.Without speed, IT is a bottleneck to strategic execution and operational performance.  It is the reason we cannot go faster.  This is the reason why change is expensive.  The reason why I have to control IT costs, because if they cannot go fast enough for me, then I had better make sure that they do not cost too much.SCALE:  We take operations and increase their capacity and reduce their average costIT’s other production function is to create scale of operation across the enterprise.  Scale in this sense is the ability to IT to aggregate activities and deliver greater capacity at a lower average cost.  IT creates scale through its infrastructure and operations activities that make the modern enterprise possible.  IT is one of two scale functions in the enterprise.  The supply chain is the other scale function.IT drives scale through the infrastructure by constantly aggregating operations, virtualization and active contract management to gain the benefits of being bigger.  Without this scale, growing transaction volumes and the cost of operating disparate infrastructures would literally consume the company’s profit.Without scale, operations drown in a combination of complexity, duplicate cost and faltering service levels.  You see this with high growth companies that are heroes that suddenly fail – because they do not have scale.***What is IT’s production function?  To deliver speed and scale to the enterprise.Speed and scale can seem as two different things, and that can be part of the reason why they are difficult for CIOs and IT leaders to articulate.  Most go “ah ha” when they think about their role in speed and scale.But, when you boil it down, we know why an enterprise has a sales function, a supply chain, a finance function, etc.  We had thought that IT existed to manage the technologies that these functions depend on.That is true in terms of the activities IT provides, but ‘to what end’Speed of execution andScale of operation.
  • But it’s a question I didn’t ask myself seriously enough until recently- sounds academic though doesn’t it?
  • It is a bit- but hopefully it’ll help you understand what we’re here for, just like it helped me. What does production function mean?
  • It’s the combination of all the inputs
  • Which create the outputs.
  • The problem is, that in IT, they’re hidden. Hard to find.Let me contextualise it for you- What do Sales do?
  • They turn prospects into orders. What does the supply chain do?
  • They turn orders into invoices.What does finance do?
  • The turn invoices into cash.So what does IT do?
  • What do we do for the business?Or more specifically- what is the production function of IT???http://blogs.gartner.com/mark_mcdonald/2010/06/27/what-is-the-production-function-of-it/What is the Production Function of IT?by Mark McDonald  |  June 27, 2010  |  1 CommentUnderstanding IT’s role in the enterprise is complex and incomplete.  IT is the subject of great debate as some see it as the source of competitive advantage and others see it as an enabling function.  CIOs and IT professionals themselves have a tough time answering the question about IT’s role.Why?  because I believe we are asking the question in the wrong way.We need to ask,“What is the production function of IT?”Production function, sounds kind of academic right, but its simply the output you get for all the combination of inputs.   Its what you take and what you make.Every part of your enterprise has a production function.  So, when you ask different parts of the enterprise what they take and make you get answers like:SALESTOP LINE REVENUE: We take prospects and turn them into ordersSUPPLY CHAINPROFIT: We take orders and turn them into invoicesFINANCECASH: We take invoices and turn them into cashIT?????? Silence  ??????I know its silence because I have asked the question to dozens of IT leadership teams.  They look at each other and cannot put IT’s contribution in a simple answer.  It is not because IT is more complex than these other functions.  No its more that IT professionals have thought of themselves as something apart for the enterprise, something special and therefore not falling under the same rules.There are two production functions for IT that can be summarized in two words SPEED and SCALE.SPEED:  We take strategy plans and turn them into operational performanceIT’s production function is to deliver speed of execution against the company’s strategy and plans.  Strategy execution involves change and change requires IT participation.  The faster IT is able to execute its processes, deliver results and accelerate strategy execution the better.IT drives speed when it concentrates on reducing its own internal cycle times for providing IT services, solution development and governance.  Concentrating internal operations on speed of execution makes IT more responsive and innovative.  IT organizations operating at speed give their business a steady stream of value that actually expands ITs role and enterprise flexibility.Without speed, IT is a bottleneck to strategic execution and operational performance.  It is the reason we cannot go faster.  This is the reason why change is expensive.  The reason why I have to control IT costs, because if they cannot go fast enough for me, then I had better make sure that they do not cost too much.SCALE:  We take operations and increase their capacity and reduce their average costIT’s other production function is to create scale of operation across the enterprise.  Scale in this sense is the ability to IT to aggregate activities and deliver greater capacity at a lower average cost.  IT creates scale through its infrastructure and operations activities that make the modern enterprise possible.  IT is one of two scale functions in the enterprise.  The supply chain is the other scale function.IT drives scale through the infrastructure by constantly aggregating operations, virtualization and active contract management to gain the benefits of being bigger.  Without this scale, growing transaction volumes and the cost of operating disparate infrastructures would literally consume the company’s profit.Without scale, operations drown in a combination of complexity, duplicate cost and faltering service levels.  You see this with high growth companies that are heroes that suddenly fail – because they do not have scale.***What is IT’s production function?  To deliver speed and scale to the enterprise.Speed and scale can seem as two different things, and that can be part of the reason why they are difficult for CIOs and IT leaders to articulate.  Most go “ah ha” when they think about their role in speed and scale.But, when you boil it down, we know why an enterprise has a sales function, a supply chain, a finance function, etc.  We had thought that IT existed to manage the technologies that these functions depend on.That is true in terms of the activities IT provides, but ‘to what end’Speed of execution andScale of operation.
