Bringing the Cloud Back to Earth

webinars.plantemoran.com
Presenters
Marv Sauer, Principal – Plante Moran, Education Consulting
Marv has more than 25 years taking clients from init...
Administration
 Slides are available for download from your webcast
console. A recording of today’s webinar will be added...
Administration
 This is a CPE-eligible webinar. Throughout the webcast,
participation pop-ups will appear.
 Participants...
Overview
Kick it to the next level - move beyond the tutorials
• Review drivers, strategy and architectures for deploying ...
Background
Gartner believes enterprises will spend $112 billion cumulatively
on software as a service (SaaS), platform as ...
Drivers of cloud computing - Recap
Drivers
• Data Center pressures – increased systems and data explosion
• Flexibility - ...
Strategy - Recap
• Goals maybe the same
• Questions and priorities may be different and often competing
Current
IT Env.

T...
IT Staff

Net. Admin, DBA,
Programmer

Applications

Applications

Managed services

Database

PaaS

Operating
System and
...
Deployment Models - Recap
 Multi-tenancy computing resources
(infrastructure, OS, applications are
available to other ten...
Examples of the cloud - Recap

IaaS

Source: Cloud Taxonomy
11

webinars.plantemoran.com
Examples of the cloud - Recap

PaaS

Source: Cloud Taxonomy
12

webinars.plantemoran.com
Examples of the cloud - Recap

SaaS
Source: Cloud Taxonomy
13

webinars.plantemoran.com
Examples of the cloud - Recap

Cloud
Software

Source: Cloud Taxonomy
14

webinars.plantemoran.com
What is at risk?
• Cloud computing inherently means trusting some of your most valuable assets
• Before you start – high l...
What is at risk?
• Understand risk by mapping the asset to
• Possible deployment models
• The potential flow of data betwe...
Protect your assets – ask the questions
1. Who’s managing my data?
• Qualifications and backgrounds of staff
• Who else (p...
Protect your assets – ask the questions
• Why does location matter? - Country Risk Ratings for Security and Privacy

Sourc...
Protect your assets – ask the questions
3. What access controls are in place?
• What are the physical controls and logical...
Protect your assets – ask the questions
• Map the potential flow of data between your users (internal and external),
other...
Protect your assets – ask the questions
6. What authentication mechanisms are supported by the CSP?
• 2-pass authenticatio...
Protect your assets – ask the questions
8. Can the CSP pass muster with the auditors?
• Security assessment by a 3rd party...
Protect your assets – ask the questions
11. Does the CSP offer backup and recovery services?
• Data retention, backup and ...
Eeny, meeny, miny, moe – Picking a CSP
No different than any other selection project
• Identify what is important to you
•...
Eeny, meeny, miny, moe – Picking a CSP

25

webinars.plantemoran.com
Eeny, meeny, miny, moe – picking a CSP

Reference: Intel’s Intel Cloud Finder
26

webinars.plantemoran.com
Contractual considerations
Negotiate key terms and conditions to mitigate risk and cost
exposure:
• Uptime Guarantees
• SL...
Contractual considerations
Negotiate key terms and conditions to mitigate risk and cost
exposure:
• Data privacy condition...
Where’s my checklist?
 Do I have a “strategy” or am I “piecemealing this”?
 Have a process for identifying suitable appl...
Q&A

Q&A

webinars.plantemoran.com
Thank you for attending

Marv Sauer, Principal
248.223. 3120

Sri Chalasani, Sr. Architect
248.223.3707

marv.sauer@plante...
Upcoming SlideShare
Loading in …5
×

Bringing the Cloud Back to Earth

497 views

Published on

Cloud computing can be safe, uncomplicated and move the organization forward IF YOU DO YOUR DUE DILIGENCE!!
It's your data and your neck so don't be afraid to ask the right questions and get them in writing

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
497
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
5
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Bringing the Cloud Back to Earth

