SlideShare a Scribd company logo

Moving Enterprise Applications to the Cloud

VISI
VISI

Clint Harder, Vice President of Product Strategy for TDS HMS presents on "Cloud Services and Enterprise IT Applications: Are They a Match?". Clint Harder takes you through key decision points in selecting cloud services for enterprise applications. This presentation was given at the Enterprise Cloud Summit on October 16, 2012 - presented by VISI. Learn more about enterprise cloud computing at http://www.reliacloud.com.

Technology
1 of 24
Moving Enterprise Applications to the Cloud Clint Harder VP of Product Strategy
About Me • Responsible for product development and operational integration at TDS HMS • Recently developed strategy for ReliaCloud offering • Pragmatic business-oriented technician • Warning: I am NOT a PowerPoint ninja 2
What are Enterprise Applications? • Applications designed to solve enterprise-wide problems • Typically integrate with other applications in the organization • Have stringent security, availability, and performance requirements • Include: – ERP, financial systems, email and collaboration, data warehouses, line of business applications, CRM, eCommerce, portals, etc.
What is Cloud Computing? • Five characteristics according to NIST: – On-demand self-service – Broad network access – Resource pooling – Rapid elasticity – Measured service • My definition: – IT infrastructure and/or applications delivered as service and as an operating expense to the customer • IaaS vs. PaaS vs. SaaS – I prefer ITaaS (IT as a Service) • Public vs. Private vs. Hybrid? – Yes!
Key Study Takeaways “As a first step, we as an industry must still work to provide a clearer definition of what cloud is and how the many innovative and secure services can help positively impact today’s businesses,” said J.R. Santos, global research director at CSA. “But, we need to start at the top and engage senior management. Cloud needs can no longer be thought of as a technical issue to address, but rather a business asset to embrace.” “For cloud to provide enterprise-changing capabilities and the benefits that vendors have promised, it needs to transition from a technology solution to a business resource. This entails understanding what cloud is and what it promises, incorporating business and technical requirements into contracts, monitoring performance against requirements, and appreciating cloud- related risk within the wider context of the business and enterprise risk management.” 5
Key Study Findings • Satisfaction Levels of Various Cloud Components (Percent rating satisfaction as “4″ or “5″ on a scale of 1 to 5): – Software as a Service (applications) 63% – Infrastructure as a Service (compute power) 55% – Platform as a Service (middleware) 43% • Estimated Length of Time to Meet Maturity – Software as a Service 2.73 years – Infrastructure as a Service 3.02 years – Platform as a Service 3.34 years • Business enablers (score 4.08) rather than financial considerations (score 3.5) are the primary factors in making cloud decisions • The business enablement factors that most influence cloud computing decision making are related to the reliability and availability of services (mean score 4.59) and quality of service (score 4.29). 6
Motivations to Outsource Source: Savvis 2012 Global IT Leadership Report Survey of 550 IT Execs 7
Cloud Supports the Agile Business Current State - IT Desired State - IT Increase 20% Value Innovating Profit Generator Creation 80% Cost Center Innovating 80% Sustaining and Running 20% Decrease Sustaining and Low Value Running Operations ‘Running in Place’ or ‘Innovating’? 8
Leading Constraints on Cloud Adoption • Information security (4.22) • Data ownership/custodian responsibilities (4.12) • Legal and contractual issues (4.04) • Regulatory compliance (4.01) • Information assurance (3.77) • Longevity of suppliers (3.44) • Contract lock-in (3.42) • Performance standards (3.30) • Disaster recovery/business continuity (3.25) • Performance monitoring (3.21) • Technology stability (3.10) * Average score, based on a scale of 1 to 5 9
Evaluating Cloud Services • Security Management • Availability and Performance Management • Contracting and Ongoing Management • Big Bang vs. Evolving Adoption 10
Security Management • Cloud computing requires a comprehensive control framework • Cannot focus solely on technology • Build “Defense in Depth” which moves beyond application of technical controls • Establish programmatic security approach drawing from key disciplines • Understand Cloud provider and consumer roles to manage risk
Physical security Where does the Cloud provider host your data and services? • If an unauthorized party can gain physical access, nothing else matters – Access controls – Environmental controls – Surveillance controls • Facility management and ownership – Uptime Institute Tier 3 – Separation of Cloud services
Network security Does the Cloud provider’s network security strategy align with yours? • Look for providers who approach network security the same way you do – Firewall management – Intrusion detection and/or prevention – Remote connectivity from offices and mobile workforce – Denial of service protection – SSL acceleration
System security What does the Cloud provider do to secure the virtualization environment? • Cloud provider owns the servers, storage and virtualization layer • Know who owns the operating systems – Provider, customer or both – Document processes for • OS hardening, patching • Malware defense • Data and system backups • Data isolation and sanitization
Threat management What visibility does the Cloud provider deliver on activity within the environment? • Capabilities will vary by Cloud provider • Know what options are available – Log collection and/or security event management – Configuration, vulnerability and/or penetration assessments – Practices to respond and contain security incidents; analysis for root cause
Risk management How do you know the Cloud provider is maintaining their controls? • Insist on independent attestations from a third party – AICPA Service Organization Control Reports • SOC 1 • SOC 2, SOC 3 – Industry related attestations • Establish your own framework
Compliance Is the Cloud provider enabling compliance with regulatory drivers? • Evaluate Cloud providers based on the compliance obligations of your industry – Health information – Financial records – Payment card data
Availability Management What is the SLA for availability and what are the remedies if not met? • SLA for availablity • Credits and other remedies for non- performance • Does the architecture actually support high availability • Do not expect to transfer all the risk • Unlimited liability, lost profits, etc. 18
Performance Management Can the cloud platform meet your performance requirements? • What is the cloud platform architecture? – How does it align to your existing investments and skill sets? – Does it support high capacity and performance? • High network throughput • High IOPS – Can it scale quickly with existing architecture and capacity? • Is there an SLA for performance metrics? 19
Support Options and Other Services How is support offered for ongoing issues? • Voice • Electronic • Portal What other services are available? • Implementation and migration services • Can you colocate dedicated infrastructure? – Can you integrate into the cloud services? • Can you directly connect (private connectivity) into the cloud services? • Are other managed services available? 20
Contracting What are the important contractual terms to be aware of? • Term of contract – Month to month vs. longer committments • Costs and cost escalators • SLAs – What do they cover and how are they measured? • Data ownership 21
More contracting What guarantees the Cloud provider meets their obligations? • Key controls to strive for: – Rights to audit and mitigate – Security incident notification – Retention and electronic discovery – Human resource practices – Business continuity and disaster recovery – Liability insurance • IMPORTANT: Does the cloud provider have the resources to back their contract?
How to get started? • Big Bang • Evolve • Public vs. Private vs. Hybrid • Data migration • Assign internal ownership for managing the relationship • Develop strong competencies in sourcing management 23
In Closing • Is the cloud ready for enterprise applications? – Yes, if providers are carefully evaluated and contracts are carefully structured. • Has cloud passed you by? – No. Just entering the maturation stage. • Will the cloud save me money? – It depends. – How much value do you put on flexibility and speed? – Apples vs. oranges 24