  • IT’s production value number 1 is Speed.
  • Turning organisational strategy into execution
  • As Fast as possible- to deliver results to the business
  • And to do that IT has to be as responsive as possible
  • Because without speed IT is a bottleneck to operational performance.
  • Take operations
  • increase their capacity and reduce their average cost to again deliver operational performance.
  • IT should equal agility. Yet when we’re purchasing systems, rarely does agility factor heavily enough.
  • Traditional IT departmentIn the past, the only way for a company to maintain control of their business process was to completely own the technology supporting the process.  The rationale was that a company's most strategic, differentiating processes are unique and therefore have to built by the company either from scratch or by heavily customizing packaged applications.  This also meant owning the entire technology stack supporting the process and the application.  So, while the intent was to create differentiated processes that were agile and differentiating, the reality has become that the technology stack is an albatross around the IT team's neck that prevents them from moving as quickly and as efficiently as they would like to.The result is that while IT organizations are keen to support the business, they are unable to go much beyond providing basic services.  The solution to the problem of managing the entire stack was traditionally either hosted/managed server services or outsourcing, but each introduces its own problems.http://blog.appirio.com/2009/05/do-your-most-strategic-apps-belong-in.html
  • OutsourcingIn the case of outsourcing, the enterprise gains cost savings but relinquishes control of their business process and has to adhere to the provider's "best-practice" process.  This clearly means that outsourcing can only be applied to commodity processes rather than any differentiating processes or processes where innovation is needed.  The IT team's role shifts to primarily vendor management with little ability to innovate or drive the business.
  • Hosted/Managed ServersHosting gets a bit closer to solving the problem because it reduces some of the IT team's pain in terms of managing infrastructure.  However, the IT team still needs to spend a lot of their time maintaining the application and the middleware stack, i.e., applying patches and bug fixes, implementing upgrades, maintaining integrations, etc.  In addition, the team also needs to manage their relationship with the hosting vendor.  So, again, the main impact is some cost savings but no real gains in terms of agility or ability to innovate or support the business.
  • IT department in the cloudCloud computing changes the decision process completely.  No longer do companies face a choice between relinquishing all control of their business process for cost savings or dealing with the high costs and complexity of supporting an entire software stack.Platforms like Force.com and Google App Engine give companies a way to control the parts of the stack that matter most, the application and business process layer and abstract away the management of the infrastructure.  This means that the IT team can focus their energies on driving innovation and supporting the business.
  • #1 Not having to worry about scaling- the provider does
  • Less meetings
  • . #3 The provider is constantly updating its software,
  • No more upgrades or migrations
  • which means you get Richer functionality- for very little effort
  • #4 Creating Loosely coupled systems enables greater integration for less cost and dependency
  • . #2 By separating configuration and code, it enables IT to rapidly reconfigure operations
  • Less dependencies
  • Means you can Reconfigure faster
  • Aligns cost to value- Which means time to value is much quicker
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • From the Mimecast Cloud Adoption Survey http://www.mimecast.com/events-press/press-releases/article/view/cloud-computing-delivering-on-its-promise-but-doubts-still-hold-back-adoption/462/
  • Why are some People are unsure about Cloud Security
  • Security is often presented as a binary object. It’s not.
  • It’s much more complex than that.
