Cloud Computing presentation given by myself and three others during a workshop, The Business Cloud Workshop:
A Roadmap to The What, Why and How,
at a Cloud Computing conference, The Business of Cloud Computing 2012 held on May 21-22 in Dallas, TX.
1. THE BUSINESS CLOUD WORKSHOP:
A Roadmap to The What, Why and How
Facilitator: Dr. Tushar K. Hazra
Speakers: Marc Crudgington, Nikita Reva,
& Michael Bennett
The Business of Cloud Computing 2012:
From Transformation to Sustainability
May 21 – 22, 2012
2. Agenda
An Overview
Workshop Topic and Format
Introduction of Speakers
Understanding Attendee Interests
Part I: Introduction
Setting the Stage for the Workshop
Part II: Cloud Computing as Enabler
Making Cloud Work for You
Part III: Cloud Decisions for Your Enterprise
Building on Clouds – what You Should or Must Consider
Part IV: Roundtable Discussions
Sharing Thoughts, Observations, and Lessons Learned
2
3. An Overview
Workshop Topic and Format
Foundation to Practice
Different Perspectives
Sharing Knowledge and Experience
Introduction of Speakers
Tushar K. Hazra
Marc Crudgington
Nikita Reva
Michael Bennett
Understanding Attendee Interests
3
4. Part I: Introduction
Setting the Stage
Foundation
Definitions
What, How, and Why
Public, Private, Community, and Hybrid
Benefits and Limitations
Key Areas for You to Consider
Cloud Architecture
Cloud Strategy
Cloud Architecture Governance
Cloud Security
4
5. Business of The Cloud – Few Questions
Are You Using Cloud Computing?
If Yes, Why?
If Not, Why Not?
What Type of Cloud are You Using?
Public, Private, Community or Hybrid
What has been your experience like so far?
What are some of the lessons you have
learned?
5
6. Business of The Cloud – Foundation
Fundamentals & Recapitulation
What is Cloud Computing?
Shift in Computing Paradigms
Components of Cloud Computing
Layered Architecture
Service Models
Cloud Architecture for Enterprise
Cloud Strategy
Cloud Architecture Governance
6
7. Fundamentals
• What is Cloud Computing?
As NIST defines – “Cloud computing is a model for
enabling convenient, on-demand network access to
a shared pool of configurable computing resources
(e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and
released with minimal management effort or
service provider interaction.”
7
8. Fundamentals
What is Cloud Computing?
Five Key Characteristics
On-demand self service
Ubiquitous network access
Location-independent resource pooling
Rapid elasticity
Pay per use
8
9. Fundamentals
• What is Cloud Computing?
Consumer
SaaS
PaaS
IaaS
Co Lo
Application
Platform Architecture
Virtualized Infrastructure
Hardware
Co Lo
Facility
IaaS
PaaS
SaaS
Provider Adapted from NIST Model
9
10. Fundamentals
What Cloud Computing is NOT…
Cloud computing is NOT an alternative to your
internal IT
• Don’t forget to manage your key IT resources
Cloud computing is NOT another form of
outsourcing
• SLAs with your cloud providers require clear and
transparent oversight
Cloud computing is NOT same as Web services
• Cloud computing and SOA has a relationship
10
11. Recapitulation – Shift in Computing Paradigms
Cloud
Computing
Grid
Computing
Internet
Computing
Network
Computing
PC
Computing
Mainframe
Computing
Six Computing Paradigms
11
12. Recapitulation – Six Computing Paradigms
• Evolution
Server
User PC
3. Network Computing
Server
User PC
2. PC Computing
User Terminal Mainframe
1. Mainframe Computing
12
13. Recapitulation – Six Computing Paradigms
• Evolution (Continued)
PC
User
6. Cloud Computing
Cloud
PC
User
5. Grid Computing Grid
Server
User
PC Internet Server
4. Internet Computing
13
15. Components of Cloud Computing
• Layers and Service Models
Application Resources – typically delivered
Application over the platform of the Web – application
SaaS components at enterprise level
Development Resources – development
Platform
platform, software components, design tools,
PaaS
compilers, testing suites
Infrastructure Infrastructure Resources –
IaaS servers, disks, machines, CPU – also
network, routers and switches
Virtualization
Servers & Storage
dSaaS
15
16. Cloud Computing for Enterprise
Common Types of Clouds
Public – Cloud infrastructure is owned by one