Recommended

full assignment answer for BIS
full assignment answer for BIS full assignment answer for BIS
full assignment answer for BISmarine9090
 
IdealNet Podcast Lifesciences User Experience Management
IdealNet Podcast Lifesciences User Experience ManagementIdealNet Podcast Lifesciences User Experience Management
IdealNet Podcast Lifesciences User Experience Managementcbiddle2
 
[ I B M] Ibm Banking Overview Final Version For F T U
[ I B M] Ibm Banking Overview Final Version For F T U[ I B M] Ibm Banking Overview Final Version For F T U
[ I B M] Ibm Banking Overview Final Version For F T UEcom Ftu
 
veeamup_04
veeamup_04veeamup_04
veeamup_04S. Hanau
 
How Intelligent Operations Enables Proactive Data Center Management
How Intelligent Operations Enables Proactive Data Center ManagementHow Intelligent Operations Enables Proactive Data Center Management
How Intelligent Operations Enables Proactive Data Center ManagementITOutcomes
 
BMC Software proactive operations platform
BMC Software proactive operations platformBMC Software proactive operations platform
BMC Software proactive operations platformInfraVision
 
Co-Op/MDF Whitepaper by Computer Market Research
Co-Op/MDF Whitepaper by Computer Market ResearchCo-Op/MDF Whitepaper by Computer Market Research
Co-Op/MDF Whitepaper by Computer Market ResearchRon Bostater
 
Core Banking Transformation: Solutions to Standardize Processes and Cut Costs
Core Banking Transformation: Solutions to Standardize Processes and Cut CostsCore Banking Transformation: Solutions to Standardize Processes and Cut Costs
Core Banking Transformation: Solutions to Standardize Processes and Cut CostsIBM Banking
 

Recommended

full assignment answer for BIS
full assignment answer for BIS full assignment answer for BIS
full assignment answer for BISmarine9090
 
IdealNet Podcast Lifesciences User Experience Management
IdealNet Podcast Lifesciences User Experience ManagementIdealNet Podcast Lifesciences User Experience Management
IdealNet Podcast Lifesciences User Experience Managementcbiddle2
 
[ I B M] Ibm Banking Overview Final Version For F T U
[ I B M] Ibm Banking Overview Final Version For F T U[ I B M] Ibm Banking Overview Final Version For F T U
[ I B M] Ibm Banking Overview Final Version For F T UEcom Ftu
 
veeamup_04
veeamup_04veeamup_04
veeamup_04S. Hanau
 
How Intelligent Operations Enables Proactive Data Center Management
How Intelligent Operations Enables Proactive Data Center ManagementHow Intelligent Operations Enables Proactive Data Center Management
How Intelligent Operations Enables Proactive Data Center ManagementITOutcomes
 
BMC Software proactive operations platform
BMC Software proactive operations platformBMC Software proactive operations platform
BMC Software proactive operations platformInfraVision
 
