This is my presentation at the 2009 COSAC Security Conference on Cloud Computing. Here is the abstract:
One way or another, cloud computing seems determined to be on your radar. Whether it's your CXO, your customers or even your staff, someone is either going to be asking you about it, doing it, or trying to keep you from knowing they're doing it. You can't afford not to be prepared and understand not only the fundamentals and current definitions of cloud computing, but you also need to be able to get beyond the buzzwords, the hype and the fear, uncertainty and doubt (FUD) presented everwhere from the Wall Street Journal to trade magazines to vendor brochures.
This session will provide a brief overview of the current cloud computing landscape, including:
* The different definitions and approaches
* The claimed business benefits and opportunities
* The most touted security issues and risks
Following this introduction, we will examine the potential business value, opportunities and risks in more detail to identify the ones that are likely to have a real impact on your organisation. After this session, you should be able to understand:
* The relationship between cloud computing, virtualisation, Software as a Service (SaaS), SOA and other types of outsourced services
* Whether cloud computing is a real option for your organisation
* The unique information assurance and security challenges posed by cloud computing
* What you can do to prepare yourself and your organisation for evaluating, deploying and leveraging cloud computing services
1. Getting Your Head in the Clouds
Andrew S. Townley
Founder & Managing Director
Archistry Limited
22 September 2009
Copyright 2009 Archistry Limited. All Rights Reserved.
2. Introductions
2008
Symposium 2007
2007
Adoption Forum 2006
SOA for E-Government
2006
2006
Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
3. Agenda
s What is cloud computing?
s What matters to your organisation?
s What value can you realise from the cloud?
s What are the risks and challenges of the cloud?
s How can you get into the cloud?
3 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
4. Agenda
s What is cloud computing?
s What matters to your organisation?
s What value can you realise from the cloud?
s What are the risks and challenges of the cloud?
s How can you get into the cloud?
4 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
5. Cloud Computing is...
Applications Delivered
as Services
via the
Internet
+
Accessed anytime,
anywhere
& on-demand
Datacentre Hardware
& Systems Software
5 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
6. But, isn't that...
PaaS
Application
Service Service
Providers Oriented
IaaS
Architecture
SaaS Service Outsourcing
Commerce
Internet
Platform
Integration
Managed
Services
6 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
7. But, isn't that...
PaaS
Application
Service Service
Providers Oriented
IaaS
Architecture
SaaS Service Outsourcing
Oh, Hell...
Commerce
It's a technology thing, isn't it? Internet
Platform
Integration
Managed
Services
7 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
8. Not completely...
s Organisational DNA changes required
s Not just an IT issue:
q Legal
q Human Resources
q Marketing & Sales
q Research & Development
q ...etc.
s How you work with others
Oh, and that technology thing too...
8 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
9. What's the Point?
s IT as a utility:
q Inexpensive
q Pay-as-you-go
q Scalable availability
q Self-service access
q Ubiquitous access
q Reliability
s Capabilities & relationships
Focus on the core business
9 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
10. Why Now?
1 Illusion of on-demand, infinite resources
eliminates the need for long-term resource planning
2 No up-front commitments
start small and increase consumption as necessary
3 Pay-per-use for short-term needs
drives efficiency and conservation of resources
10 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
11. Alphabet Soup
s SaaS – software as a service
s PaaS – platform as a service
s IaaS – infrastructure as a service
q Software infrastructure
q Hardware infrastructure
11 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
12. Cloud Models
Image source: MWD Advisors, http://www.mwdadvisors.com/blog/2009/07/seven-elements-of-cloud-value-public-vs.html
12 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
13. Cloud Models
Hybrid clouds blend both models to
meet specific business needs
Image source: MWD Advisors, http://www.mwdadvisors.com/blog/2009/07/seven-elements-of-cloud-value-public-vs.html
13 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
14. Cloud Caveats
Our definition
Is a “Private Cloud” really a cloud at all?
14 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
15. Agenda
s What is cloud computing?
s What matters to your organisation?
s What value can you realise from the cloud?
s What are the risks and challenges of the cloud?
s How can you get into the cloud?
15 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
16. Profitability
PRICES
PRICES
PRODUCTION
PRODUCTION
COST
COST
16 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
17. Value Disciplines
Operational Customer Product / Service
Excellence Intimacy Leadership
Adapted from “Customer Intimacy and Other Value Disciplines”, Harvard Business Review, Jan/Feb 1993 by Treacy and Wiersema
17 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
18. Value Disciplines
You've gotta do them all, but you
can only focus on one!