  1. 1. Bringing the Cloud Back to Earth webinars.plantemoran.com
  2. 2. Presenters Marv Sauer, Principal – Plante Moran, Education Consulting Marv has more than 25 years taking clients from initial strategic planning through the successful implementation of a variety of proven and leading edge technologies. He is a talented facilitator of small to large groups working with personnel ranging from end users to executive management. Marv has given presentations at local and national conferences on topics such as Building the Network of Tomorrow, Today and With Strategic Planning First, Successful Implementation Follows. Marv holds a Master of Business Administration in Finance from the University of Michigan and a Bachelor of Science in Math and Computer Science from the University of California, Los Angeles (UCLA). Sri Chalasani, Sr. Architect – Plante Moran, IT Consulting Sri has over twenty years of experience and specializes in the design, deployment, and troubleshooting of complex networks. He also has over fifteen years of experience in the design and implementation of broadband multimedia solutions across large networks. Sri has help many organization in the design and selection of data center including strategic sourcing of cloud based solutions. He has an MBA from Wayne State University, a MS in Computer Science from Western Michigan University and a BS in Electronics Engineering from Bangalore University.. webinars.plantemoran.com
  3. 3. Administration  Slides are available for download from your webcast console. A recording of today’s webinar will be added to our website in a few days.  We will allow time at the end of the presentation to respond to your questions, but please feel free to submit questions at any time. webinars.plantemoran.com
  4. 4. Administration  This is a CPE-eligible webinar. Throughout the webcast, participation pop-ups will appear.  Participants must respond to at least 75% of these popups in order to receive CPE credit.  To receive CPE credit, you need to be logged in individually to the webinar and meet the eligibility requirements (have an accrued viewing time of at least 50 minutes and 75% response to participation tracking), to receive CPE. Only attendees who are logged into the webinar will be eligible to earn CPE credit. 4 webinars.plantemoran.com
  5. 5. Overview Kick it to the next level - move beyond the tutorials • Review drivers, strategy and architectures for deploying a cloud • Identify your risks • Asking the right questions • Selection criteria • The T’s and C’s 5 webinars.plantemoran.com
  6. 6. Background Gartner believes enterprises will spend $112 billion cumulatively on software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS), Part of the attraction is the promise of lower total cost of ownership but, with this comes higher risks some of which are not always immediately apparent. Source: Gartner 6 webinars.plantemoran.com
  7. 7. Drivers of cloud computing - Recap Drivers • Data Center pressures – increased systems and data explosion • Flexibility - system capacity (elasticity) and ubiquitous access • Minimize risk – modernize to survive / keep up with the times • Cost / predictable cash flow • Reduced operational / systems management • Accelerated access to complex applications • Allow for focus on core competencies 7 webinars.plantemoran.com
  8. 8. Strategy - Recap • Goals maybe the same • Questions and priorities may be different and often competing Current IT Env. Terms & Conditions Users Cloud Strategy Risks Security C.I.A Business objectives and goals Costs Governance * Security & compliance * Impacts IT staff? * Performance & reliability? * Distributed workforce? * Agility & growth * Contract, SLA, & support? Administration * Reduce costs? TCO/ROI? * Distributed workforce? * Competitive advantages? * Risks? * Align with business goals? Roadmap Solutions Reg. & Compliance Agility Technology Business IT Staff & App. Integ / skills Process Rearch CEO CIO 8 webinars.plantemoran.com
  9. 9. IT Staff Net. Admin, DBA, Programmer Applications Applications Managed services Database PaaS Operating System and Back Office Servers Infrastructure Storage Network IaaS Operating System SaaS System Software Cloud Services Four major building blocks for IT system Architectures - Recap IaaS: Infrastructure as a Service; PaaS: Platform as a Service; SaaS: Software as a Service 9 webinars.plantemoran.com
  10. 10. Deployment Models - Recap  Multi-tenancy computing resources (infrastructure, OS, applications are available to other tenants  Typically hosted at a provider  Community Cloud  Collaboration between multiple org.  Involvement by invitation only  Private Cloud  Only your organization has access to the resources.  Hosted internally or hosted by a provider  Hybrid Cloud IaaS / PaaS / SaaS  Public Cloud  Combination of Private and Public  Most organizations Other: internal or external hosted 10 webinars.plantemoran.com
  11. 11. Examples of the cloud - Recap IaaS Source: Cloud Taxonomy 11 webinars.plantemoran.com
  12. 12. Examples of the cloud - Recap PaaS Source: Cloud Taxonomy 12 webinars.plantemoran.com
  13. 13. Examples of the cloud - Recap SaaS Source: Cloud Taxonomy 13 webinars.plantemoran.com
  14. 14. Examples of the cloud - Recap Cloud Software Source: Cloud Taxonomy 14 webinars.plantemoran.com
  15. 15. What is at risk? • Cloud computing inherently means trusting some of your most valuable assets • Before you start – high level understanding of the risks • Two key assets exposed to risk - Data and Applications/Process • Evaluate the risk for Confidentiality, Integrity and Availability. Impact on asset if it: • Breached • Accessed by provider(s) • Process is manipulated by an outsider • Unavailable for a while 15 webinars.plantemoran.com