Co-Op/MDF Whitepaper by Computer Market Research
Co-Op/MDF Whitepaper by Computer Market ResearchCo-Op/MDF Whitepaper by Computer Market Research
Co-Op/MDF Whitepaper by Computer Market ResearchRon Bostater
 
Core Banking Transformation: Solutions to Standardize Processes and Cut Costs
Core Banking Transformation: Solutions to Standardize Processes and Cut CostsCore Banking Transformation: Solutions to Standardize Processes and Cut Costs
Core Banking Transformation: Solutions to Standardize Processes and Cut CostsIBM Banking
 
IT Financial Transparency: EMC’s Successful Journey to Achieving Enterprise C...
IT Financial Transparency: EMC’s Successful Journey to Achieving Enterprise C...IT Financial Transparency: EMC’s Successful Journey to Achieving Enterprise C...
IT Financial Transparency: EMC’s Successful Journey to Achieving Enterprise C...EMC
 
Holistic Resilience
Holistic ResilienceHolistic Resilience
Holistic ResilienceContinuity and Resilience
 
History of automation in hcl
History of automation in hclHistory of automation in hcl
History of automation in hclTirthankar Sutradhar
 
Smart Grid Operational Services: Selecting the Right Mobile Solution
Smart Grid Operational Services: Selecting the Right Mobile SolutionSmart Grid Operational Services: Selecting the Right Mobile Solution
Smart Grid Operational Services: Selecting the Right Mobile SolutionCapgemini
 
Utility Mobile IT Adoption
Utility Mobile IT AdoptionUtility Mobile IT Adoption
Utility Mobile IT AdoptionCapgemini
 
Chapter 12
Chapter 12Chapter 12
Chapter 12Bituin Faecho
 
EASTMAN-BDP Case Study.doc
EASTMAN-BDP Case Study.docEASTMAN-BDP Case Study.doc
EASTMAN-BDP Case Study.docCapt Raymond Heman Anirudhan
 
The Application TCO Journey
The Application TCO JourneyThe Application TCO Journey
The Application TCO JourneyPete Hidalgo
 
Increase Customer Engagement Through Transparency - Forrester Research
Increase Customer Engagement Through Transparency - Forrester ResearchIncrease Customer Engagement Through Transparency - Forrester Research
Increase Customer Engagement Through Transparency - Forrester ResearchPrashanth Chetty
 
Enterprise Computing - A Vision of Future Today (Presentation to DCU students)
Enterprise Computing - A Vision of Future Today (Presentation to DCU students)Enterprise Computing - A Vision of Future Today (Presentation to DCU students)
Enterprise Computing - A Vision of Future Today (Presentation to DCU students)Castlebridge Associates
 
Fostering Best Financial Strategies and Practices for Enterprise IT
Fostering Best Financial Strategies and Practices for Enterprise ITFostering Best Financial Strategies and Practices for Enterprise IT
Fostering Best Financial Strategies and Practices for Enterprise ITIBM India Smarter Computing
 
Organizing Asset Management Today
Organizing Asset Management TodayOrganizing Asset Management Today
Organizing Asset Management TodayDavid Messineo
 
RESUME_IT_01032017
RESUME_IT_01032017RESUME_IT_01032017
RESUME_IT_01032017MUKESH BHATT
 
Document Management and Record Management courses
Document Management and Record Management coursesDocument Management and Record Management courses
Document Management and Record Management coursesRajendra Salunke
 
Understanding_IT_Assets_Today
Understanding_IT_Assets_TodayUnderstanding_IT_Assets_Today
Understanding_IT_Assets_TodayDavid Messineo
 
Software Engineering: Designing a Better Experience for Communications, Media...
Software Engineering: Designing a Better Experience for Communications, Media...Software Engineering: Designing a Better Experience for Communications, Media...
Software Engineering: Designing a Better Experience for Communications, Media...Cognizant
 
ARMnet Financial Management Software News
ARMnet Financial Management Software NewsARMnet Financial Management Software News
ARMnet Financial Management Software NewsTimMagill
 
Using BPM for Agility in a Globalised World
Using BPM for Agility in a Globalised WorldUsing BPM for Agility in a Globalised World
Using BPM for Agility in a Globalised WorldSchneider Electric
 
Telecom service capability methodology summary 02
Telecom service capability methodology summary 02Telecom service capability methodology summary 02
Telecom service capability methodology summary 02pskoularikos
 
MIS 19 Business Process Outsourcing
MIS 19 Business Process OutsourcingMIS 19 Business Process Outsourcing
MIS 19 Business Process OutsourcingTushar B Kute
 
Pros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesPros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesEagle Technologies
 
vRealize Operations 6.4: Supercharge your SDDC Intelligent Operations
vRealize Operations 6.4: Supercharge your SDDC Intelligent OperationsvRealize Operations 6.4: Supercharge your SDDC Intelligent Operations
vRealize Operations 6.4: Supercharge your SDDC Intelligent OperationsVMware
 

More Related Content

What's hot

IT Financial Transparency: EMC’s Successful Journey to Achieving Enterprise C...
IT Financial Transparency: EMC’s Successful Journey to Achieving Enterprise C...IT Financial Transparency: EMC’s Successful Journey to Achieving Enterprise C...
IT Financial Transparency: EMC’s Successful Journey to Achieving Enterprise C...EMC
 