provider
Providing services to large industry group or public
Private – Cloud infrastructure is owned or leased
by one organization
Services are consumed by the same organization
Hybrid – Cloud infrastructure is combination of
two or more clouds
Community – cloud infrastructure is shared by
several organizations with shared concerns such
as mission, security requirements, policy and
compliance considerations
16
17. Cloud Architecture for Enterprise
Best Practices to Follow before Considering
Cloud Computing for Your Enterprise
Assess the business situation first
Understand and never underestimate the risks
Consider safety measures in the use of cloud
computing
Recognize the connection of cloud computing with
other Web technologies
17
18. Cloud Architecture for Enterprise
Enterprise Architecture Governance
Enterprise Enterprise Architecture Operations/
Strategy Architecture Domains Execution
Support
Create Cloud Formulate Cloud Facilitate Cloud
Cloud
Value Proposition Strategy Planning
Deployment
Business Business Information
Strategy Architecture (Data) Business
drives Portfolio Business
Business Architecture
Value
Drivers influences
influences
supports
Delivery
Supports Application
Program
(SOA) Management
Architecture
drives
IT IT Technology Transition &
Strategy Architecture Architecture Operations
(Infrastructure) Support
Strategic Planning Solution Delivery
Focus Shifts From Strategy Formulation to Solution Deployment
Enterprise Architecture Measurement & Maturity
18
19. Cloud Architecture for Enterprise
Steps to Offer Architectural Support to Your
Enterprise for Cloud Computing
Create Cloud Value Proposition – work closely with
business organizations to make a business case
Formulate Cloud Strategy – recognize the
scope, limitations, benefits and risks associated
with potential clouds
Facilitate Cloud Planning – ready business and IT
organizations to embrace cloud computing –
prepare a roadmap for cloud transition
Support Cloud Deployment – identify, evaluate and
select right cloud provider(s)
19
20. Cloud Computing for Enterprise
Benefits Limitations
Cost Security concerns
Optimal Network Control delegation
Usage
Return on
Innovative
investment on
Expandability existing IT assets
Speed to
implementation or Openness
deployment Compliance
Good for Service level
environment agreements
20
22. Part II: Cloud Computing as Enabler
Making Cloud Work for You
Innovation and Cloud
When Can an Enterprise Leverage them?
What are the Risks, Issues, and Concerns?
Cloud and Mobile Computing – The Connection
What Effect They May Have on Each Other
What you must be aware of?
Cloud, Big Data and the Enterprise
What are the key challenges
What works and what doesn’t
??
22
23. Part II: Cloud Computing as Enabler
Innovation and Cloud: When Can an Enterprise
Leverage them?
New Business Enablement
(division, acquisition, spin-off)
Transitioning Applications (new
implementation, changing vendors, new version)
Company Culture Shift (legacy mindset to cutting
edge)
Small Business/Start-up
The Business Demands Cloud (internal/client)
IT Fails To Meet Needs
MC 23
24. Part II: Cloud Computing as Enabler
• Innovation and Cloud – What are the
Risks, Issues, and Concerns?
Unmet financial objectives (think short-term and long-
term)
Lack of Service Orientation
(processes, interfaces, applications)
Legal, Contractual, Compliance (force
majeure, privacy, regs.)
Cultural Fit (within IT, within the
enterprise, customer/clients)
Provider Quality (not meeting
SLA’s, bandwidth, existence)
Security (not insecure just adapt to cloud, internal
concerns)
There is no such thing as AaaS (Accountability as a Service)
MC 24
25. Cloud and Mobile Computing – The Connection
What effect they have on each other
Cloud enables delivery of very rich applications to a
mobile workforce. (expansion of capabilities).
Mobile devices enable ubiquitous connectivity to
these capabilities. Any device, Any time, Any where.
Introduces new risks of data loss and threats.
Increased threat of IP theft.
The consumerization trend had added BYOD to the
mix.
Connect personal devices to company clouds.