  16. 16. What is at risk? • Understand risk by mapping the asset to • Possible deployment models • The potential flow of data between your users and CSPs • Assurances on safety of data? • SOC standards provide some level of assurance – CSA, GSA, NIST • CSA / GSA / NIST - tools to assess security requirements & services • Onus is still on you, do have to conduct your own due diligence 16 webinars.plantemoran.com
  17. 17. Protect your assets – ask the questions 1. Who’s managing my data? • Qualifications and backgrounds of staff • Who else (partners/sub-contractors) can touch your data? 2. Where’s my data actually located? • Regulatory and compliance requirements for data export • Primary and secondary (replication sites) • Conformance to local laws – data discovery • Map how data is stored and handled 17 webinars.plantemoran.com
  18. 18. Protect your assets – ask the questions • Why does location matter? - Country Risk Ratings for Security and Privacy Source: 18 webinars.plantemoran.com
  19. 19. Protect your assets – ask the questions 3. What access controls are in place? • What are the physical controls and logical controls? • CSPs disclose data access control processes in place • Frequency of testing of access controls 4. How will my data be physically secured & separated from other customers? • Common hardware or applications with logical controls? • Testing of data encryption / data leakage 5. How’s my data encrypted? • Understand security for data at rest and data in transit • Data at rest - encryption types • Data in transit - encrypted, authenticated and integrity protected 19 webinars.plantemoran.com
  20. 20. Protect your assets – ask the questions • Map the potential flow of data between your users (internal and external), other providers and the cloud service CSP2 Organization CSP1 Data App Users Servers CSP3 Backup Backup Backup Users 20 webinars.plantemoran.com
  21. 21. Protect your assets – ask the questions 6. What authentication mechanisms are supported by the CSP? • 2-pass authentication - passwords with tokens and certificates • Integration using LDAP and SAML with Dir. Svcs or Identity Mgmt. systems 7. What happens if there’s a data breach? • Incident Response Plan (IRP) - proactive processes and technologies in place to detect if an application or data is under attack. Create your own too • Response times and notification process; request history • Technology Errors & Omissions policy and/or Cyber Liability coverage 21 webinars.plantemoran.com
  22. 22. Protect your assets – ask the questions 8. Can the CSP pass muster with the auditors? • Security assessment by a 3rd party or accreditation process • Process for accommodating the needs of the your auditors • Conduct a forensic investigation? 9. Is your cloud computing service SOC 2/SSAE16 (formerly SAS 70) compliant? • No assurances but a step in the right direction • Demonstrates methodical and repeatable process • Security certification and other regulatory requirements HIPAA, FERPA etc. 10. What is CSP’s stability factor? • CSP acquired or out of business? • Timely transition, removal and destruction of your data 22 webinars.plantemoran.com
  23. 23. Protect your assets – ask the questions 11. Does the CSP offer backup and recovery services? • Data retention, backup and recovery • Backed up to where. Basic backup services or beyond? • Recovery process from an outage • What is included in your service – does this match you RPO/RTO? 12. What are the contract terms? • SLA, breach notification, intellectual properties, limitation of liability, etc. • More on this later 23 webinars.plantemoran.com
  24. 24. Eeny, meeny, miny, moe – Picking a CSP No different than any other selection project • Identify what is important to you • Identify what “must haves” and “like to have” • Don’t ignore security and growth • For each of the identified areas, assign weightage • Seek “written” answers you are looking for • When in doubt err on the conservative side • Reference – ask for a list of clients, not just references • Not to be taken lightly – your data, your neck • Add skill sets to the IT mix to manage and administer vendor contracts • Viewed as a partnership - cannot abdicate management of the vendor / service though they provide the service webinars.plantemoran.com 24
  25. 25. Eeny, meeny, miny, moe – Picking a CSP 25 webinars.plantemoran.com
  26. 26. Eeny, meeny, miny, moe – picking a CSP Reference: Intel’s Intel Cloud Finder 26 webinars.plantemoran.com
  27. 27. Contractual considerations Negotiate key terms and conditions to mitigate risk and cost exposure: • Uptime Guarantees • SLA penalties • SLA penalty exclusions • Security • Business Continuity and Disaster recovery 27 webinars.plantemoran.com
  28. 28. Contractual considerations Negotiate key terms and conditions to mitigate risk and cost exposure: • Data privacy conditions • Suspension of service • Termination • Liability 28 webinars.plantemoran.com
  29. 29. Where’s my checklist?  Do I have a “strategy” or am I “piecemealing this”?  Have a process for identifying suitable applications / systems / workloads ideal for “cloudifying” – business objective first  Define your selection criteria - requirements for security, compliance, growth, performance, etc.  Identify issues around migrating existing workloads  Identify vendor(s), vendor lock-ins and flexibilities  Identify the costs? CapEx, OpEx, sunk costs, staff retraining  Identify your questions - have written responses, talk to existing clients  Determine the impact on your IT staff (skills and headcount)?  Understand your contract – have your requirements clearly identified It is not an all or nothing proposition – think hybrid 29 webinars.plantemoran.com
  30. 30. Q&A Q&A webinars.plantemoran.com
  31. 31. Thank you for attending Marv Sauer, Principal 248.223. 3120 Sri Chalasani, Sr. Architect 248.223.3707 marv.sauer@plantemoran.com sri.chalasani@plantemoran.com To view a complete calendar of upcoming Plante Moran webinars, visit webinars.plantemoran.com webinars.plantemoran.com

×