Smart Grid Operational Services: Selecting the Right Mobile Solution
Smart Grid Operational Services: Selecting the Right Mobile SolutionSmart Grid Operational Services: Selecting the Right Mobile Solution
Smart Grid Operational Services: Selecting the Right Mobile SolutionCapgemini
 
Utility Mobile IT Adoption
Utility Mobile IT AdoptionUtility Mobile IT Adoption
Utility Mobile IT AdoptionCapgemini
 
The Application TCO Journey
The Application TCO JourneyThe Application TCO Journey
The Application TCO JourneyPete Hidalgo
 
Increase Customer Engagement Through Transparency - Forrester Research
Increase Customer Engagement Through Transparency - Forrester ResearchIncrease Customer Engagement Through Transparency - Forrester Research
Increase Customer Engagement Through Transparency - Forrester ResearchPrashanth Chetty
 
Enterprise Computing - A Vision of Future Today (Presentation to DCU students)
Enterprise Computing - A Vision of Future Today (Presentation to DCU students)Enterprise Computing - A Vision of Future Today (Presentation to DCU students)
Enterprise Computing - A Vision of Future Today (Presentation to DCU students)Castlebridge Associates
 
Fostering Best Financial Strategies and Practices for Enterprise IT
Fostering Best Financial Strategies and Practices for Enterprise ITFostering Best Financial Strategies and Practices for Enterprise IT
Fostering Best Financial Strategies and Practices for Enterprise ITIBM India Smarter Computing
 
Organizing Asset Management Today
Organizing Asset Management TodayOrganizing Asset Management Today
Organizing Asset Management TodayDavid Messineo
 
RESUME_IT_01032017
RESUME_IT_01032017RESUME_IT_01032017
RESUME_IT_01032017MUKESH BHATT
 
Document Management and Record Management courses
Document Management and Record Management coursesDocument Management and Record Management courses
Document Management and Record Management coursesRajendra Salunke
 
Understanding_IT_Assets_Today
Understanding_IT_Assets_TodayUnderstanding_IT_Assets_Today
Understanding_IT_Assets_TodayDavid Messineo
 
Software Engineering: Designing a Better Experience for Communications, Media...
Software Engineering: Designing a Better Experience for Communications, Media...Software Engineering: Designing a Better Experience for Communications, Media...
Software Engineering: Designing a Better Experience for Communications, Media...Cognizant
 
ARMnet Financial Management Software News
ARMnet Financial Management Software NewsARMnet Financial Management Software News
ARMnet Financial Management Software NewsTimMagill
 
Using BPM for Agility in a Globalised World
Using BPM for Agility in a Globalised WorldUsing BPM for Agility in a Globalised World
Using BPM for Agility in a Globalised WorldSchneider Electric
 
Telecom service capability methodology summary 02
Telecom service capability methodology summary 02Telecom service capability methodology summary 02
Telecom service capability methodology summary 02pskoularikos
 
MIS 19 Business Process Outsourcing
MIS 19 Business Process OutsourcingMIS 19 Business Process Outsourcing
MIS 19 Business Process OutsourcingTushar B Kute
 

What's hot (20)

IT Financial Transparency: EMC’s Successful Journey to Achieving Enterprise C...
IT Financial Transparency: EMC’s Successful Journey to Achieving Enterprise C...IT Financial Transparency: EMC’s Successful Journey to Achieving Enterprise C...
IT Financial Transparency: EMC’s Successful Journey to Achieving Enterprise C...
 
Holistic Resilience
Holistic ResilienceHolistic Resilience
Holistic Resilience
 
History of automation in hcl
History of automation in hclHistory of automation in hcl
History of automation in hcl
 
Smart Grid Operational Services: Selecting the Right Mobile Solution
Smart Grid Operational Services: Selecting the Right Mobile SolutionSmart Grid Operational Services: Selecting the Right Mobile Solution
Smart Grid Operational Services: Selecting the Right Mobile Solution
 
Utility Mobile IT Adoption
Utility Mobile IT AdoptionUtility Mobile IT Adoption
Utility Mobile IT Adoption
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
 
EASTMAN-BDP Case Study.doc
EASTMAN-BDP Case Study.docEASTMAN-BDP Case Study.doc
EASTMAN-BDP Case Study.doc
 
The Application TCO Journey
The Application TCO JourneyThe Application TCO Journey
The Application TCO Journey
 
Increase Customer Engagement Through Transparency - Forrester Research
Increase Customer Engagement Through Transparency - Forrester ResearchIncrease Customer Engagement Through Transparency - Forrester Research
Increase Customer Engagement Through Transparency - Forrester Research
 
Enterprise Computing - A Vision of Future Today (Presentation to DCU students)
Enterprise Computing - A Vision of Future Today (Presentation to DCU students)Enterprise Computing - A Vision of Future Today (Presentation to DCU students)
Enterprise Computing - A Vision of Future Today (Presentation to DCU students)
 
