Not all workloads are necessarily ready for a cloud computing deployment model. And workloads in different organizations will be at different stages of readiness. For example, different workloads have very different architectural characteristics – think about how Google is optimized for search or massive reading, Amazon for web displaying, and Salesforce for a heavy multi-tenant environment. Those areas that have a high degree of affinity with the cloud model – technically and from a risk/reward perspective – include Infrastructure as a Service and Software as a Service solutions. Workloads that clients are adopting now include test and development, desktop, collaboration, storage, compute and analytics. All of these are highly standardized….the more standard the environments the better the economics are going to be. There are other workloads that cannot at this time move to the cloud due to regulations, criticality, or security concerns. And new workloads are being made possible due to the benefits of clouds - massive scalability and self-service, economies of scale – such as medical images, fraud detection, or energy management. IBM takes workloads into account when building our cloud solutions…
[Strategic Initiative: Expand portfolio of workload optimized systems] I’ve already highlighted our portfolio. We are focused on increasing portfolio of systems optimized for specific workloads. We have solutions and systems in 2009 and planned for 2010 that address the key workload types our clients are running. The systems are designed according to the particular workload characteristics. For example, a typical transaction processing workload like core banking is characterized by a high rate of transactions. Scale matters and quality of service is extremely important. Things like downtime, security, tool maturity, and infrastructure sophistication matter. The workloads we’re designing for are: Transaction Processing and Database : for applications, as I said, like core banking, hotel & airline reservations; Analytics and High Performance Computing : these workloads include weather prediction data warehousing, data mining, scientific engineering and auto & aerospace design; Business Applications : which includes SAP, Supply Chain Management, CRM; and Web, Collaboration and Infrastructure : for applications such as file serving, print management, email, security, web serving. As I mentioned earlier, we also have solutions and systems designed to handle heterogeneous workloads . The point is – not all workloads are the same and each type requires different system attributes. [Transition] Our second strategic initiative is to increase our value capture through systems software.
Key point: Some concerns are more relevant to the cloud than others, these are the most frequently discussed. Less control: Uncomfortable with the idea of their information on systems they do not own in-house. Data Security: A shared, multi-tenant infrastructure increases potential for unauthorized exposure. Especially in the case of public-facing clouds. Reliability: They are worried about service disruptions affecting the business. Compliance: Regulations may prohibit the use of clouds for certain workloads and data. Security Management: How will today’s enterprise security controls be represented in the cloud?
Key message: When we talk to our customers about their cloud computing plans, it is apparent that mass adoption of external, massively shared and completely open cloud computing platforms for critical IT services is considered to be still a few years away. In the near term, most organizations are looking at ways to leverage the services of external cloud providers. These clouds would be used primarily for workloads with a low-risk profile, where a one-size-fits-all approach to security with few assurances is acceptable, and where price is the main differentiator. For workloads with a medium-to-high-risk profile involving highly regulated or proprietary information, organizations are choosing private and hybrid clouds that provide a significant level of control and assurance. These workloads will be shifting into external clouds as they start offering tighter and more flexible security. Helping to build tomorrow’s clouds – that cater to high value / high risk workloads – is an IBM differentiator.
IBM Confidential ( Note to presenter: The purpose of this slide is to highlight that IBM offers the breadth and depth – unlike any other vendor -- with our security portfolio. The intent is not to engage in a technical discussion at this point or try to cover all areas in detail.) IBM has a unique position in the market as an end-to-end security provider – we can address virtually any dimension of a secure infrastructure – and provide the services and consulting to help customers develop a strategic approach to their security challenges. Across our portfolio, we provide many capabilities that help customers solve a wide range of security problems completely and in the process result in cutting costs , reducing complexity, and assuring compliance . So depending on the types of security risks that are impacting your business, we can look more closely at how we can help address those issues. Just like we did for DTCC by helping them make their applications more secure. Notes to presenter: … Point out 1 or 2 capabilities mentioned on this slide and tie it back to a customer example to convey how we help clients meet their business requirements. You can replace reference to DTCC above with another customer reference. If there is interest in a certain domain (i.e., people and identity, application and process, etc.), use some of the backup slides that provide the next level of information on our offerings – including how we can help (1) assess the situation, (2) mitigate or decrease the risk and (3) monitor and manage the risk ongoing. In presentation mode, you can click on the icons displayed on the left hand side of the capabilities boxes to quickly navigate to the appropriate backup slide. ( Note to presenter: Keep in mind that customers often usually jump in at the wrong point so they may not have completely addressed all security risks. At times they buy something they don’t understand (aka shelfware)… they implement a security solution but forget the need to monitor it ongoing or to invest in training and awareness for a more security aware culture. What this means to you is that even if a customer already has a solution in place… it’s not the end of the story. They may still need services to optimize, or managed services to monitor – for example.) Consolidate identity management with Tivoli Identity Manager Work with multiple identity repositories with Tivoli Federated Identity Manager Improve employee productivity with Tivoli Enterprise Single Sign On Protect data center media with STG tape encryption Protect data using zSeries encryption and Lotus Notes encryption Find and remediate application vulnerabilities with Rational app scan Assure privacy compliance with Rational Policy Tester Locate and remediate Malware with ISS IPS Manage incidents with ISS X-Force Emergency Response Services