Operational Customer Product / Service
Excellence Intimacy Leadership
Adapted from “Customer Intimacy and Other Value Disciplines”, Harvard Business Review, Jan/Feb 1993 by Treacy and Wiersema
18 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
19. The CEO's Agenda
Operations Customers Innovation
2007 Survey 2008 Survey
1 Excellence in execution Excellence in execution
2 Sustained top-line growth Consistent strategy execution
3 Consistent strategy execution Speed, flexibility & adaptability
4 Profit growth Global economic performance
5 Talent management Financial risk (incl. liquidity)
6 Customer loyalty & retention Sustained top-line growth
7 Speed, flexibility & adaptability Customer loyalty & retention
8 Corporate reputation Improving productivity
9 Innovation & creativity Business confidence
10 Speed to market Profit growth
Excerpted from The Conference Board's CEO Challenge 2007: Top 10 Challenges (http://www.conference-board.org/publications/describe.cfm?id=1362)
Excerpted from The Conference Board's CEO Challenge 2008: Top 10 Challenges (http://www.conference-board.org/publications/describe.cfm?id=1569)
19 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
21. Your EA Maturity Level
Business Silos
Local investments SOA
Local structures Standardized
Local processes Technology
Cloud
Basic IT
Local IT
automation automation
High costs
Start shared Optimized Core
infrastructure
Enterprise view
Start platform
reduction Centralized data
Technology & Standardized Business Modularity
delivery interfaces
standards
Extends Stage 3
Reusable
Lower costs processes
Business services
Enterprise
IT innovation
systems IT/Business
feedback loop
Based on research from MIT Sloan School’s Center for Information Research and IMD involving nearly 500 companies from 1995-2005
21 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
22. Agenda
s What is cloud computing?
s What matters to your organisation?
s What value can you realise from the cloud?
s What are the risks and challenges of the cloud?
s How can you get into the cloud?
22 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
23. It Depends on Who You Are
vs.
SME = 99.9%
( > 16M )
of EU businesses LE = 0.1 % (~17,000)
of EU businesses
Yearly technology spend: Yearly technology spend:
~ $100,000 - $400,000 ~ $2M - $50M+
Figures from ENSI - The European Network for SME Research (1994), European Observatory for SMEs: Second Annual Report, ENSI authors and publishers. The Netherlands.
23 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
24. SME Adoption Drivers
s Cashflow and survival
q Manage utilities and facilities costs
q Economies of scale
q Pay-as-you-go pricing
s Avoid Microsoft licensing fees
s “One stop shop” approach
s Exposure as end-users
24 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
25. Enterprise – Costs
Internal IT Cloud
Human cost per server €500/yr €0.25/yr
~100 servers / admin ~200,000 servers / admin
Network bandwidth costs $500/Mb $12/Mb
Storage costs $3.75/GB $0.10/GB
CAPEX investment for 18
$4.3M $0
extra months of IT capacity
25 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
26. Enterprise – Productivity
s On-demand compute resources
q Eli Lilly able to parallelize ~20M compute tasks/month
q Significant decrease in cycle times to get results
s Dynamic collaboration environments
q Support “anytime, anywhere” access
q Multi-user, realtime co-creation of deliverables
q No internal IT set-up time or cost
26 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
27. Mapping Value Disciplines
Operational Streamlined & shared processes
Excellence Cost reductions
Significant cost reductions
Customer
Application consolidation
Intimacy
Mature sales & marketing vendors
Product / Easier & quicker collaboration
Service Supports more open innovation
Leadership Reduced time to market
27 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
28. Agenda
s What is cloud computing?
s What matters to your organisation?
s What value can you realise from the cloud?
s What are the risks and challenges of the
cloud?
s How can you get into the cloud?
28 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
29. The Cloud Reality
70% of IT execs rated cloud
security risks “very significant”
Your Apps
@ time t + n
29 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
30. BCCIA Analysis Framework
s Business Execution
s Compliance
s Confidentiality
s Integrity
s Availability
30 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
31. Business Execution Risks
s Who guarantees the SLAs?
s Will a “one size fits all” SLA work for me?
s What happens if we don't pay our bill?
s How much risk transparency provided?
s Do we really own our data?
s Will it be practical to switch providers?
s Can I set maximum spend limits?