Fostering Best Financial Strategies and Practices for Enterprise IT
Fostering Best Financial Strategies and Practices for Enterprise ITFostering Best Financial Strategies and Practices for Enterprise IT
Fostering Best Financial Strategies and Practices for Enterprise IT
 
Organizing Asset Management Today
Organizing Asset Management TodayOrganizing Asset Management Today
Organizing Asset Management Today
 
RESUME_IT_01032017
RESUME_IT_01032017RESUME_IT_01032017
RESUME_IT_01032017
 
Document Management and Record Management courses
Document Management and Record Management coursesDocument Management and Record Management courses
Document Management and Record Management courses
 
Understanding_IT_Assets_Today
Understanding_IT_Assets_TodayUnderstanding_IT_Assets_Today
Understanding_IT_Assets_Today
 
Software Engineering: Designing a Better Experience for Communications, Media...
Software Engineering: Designing a Better Experience for Communications, Media...Software Engineering: Designing a Better Experience for Communications, Media...
Software Engineering: Designing a Better Experience for Communications, Media...
 
ARMnet Financial Management Software News
ARMnet Financial Management Software NewsARMnet Financial Management Software News
ARMnet Financial Management Software News
 
Using BPM for Agility in a Globalised World
Using BPM for Agility in a Globalised WorldUsing BPM for Agility in a Globalised World
Using BPM for Agility in a Globalised World
 
Telecom service capability methodology summary 02
Telecom service capability methodology summary 02Telecom service capability methodology summary 02
Telecom service capability methodology summary 02
 
MIS 19 Business Process Outsourcing
MIS 19 Business Process OutsourcingMIS 19 Business Process Outsourcing
MIS 19 Business Process Outsourcing
 

Viewers also liked

Pros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesPros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesEagle Technologies
 
vRealize Operations 6.4: Supercharge your SDDC Intelligent Operations
vRealize Operations 6.4: Supercharge your SDDC Intelligent OperationsvRealize Operations 6.4: Supercharge your SDDC Intelligent Operations
vRealize Operations 6.4: Supercharge your SDDC Intelligent OperationsVMware
 
Running and Managing Your Network Just Got Easier
Running and Managing Your Network Just Got EasierRunning and Managing Your Network Just Got Easier
Running and Managing Your Network Just Got EasierVMware
 
Five key themes in enterprise cloud computing migration
Five key themes in enterprise cloud computing migrationFive key themes in enterprise cloud computing migration
Five key themes in enterprise cloud computing migrationWinn Technology Group
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingArwa
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSXScott Lowe
 
VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld
 
vRealize Network Insight 3.3
vRealize Network Insight 3.3vRealize Network Insight 3.3
vRealize Network Insight 3.3VMware
 
Virtualization in cloud computing ppt
Virtualization in cloud computing pptVirtualization in cloud computing ppt
Virtualization in cloud computing pptMehul Patel
 

Viewers also liked (10)

Pros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesPros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed Services
 
vRealize Operations 6.4: Supercharge your SDDC Intelligent Operations
vRealize Operations 6.4: Supercharge your SDDC Intelligent OperationsvRealize Operations 6.4: Supercharge your SDDC Intelligent Operations
vRealize Operations 6.4: Supercharge your SDDC Intelligent Operations
 
Running and Managing Your Network Just Got Easier
Running and Managing Your Network Just Got EasierRunning and Managing Your Network Just Got Easier
Running and Managing Your Network Just Got Easier
 
Five key themes in enterprise cloud computing migration
Five key themes in enterprise cloud computing migrationFive key themes in enterprise cloud computing migration
Five key themes in enterprise cloud computing migration
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSX
 
VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep Dive
 
vRealize Network Insight 3.3
vRealize Network Insight 3.3vRealize Network Insight 3.3
vRealize Network Insight 3.3
 
Virtualization in cloud computing ppt
Virtualization in cloud computing pptVirtualization in cloud computing ppt
Virtualization in cloud computing ppt
 
Introduction to virtualization
Introduction to virtualizationIntroduction to virtualization
Introduction to virtualization
 

Similar to Moving Enterprise Applications to the Cloud

Top Trends and Challenges in the Cloud
Top Trends and Challenges in the CloudTop Trends and Challenges in the Cloud
Top Trends and Challenges in the CloudPrecisely
 
Boston Cloud Dinner/Discussion November 2010
Boston Cloud Dinner/Discussion November 2010Boston Cloud Dinner/Discussion November 2010
Boston Cloud Dinner/Discussion November 2010Ness Technologies
 
Get ahead of the cloud or get left behind
Get ahead of the cloud or get left behindGet ahead of the cloud or get left behind
Get ahead of the cloud or get left behindMatt Mandich
 
Developing a cloud strategy - Presentation Nexon ABC Event
Developing a cloud strategy - Presentation Nexon ABC EventDeveloping a cloud strategy - Presentation Nexon ABC Event
Developing a cloud strategy - Presentation Nexon ABC EventNexon Asia Pacific
 
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David CearlyMay 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David CearlyTim Harvey
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalAndrew White
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
 
VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...
VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...
VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...VMworld
 
Building the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud ComputingBuilding the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud ComputingSrinivas Koushik
 
Cloud computing
Cloud computingCloud computing
Cloud computingRazib M
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckPrecisely
 
Building and Operating Clouds
Building and Operating CloudsBuilding and Operating Clouds
Building and Operating CloudsBMC Software
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessAmazon Web Services
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessAmazon Web Services
 
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterSimplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterAlgoSec
 
Making Money in the Cloud
Making Money in the CloudMaking Money in the Cloud
Making Money in the CloudGravitant, Inc.
 