Segregate personal and company data on mobile
devices.
NR 25
26. Cloud and Mobile Computing – The Connection
What you must be aware of
Your cloud can walk away in your former employees
pocket
Cannot avoid this disruptive trend.
Employees are trying to access corporate systems
and cloud from their mobile devices.
Security and compliance requirements apply to
mobile devices.
Must assess the risk and devise a strategy.
Strike a balance between security and productivity
NR 26
27. Part II: Cloud Computing as Enabler
Cloud, Big Data and the Enterprise: What are
the key challenges?
Volume, velocity, variety, value
Data growth (over 2220 petabytes/day, 1 petabyte =
1000 terabytes, 1 terabyte = 1000 gigabytes)
Technical Talent (data architects, data scientists)
Business value (transferring data to ROI, revenue,
profit)
Focus regarding current issues
MC 27
28. Part II: Cloud Computing as Enabler
Cloud, Big Data and the Enterprise – What works
and what doesn’t
Plan for all dimensions of data (strategic value, future
needs, operational
effectiveness, regulations, redundant data, ROI
Data patterns for better decision making
Big Data to specific business goals
Create a Center of Excellence (knowledge transfer)
Plan for Performance
Utilize governance to overcome lack of skills
Cloud: DaaS (try before buy, lead with data not
apps, internal, quality focus, training, measure results
MC 28
29. Business of The Cloud – Questions for Attendees
Innovation and Cloud
What are some ways your Enterprise has utilized
cloud?
Have you experienced the business going around IT
to implement cloud solutions?
Has anyone had an issue with a vendor that caused
the relationship to end or was a major disruption?
Are there risks/concerns not mentioned or what do
you view as the greatest risk/concern? Why?
MC 29
31. Part III: Cloud Decisions for Your Enterprise
Building on Clouds: What You Should or Must
Consider
Business and IT Alignment
The Role of a CIO
• Responsibilities and Accountabilities
• An Action Plan – What, How, When, Why
Building a Right Team
• Who is on Your Team?
• Who Should be on the Table? And, Why?
Law and Order in Clouds
What Goes in Cloud SLA?
What is Cloud Governance? Who is in it?
??
31
32. Building on Clouds
What You Should or Must Consider in Business and IT
Alignment
Variable vs. fixed (flexible, deliver
value, development)
Time-to-Benefit reduced (user base, IT responsive)
Refocus IT resources (technologists/operators to
strategist/architects)
Information assets vs. hardware assets
– Data management (contents, business
rules, processes, quality)
IT Center of Excellence
– ROI focus, project management, business partner, imbed
IT
MC 32
33. Building on Clouds
The Role of a CIO
Responsibilities and Accountabilities
Business acumen (change agent, value
delivery, partner)
Technologist to Strategist (articulate value, identify
needs, revenue streams, Chief Risk Officer)
IT operations (manage
staff, reallocate/retrain, relationships)
Business (educator, business optimizer, governance)
MC 33
34. Part III: Cloud Decisions for Your Enterprise
Building on Clouds: An Action Plan – What,
How, When, Why
Vision (benefits, how it will transpire, end goal)
Link to Business (operational value, cost savings,
segment vision into action items)
Portfolio Analysis (cloud ready, cloud future, not
cloud, benefits for each)
Materialize Strategy (how it will enable business,
value delivery, why or why not cloud)
Road Map Creation (financial analysis, technology
change, IT personnel assessment, types of cloud/s,
vendor, meet goals)
MC 34
35. Part III: Cloud Decisions for Your Enterprise
Building on Clouds: An Action Plan –
What, How, When, Why (Continued)
Contingency Plan (plan for change, plan for
resistance, plan for roadblocks, plan for failure)
Execute Plan (IT staff changes, IT/business
interaction, vendor management, start simple/small)
Training (end user training, vendor/IT relationship
building, executive briefings)
Metrics (progress of implementation, value
achieved, cost savings, stakeholder value)
Re-assess (to improve, to avoid, what was missed)
MC 35
36. Part III: Cloud Decisions for Your Enterprise
Building the right team
Who is on your team?
Who should be at the table?
Avoid redundant solutions and ‘Cloud Creep’.