  • Technical details are abstracted
  • Probably because of the relative opacity of Cloud compared to the transparency of a private network and the control you can exert on it
  • Are it’s Achilles heel
  • Without revealing to much intellectual property- the main differentiator in Cloud
  • Standards are only just emerging
  • Buyer Beware- http://en.wikipedia.org/wiki/Caveat_emptorUnder the doctrine of caveat emptor, the buyer could not recover from the seller for defects on the property that rendered the property unfit for ordinary purposes. The only exception was if the seller actively concealed latent defects or otherwise made material misrepresentations amounting to fraud.Before statutory law, the buyer had no warranty of the quality of goods. In many jurisdictions now, the law requires that goods must be of "merchantable quality". However, this implied warranty can be difficult to enforce and may not apply to all products. Hence, buyers are still advised to be cautious.
  • Which is why we in cloud feel like we’re being beaten up...
  • Independent Audit?
  • There are no standards...There is not a best practice independent security methodology for cloud. Clouds are opaque. Technical complexity is abstracted. Proper audit / DD requires transparency. But transparency would reveal IP.
  • Independent 3rd party is so important to validate claims in depthSAS 70, CESG etc
  • Spot the missing one?
  • ISO 27001- ISO 27001 doesn’t fit the cloud- 5 year old standard currently- to be reviewed in 2012- CSA helping update controls for the Cloud
  • ·          Should you adopt ISO 20071? What sort of protection will it grant you? Yes. Because it’s a framework for managing security. A process. Set of Documentation. Set of controls. Working out how much acceptable risk What risk are you exposed to Which are greater than the accpectablerisck What controls do you need to manage- taken from annex A Deploy the controls in an auditable way- constantly approve Compliance- testing Governance Risk Complaince- testing to make sure your controls It Scales
  • Control and governance; what should be the basis of your Cloud Data Best Practice Policy- ENISA
  • ·          Investigating availability guarantees and penalties and examining your supplier’s disaster recovery strategy Important- they do what they say the do The bar to what you set that at needs to be relevant to what you have already- BASELINE!!! Realistic expectation Based on the data you’re going to outsource Look at historical performance- not a predictor for the future- but relevant Look at their DR strategy- if you have 2 data centres- that should be the expectation Map your requirements to the provider
  • ·          Data compliance; the importance of clarifying where your data will be stored and who will have access to your information Jurisdiction EU/ Patriot / RIPA / Safe Harbour
  • ·          Ultimately, who has control over your data? When you save your data- need to understand Look at service providers to the same extent MBTF- encryption look at service providers Cloud should be architected differently People shouldn’t be fooled by “cloud” technology See behind the fog Often it’s really hard because of the opaqueness   Integretity of Data Critical End to end vs middleware Designed to hook together  Managing service provider obligations Asses the risk- make sure the risk you’re willing to accept is related in the SLA Review- annually? Any deviation look for recompense or additional controls Blunt instrument Make sure compliance and information governance are involved early on in the process of negotiating SLA- lawyers don’t know about GRC
  • The key is to understand your current risks- baseline them
  • i.e. Where are we today?
  • Users Applications File shares Email Document management
  • Sysadmins User based access Server access Database access
  • Others: Internet VPN Extranet Customer/Partner portals API’s Suppliers Telco’s Tape warehousing Backup delivery personnel
  • Ends up in a Permissions Nightmare- or a brittle infrastructure
  • How are we managing those risks today?
  • Are you given the budget / skills to do it?
  • “Quiscustodietipsoscustodes?”Who will guard the guards themselves?DecimusIuniusIuvenalis
  • Cloud can be a way to become a guard’s guard, instead of the guard
  • Reasons to go Cloud Security
  • Reason to go Cloud security #1 It’s their business- and their reputation depends on it
  • #2 Money - they are held financially responsible
  • Reason #3 Scale- Cloud platforms have scale that customers could never achieve on their own- protecting against large scale attacks
  • Reason #4 Specialised Skills- employ specific people to do specialised job. Cumulative effect of multiple customers
  • Cumulative effect of multiple customers
  • Best Practice embedded in organisation and distributed. Not dependent on one person
  • Not just about competence and budget- but focus. It’s all they do.
  • Cloud can be a way to become a guard’s guard, instead of the guard
  • Buyer Beware- http://en.wikipedia.org/wiki/Caveat_emptorUnder the doctrine of caveat emptor, the buyer could not recover from the seller for defects on the property that rendered the property unfit for ordinary purposes. The only exception was if the seller actively concealed latent defects or otherwise made material misrepresentations amounting to fraud.Before statutory law, the buyer had no warranty of the quality of goods. In many jurisdictions now, the law requires that goods must be of "merchantable quality". However, this implied warranty can be difficult to enforce and may not apply to all products. Hence, buyers are still advised to be cautious.
  • But make it proportional to risk- especially to CURRENT RISKS