Similar to Moving Enterprise Applications to the Cloud (20)

Top Trends and Challenges in the Cloud
Top Trends and Challenges in the CloudTop Trends and Challenges in the Cloud
Top Trends and Challenges in the Cloud
 
Boston Cloud Dinner/Discussion November 2010
Boston Cloud Dinner/Discussion November 2010Boston Cloud Dinner/Discussion November 2010
Boston Cloud Dinner/Discussion November 2010
 
Get ahead of the cloud or get left behind
Get ahead of the cloud or get left behindGet ahead of the cloud or get left behind
Get ahead of the cloud or get left behind
 
Developing a cloud strategy - Presentation Nexon ABC Event
Developing a cloud strategy - Presentation Nexon ABC EventDeveloping a cloud strategy - Presentation Nexon ABC Event
Developing a cloud strategy - Presentation Nexon ABC Event
 
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David CearlyMay 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - final
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
 
VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...
VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...
VMworld 2013: Create a Key Metrics-based Actionable Roadmap to Deliver IT as ...
 
Building the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud ComputingBuilding the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud Computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar Deck
 
Building and Operating Clouds
Building and Operating CloudsBuilding and Operating Clouds
Building and Operating Clouds
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
 
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterSimplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data Center
 
Making Money in the Cloud
Making Money in the CloudMaking Money in the Cloud
Making Money in the Cloud
 