– Business
• Key business stakeholders.
– IT
• Account Management-Face of IT to the business
• Commercial-Vendor mgmt
• Legal-Contractual agreements
• Executive Steering Body-Risk council
• Senior Mgmt-Leadership
• Enterprise Architecture-Solution Feasibility and Integration
• Security Specialists-Assess Security
Engage others as necessary
NR 36
37. Part III: Cloud Decisions for Your Enterprise
Building the right process
What should be the process?
Establish gates to assess Cloud
GOVERNANCE PROJECT CLOSE
GATE FEASIBILITY GATE
GATE
Top 3 Boxes Green None of 12 Boxes Red
All 12 Boxes Green
Sponsorship Benefits Case Business Strategy
Functionality Usability and Access Solution Maturity
Scalability/Flexibilty Support and Interoperability
Standardization
Security and Information Performance
Compliance Management
NR 37
38. Part III: Cloud Decisions for Your Enterprise
Security in the Cloud
Why traditional security does not work?
• Traditional Information Security focuses on protecting
your moat.
• The cloud is not a moat. The cloud is ubiquitous.
How to define a strategy for assessing Cloud.
• Avoid the rain. Build a strategic Cloud Assessment
Program.
• Do not reinvent the wheel. Leverage industry
recognized Guidance.
Industry Best Enterprise Strategic Cloud
Practices Gap Analysis Assessment Program
NR 38
39. Business of The Cloud – Questions for Attendees
• Building on Clouds: What You Should or Must
Consider
• Has your business experience better alignment through cloud
implementation?
• How have you seen the role of the CIO/IT change since
adapting cloud strategies?
• What are some best practices you can share for adopting
cloud?
• Building the right team
• Have you found it challenging to define a strategy?
• Once you have defined a strategy, have you found it
challenging to engage the right people?
• Do you feel your organization has a mature understanding of
the cloud?
39
40. Business of The Cloud – Questions for Attendees
• Building the right process
• Do you have a process for assessing cloud solutions, if
so what does it look like?
• What are some of the best practices you can share?
• Security in the Cloud
• What are you biggest concerns with Cloud Security?
• How does your organization assess Cloud Security?
• Some organizations feel the cost and efficiency savings
outweigh security concerns. What is your stance?
• Do you implicitly trust the big players
(Google, Microsoft)?
40
41. Law and Order in Clouds
Data Security Transparency
–Audit Rights – Geographic Concerns
–Confirmation – Processes
– Data Security
Practices
MB 41
42. Law and Order in the Cloud: Security
HIPAA FTC
HITECH Act Stored Communications
GLB Act
Federal Financial Electronic
Institutions Examination Communications
Council Regulations Privacy Act
PIPEDA PCI
SOX
MB 42
43. Law and Order in the Cloud: SLAs
Uptime Other SLAs
“Planned” vs. Break/Fix
“Emergency” Downtime
Reporting Measurement Helpdesk
Tools BPO - Responsiveness
Remedy vs. Focusing Processing
Tool
Disaster Recovery
Reporting Period
Timing of Maintenance
Persistent Downtime What Happens After
SLA Triggered?
Disastrous Downtime
MB 43
44. Law and Order in the Cloud
Warranties
Functionality/Lack of Description
Changing Functionality
Services
No Price Guarantees
Disclaimers
Limitations of Liability
Indemnity
Subpoenas, Litigation Holds, Legal Process
MB 44
45. Law and Order in the Cloud
Governance, Does it Exist?
External Governance Internal Governance
Return of Data Understand Data
Suspension Backup/DR Plans
Leverage Breach Notification
Multi-tenancy Plan
Public/Private Hybrid Transition Plan
Public Sources of Privacy Pre-Audit
Information Data Map
Create Awareness
MB 45
47. Part IV: Roundtable Discussions
• Sharing Thoughts, Observations, and Lessons
Learned
– Suggested Topics
47
48. Part IV: Roundtable Discussions
• Managing Cloud Computing at Your Enterprise
– What is the due diligence process for evaluating
cloud providers?
• Independent Evaluation
• Internal Assessment
• Incorporation of Industry best practice
– What & how Cloud Service is being Managed?