31 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
32. Compliance Risks
s Where in the world is my app and data?
s Can I limit sharing/scalability to certain localities?
s What legal jurisdictions apply to my data?
s Are we still compliant with all software licenses?
s What happens when the vendor gets sued?
s What does PCI in the cloud really mean?
s What about HIPPA, SOX, BASEL II, etc.?
32 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
33. Confidentiality Risks
s What other apps and orgs share infrastructure?
s What transmission & storage controls possible?
s Is my data classified appropriately for the cloud?
s In what cases can the vendor share data?
s Do the terms change after acquisition?
s What happens if vendor goes bust?
33 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
34. Data Integrity Risks
s What's my archive/restore plan?
s How many copies of data will we have?
s Where is the “master” data now?
s Can we map all of the new data flows?
s Will we know if cloud data has been modified?
s What gets added to our data by the vendor?
34 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
35. Availability Risks
s What happens in DoS/DDoS at vendor?
s Do I know how much I can actually consume?
s What isolation exists between customers?
s How & when do upgrades/maintenance happen?
s How do I measure/manage/throttle use?
s Is the data model available?
s Is it cost-prohibitive to get my data?
35 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
36. What Can You Do?
s Policies are key
q Services tied to classification levels
q Integrate business & security planning
s Vendor management
q Be explicit in the details
q Have a clear exit strategy
q Understand liability
s Incidents not just about you
s Have a strong federated IdM story
36 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
37. What Can You Do?
s Policies are key
q Services tied to classification levels
q Integrate business & security planning
s Vendor management
Above all: be flexible and prepared
q Be explicit in the details
to adapt to new ways of thinking!
q Have a clear exit strategy
q Understand liability
s Incidents not just about you
s Have a strong federated IdM story
37 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
38. Agenda
s What is cloud computing?
s What matters to your organisation?
s What value can you realise from the cloud?
s What are the risks and challenges of the cloud?
s How can you get into the cloud?
38 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
39. Start Now!
s What can you move in 3-6 months?
q Understand what you have now
q Identify what commodity services you have
q Identify the services that add real business value
s How can you leverage the cloud to innovate?
q Examine the existing organizational structures
q Plan to build future applications differently
q Identify what can get you closer to your customers
s How much altitude can you actually manage?
39 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
40. References
s Armbrust, M, et al., Above the Clouds: A Berkeley View of Cloud Computing,
http://d1smfj0g31qzek.cloudfront.net/abovetheclouds.pdf
s Burton Group, Catalyst 2009 North America, Cloud Computing track, 2009-06-29.
s Knorr, E, et al., “What cloud computing really means”, InfoWorld, 2008-04-07,
http://www.infoworld.com/d/cloud-computing/what-cloud-computing-really-means-031
s New Zealand Ministry of Economic Development, SMEs Internationally, Last update: 2007-07-30,
http://www.med.govt.nz/templates/MultipageDocumentPage____3118.aspx
s Preston, R., “Down to Business: Customers Fire A Few Shots at Cloud Computing”, Information Week, 2008-
06-14,
http://www.informationweek.com/news/services/data/showArticle.jhtml?articleID=208403766&pgno=2&queryText=&isP
=
s Ross, J.W., P. Weill, and D. C. Robertson. Enterprise Architecture as Strategy -- Creating a Foundation for
Business Execution. Harvard Business School Press, Boston, MA, 2006.
s Treacy, M., F. Wiersema, “Customer Intimacy and Other Value Disciplines,” Harvard Business Review, January/
February 1993, pp. 84-93.
s Urquhart, J., “The three routes to cloud computing's future”, cnet news, 2009-03-16,
http://news.cnet.com/8301-19413_3-10196722-240.html
s Weill, P., J.W. Ross. IT Governance: How Top Performers Manage IT Decision Rights for Superior Results.
Harvard Business School Press, Boston, MA, 2004.
40 Public Information Copyright 2009 Archistry Limited. All Rights Reserved.
41. Archistry Limited
3 Lombard Street East
Suite 115
Dublin 2, Ireland
www.archistry.com
Phone +353 1 293 2998
Fax +353 1 293 2999
Email info@archistry.com
The art of effectively structuring collaboration to inspire business innovation™