Recently uploaded

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

Moving Enterprise Applications to the Cloud

  • 1. Moving Enterprise Applications to the Cloud Clint Harder VP of Product Strategy
  • 2. About Me • Responsible for product development and operational integration at TDS HMS • Recently developed strategy for ReliaCloud offering • Pragmatic business-oriented technician • Warning: I am NOT a PowerPoint ninja 2
  • 3. What are Enterprise Applications? • Applications designed to solve enterprise-wide problems • Typically integrate with other applications in the organization • Have stringent security, availability, and performance requirements • Include: – ERP, financial systems, email and collaboration, data warehouses, line of business applications, CRM, eCommerce, portals, etc.
  • 4. What is Cloud Computing? • Five characteristics according to NIST: – On-demand self-service – Broad network access – Resource pooling – Rapid elasticity – Measured service • My definition: – IT infrastructure and/or applications delivered as service and as an operating expense to the customer • IaaS vs. PaaS vs. SaaS – I prefer ITaaS (IT as a Service) • Public vs. Private vs. Hybrid? – Yes!
  • 5. Key Study Takeaways “As a first step, we as an industry must still work to provide a clearer definition of what cloud is and how the many innovative and secure services can help positively impact today’s businesses,” said J.R. Santos, global research director at CSA. “But, we need to start at the top and engage senior management. Cloud needs can no longer be thought of as a technical issue to address, but rather a business asset to embrace.” “For cloud to provide enterprise-changing capabilities and the benefits that vendors have promised, it needs to transition from a technology solution to a business resource. This entails understanding what cloud is and what it promises, incorporating business and technical requirements into contracts, monitoring performance against requirements, and appreciating cloud- related risk within the wider context of the business and enterprise risk management.” 5
  • 6. Key Study Findings • Satisfaction Levels of Various Cloud Components (Percent rating satisfaction as “4″ or “5″ on a scale of 1 to 5): – Software as a Service (applications) 63% – Infrastructure as a Service (compute power) 55% – Platform as a Service (middleware) 43% • Estimated Length of Time to Meet Maturity – Software as a Service 2.73 years – Infrastructure as a Service 3.02 years – Platform as a Service 3.34 years • Business enablers (score 4.08) rather than financial considerations (score 3.5) are the primary factors in making cloud decisions • The business enablement factors that most influence cloud computing decision making are related to the reliability and availability of services (mean score 4.59) and quality of service (score 4.29). 6
  • 7. Motivations to Outsource Source: Savvis 2012 Global IT Leadership Report Survey of 550 IT Execs 7
  • 8. Cloud Supports the Agile Business Current State - IT Desired State - IT Increase 20% Value Innovating Profit Generator Creation 80% Cost Center Innovating 80% Sustaining and Running 20% Decrease Sustaining and Low Value Running Operations ‘Running in Place’ or ‘Innovating’? 8
  • 9. Leading Constraints on Cloud Adoption • Information security (4.22) • Data ownership/custodian responsibilities (4.12) • Legal and contractual issues (4.04) • Regulatory compliance (4.01) • Information assurance (3.77) • Longevity of suppliers (3.44) • Contract lock-in (3.42) • Performance standards (3.30) • Disaster recovery/business continuity (3.25) • Performance monitoring (3.21) • Technology stability (3.10) * Average score, based on a scale of 1 to 5 9
  • 10. Evaluating Cloud Services • Security Management • Availability and Performance Management • Contracting and Ongoing Management • Big Bang vs. Evolving Adoption 10
  • 11. Security Management • Cloud computing requires a comprehensive control framework • Cannot focus solely on technology • Build “Defense in Depth” which moves beyond application of technical controls • Establish programmatic security approach drawing from key disciplines • Understand Cloud provider and consumer roles to manage risk
  • 12. Physical security Where does the Cloud provider host your data and services? • If an unauthorized party can gain physical access, nothing else matters – Access controls – Environmental controls – Surveillance controls • Facility management and ownership – Uptime Institute Tier 3 – Separation of Cloud services
  • 13. Network security Does the Cloud provider’s network security strategy align with yours? • Look for providers who approach network security the same way you do – Firewall management – Intrusion detection and/or prevention – Remote connectivity from offices and mobile workforce – Denial of service protection – SSL acceleration
  • 14. System security What does the Cloud provider do to secure the virtualization environment? • Cloud provider owns the servers, storage and virtualization layer • Know who owns the operating systems – Provider, customer or both – Document processes for • OS hardening, patching • Malware defense • Data and system backups • Data isolation and sanitization
  • 15. Threat management What visibility does the Cloud provider deliver on activity within the environment? • Capabilities will vary by Cloud provider • Know what options are available – Log collection and/or security event management – Configuration, vulnerability and/or penetration assessments – Practices to respond and contain security incidents; analysis for root cause
  • 16. Risk management How do you know the Cloud provider is maintaining their controls? • Insist on independent attestations from a third party – AICPA Service Organization Control Reports • SOC 1 • SOC 2, SOC 3 – Industry related attestations • Establish your own framework
  • 17. Compliance Is the Cloud provider enabling compliance with regulatory drivers? • Evaluate Cloud providers based on the compliance obligations of your industry – Health information – Financial records – Payment card data
  • 18. Availability Management What is the SLA for availability and what are the remedies if not met? • SLA for availablity • Credits and other remedies for non- performance • Does the architecture actually support high availability • Do not expect to transfer all the risk • Unlimited liability, lost profits, etc. 18
  • 19. Performance Management Can the cloud platform meet your performance requirements? • What is the cloud platform architecture? – How does it align to your existing investments and skill sets? – Does it support high capacity and performance? • High network throughput • High IOPS – Can it scale quickly with existing architecture and capacity? • Is there an SLA for performance metrics? 19
  • 20. Support Options and Other Services How is support offered for ongoing issues? • Voice • Electronic • Portal What other services are available? • Implementation and migration services • Can you colocate dedicated infrastructure? – Can you integrate into the cloud services? • Can you directly connect (private connectivity) into the cloud services? • Are other managed services available? 20
  • 21. Contracting What are the important contractual terms to be aware of? • Term of contract – Month to month vs. longer committments • Costs and cost escalators • SLAs – What do they cover and how are they measured? • Data ownership 21
  • 22. More contracting What guarantees the Cloud provider meets their obligations? • Key controls to strive for: – Rights to audit and mitigate – Security incident notification – Retention and electronic discovery – Human resource practices – Business continuity and disaster recovery – Liability insurance • IMPORTANT: Does the cloud provider have the resources to back their contract?
  • 23. How to get started? • Big Bang • Evolve • Public vs. Private vs. Hybrid • Data migration • Assign internal ownership for managing the relationship • Develop strong competencies in sourcing management 23
  • 24. In Closing • Is the cloud ready for enterprise applications? – Yes, if providers are carefully evaluated and contracts are carefully structured. • Has cloud passed you by? – No. Just entering the maturation stage. • Will the cloud save me money? – It depends. – How much value do you put on flexibility and speed? – Apples vs. oranges 24