• Recognition of cloud management capabilities
• Consistency of the management with target
usage and users
48
49. Part IV: Roundtable Discussions
• Managing Cloud Computing at Your Enterprise
– Few other areas of discussion
– How are heterogeneous systems supported?
– How are availability commitments ensured?
– How is system integration enabled?
– What is integrated within services management?
– How is regulatory compliance accommodated?
– How is security management implemented?
49
50. Thank you for your time!!
Tushar K. Hazra, PhD
Chief Technology Officer & Founder
tkhazra@epitomione.com
Tel. (443)540 -2230
Marc Crudgington
marccrudginton@yahoo.com
Tel. (832)592-3854
Nikita Reva
Nikita.Reva@effem.com
Tel. (312)391-8825
Michael Bennett
Mbennett@edwardswildman.com
Tel. (312)201-2679
50
Notes de l'éditeur
Used to be simpler. Every employee got a desktop, every employee got a laptop, consumer IT out-paced enterprise and now every employee wants to connect their mobile device.Cloud enables delivery of very rich applications to a mobile workforce. (expansion of capabilities). –Serious business applications can be had in the Cloud-ERP, CRM, BI. Mobile devices enable ubiquitous connectivity to this capabilities. –Any device, Any Time, Any WhereIntroduces new risks of data loss and threats. Increased threat of IP theft. –Malicious applications can attempt to steal data, create back doors, install malware, send premium text messages,Consumerization trend had added BYOD to the mix. –No longer the CEO and his iPad. Line associate want to connect their devices.Connect personal devices to clouds with company data. –How to wipe the data once device is lost/employee leaves/etc…Segregate personal and company data in BYOD scenarios–How to leave the personal data alone and only wipe company data.
Your cloud can walk away in your former employees pocket-Data can easily Cannot avoid this disruptive trend. –If it hasn’t come yet, it will come soon. Mobility will be growing at exponential rates in the coming decade.Employees are trying to access corporate systems and cloud from their mobile devices. –Employees want work/life balance an flexibility.Must assess the risk and devise a strategy. –Understand what's at stake and determine a strategy to manage mobility in your organization.Strike a balance between security and productivity-Security can overwhelm an IT dept or hamper user productivity.
How we do it at MARS-Account Management-Face of IT to the business. Validate requests for solutions. Validate scope. Compare with existing service catalog. Existing solution may fit requirements. Avoid redundancy. Work with IT Expert Centers to engage appropriate resources.Commercial-Group that focuses on vendor management, works closely with legal on contractual terms. Accountability for monitoring vendor SLAs, etc…Termination for cause including immediate for insolvency.Source Code escrow.Ability to bring the SaaS software on premise upon entering Chpt 7 Bankruptcy proceedings.Legal –Reviews contractual agreements, terms, clauses, accountability, pay-backs, etc…Executive Steering Group-Strategic vision, enterprise risk mgmt, approving material riskSenior Mgmt- Functional LeadershipEnterprise Architecture-Assess requests for new solutions against technology and enterprise architecture model(s). Strive for solution standardization. An organization may not want to implement a highly customized solution using SUSE. Security Specialists-Assess security based on questionnaires, interviews, 3rd party reports, etc…determine security threats and recommend controls to mitigate threats. Vulnerable systems, poor patching, poor change control, SaaS solution open to Internet. Make contractual recommendations to Acct Mgmt and Legal.
How we do it at MARS-Traditional security focuses onsecuring your perimeter.-The cloud is not a moat-Data is often beyond your 4 walls-Data could be spread amongst many data center.-Legal, regulatory and compliance challenges.-How to assess a moving target?-Focus on building assurance through assessments, audits, questionnaires, interviews and transparency.How to define a strategy for assessing Cloud. -Leverage industry Guidance from CSA. Guidance for Critical Areas. Cloud Controls Matrix (maps back to many compliance requirements).-Ask for SOC reports, 3rd party pen and vuln testing. Other assurance reports.-Assess web security against OWASAP top 10, Assess againsat SANS top 25. -Invest time to train your staff in cloud security and build a baseline of understanding.-Interviewing techniques to strive for higher transparency with providers that are very careful not to divulge information.