Editor's Notes

  1. Bill and I may disagree on some points. That is good and healthy, and disagreement brings certain issues to forefront to be addressed.
  2. When we were evaluating speakers, one of them would not call our cloud offering a cloud because in our first phase we did not bill hourly. It is a simply switch we can throw in our software, but we do not view that as compelling for production IT.
  3. Going to break another PPT “rule:.Going to read (and print) 2 key takeaways.
  4. Estimated time to maturity supports the stage of IaaS in the Gartner trough of disillusionment.Also indicates that if your organization has not done anything with IaaS, you are not behind.Important sidebar:Will you save money?Depends on how you measureDepends on what you measureDepends on your current IT investments, staffing models, business plans, etc.KEY: Depends on how much you value flexibility!
  5. Legacy infrastructure. Legacy staffing models. Shrink time to deployment.
  6. Let me expand on the top line of the previous “motivations” graph.In short, cloud drives top-line growth from:● Improved business speed, reach, and scalability, with faster provisioning● New services innovation, transforming IT from a cost center to an enabler of businessand competitive advantages● Competitive differentiation through adoption of new capabilities such as mobility andvideo● Improved business resiliency through better uptime● Competitive differentiation through adoption of new capabilities such as mobility andvideo● Improved business resiliency through better uptime
  7. These roughly fall into the following categories:Security and ComplianceAvailability and PerformanceContracting and Ongoing Management
  8. THE MAJOR FOCUS AREA. AND IT SHOULD BE.Security shouldn’t force youto avoid the cloudSecurity can force you to address the issues you’ve avoidedExclusive focus on IT Security (e.g. firewalls, anti-virus, encryption) overlooks people and processDefense in depth, layers of control with permission to failProgrammatic approach, security isn’t just the IT guys problemRole management, make sure both parties understand their obligationsTransfer responsibility, not accountability
  9. Make sure you understand how the cloud environment is physically securedLook for multiple layers of access control to gain access to cloud infrastructurePeople traps, tail gating sensors to restrict improperly escorted accessCombination of something you have (e.g. proximity card) and something you are (e.g. fingerprint)Understand the electrical and cooling capabilities of the facilitiesKnow how the provider delivers electrical service redundancyAsk the provider to explain their philosophy on cooling Ensure provider has appropriate controls to monitor physical access to equipmentCamera placement at ingress/egress, visibility of equipmentRetention of video recordings based on your requirements (e.g. 180d, 1y, 2y)Verify whether your cloud provider own the facility, rents it or simply is one of several organizations located withinMake sure provider is separated from other organizations; physically and logicallyProviders policy on colocation of your equipment
  10. Network security controls are the foundational set of logical or technical controlsMake sure the provider views network security the same way you doAdjust your expectations where necessaryHow are firewall services provided?Shared or dedicatedPhysical or virtualNumber of layers or segmentationHow is network based IDS/IPS handled?Internal or externalTypes of events (e.g. inbound, outbound or both)Frequency of signature updates and/or tuningHow is remote connectivity supplied?Site to site, remote access or bothStrong mechanisms for encryptionConnectivity to business partnersConnectivity to providers other servicesKnow what services are and are not includedDenial of service protectionLoad balancing, SSL acceleration
  11. Cloud provider is always responsible for securing the hypervisorCloud provider may or may not be responsible for the OS even in an IaaS modelMake sure OS management responsibilities are clearly defined and have SLAs establishedIdentify escalation mechanisms to ensure finger pointing does not become a road blockLook for complementary support modelsMake sure you know how your data is Stored in relation to other customers’ dataPurged or removed when you no longer need it. Is there a decommissioning process?Just returned to storage poolsIf there are any doubts, encrypt the file system; retain key management
  12. Managing the potential threats to your data and services is a joint effort with the providerCombination of oversight and operationsIdentify capabilities provided by the provider by default and as optional servicesLeverage cloud provider where you can and integrate where you mustCloud provider should have capabilities to collect log data and identify security eventsVerify how the cloud provider monitors the configuration of the environmentKnow whether you can conduct vulnerability and or penetration testingVaries by provider and by model (e.g. SaaS, IaaS)Ensure the provider has procedures on responding to security incident and conducting root cause analysis (e.g. digital forensic capabilities)
  13. Select providers who undergo independent review of their security controlsAICPA (American Institute of Certified Public Accountants)SOC 1 recommended for controls around financial processingSOC 2 recommended and going forward (2013 or 2014)Consider attestations for cloud provider which related to your line of business or industryPCI – DSSISO 27001Establish your own framework to audit cloud providersDraw from existing assessment/audit materialsLeverage CSA STAR (Security, Trust and Assurance Registry)https://cloudsecurityalliance.org/star/Leverage current regulatory frameworksAssess cloud provider regularlyFocus on key areas
  14. Understand how cloud providers meet specific sections of regulatory and pseudo-regulatory requirements your organization facesAssessment and commitmentReview your providers controls for alignment with your compliance requirementsAcquire contractual commitments on compliance requirements from providersVerify which of the following your organization must comply with and how the provider addresses:HIPAAHITECHGLBAFISMAPCI – DSSEU Data Protection Directive
  15. This is an evolving area, but is especially important for enterprise Apps.Especially the SLAs
  16. Don’t gloss over support. Who can you reach, when, and how, when you are having issues?
  17. Term can be a two edged sword:Month to month means:Prices can go up and downLikely to be more expensive than some level of commitmentCapacity is only guaranteed for the term of your contract.
  18. Audit rightsHow often?How much notice?Against what standards/frameworks?How are findings remediated?Does auditing allow you to conduct vulnerability assessments and penetration tests?Incident notificationHow quickly are you notified?How does the provider handle notification of the media, law enforcement and your customers?RetentionHow do you ensure data is retained in the event of a litigation hold, what does it cost?What does the provider do to destroy data that you have decommissioned?Human resourcesWhat type of background checks and screens are performed?How does the provider terminate access when it is no longer required?BCP/DRWho is responsible for resumption of your operations at another location?What does the provider have in place to support you in the event of their own disaster?InsuranceDoes the provider have insurance to cover your losses based on the indemnification you’ve work out with them?Does the carrier agree to provide coverage based on the nature of the insurance (general liability vs e-commerce)?Don’t rely on contract breach as the only remediation; once you are there it costs you more than them to moveEstablish SLAs around security and controlsAttach financial penalties