Cloud Services Overview



Similar documents
Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Courses Description

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.


OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Cloud Courses Description

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

Managing Cloud Computing Risk

Cloud Computing Trends, Examples & What s Ahead

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

HIPAA in the Cloud How to Effectively Collaborate with Cloud Providers

Electronic Records Storage Options and Overview

Overview of Topics Covered

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Commercial Software Licensing

How To Get A Cloud Security System To Work For You

HIPAA in the Cloud. How to Effectively Collaborate with Cloud Providers

Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer

Legal Issues in the Cloud: A Case Study. Jason Epstein

Cloud Computing Security Issues

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen

ANDREW HERTENSTEIN Manager Microsoft Modern Datacenter and Azure Solutions En Pointe Technologies Phone

Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

White Paper on CLOUD COMPUTING

Cloud Security and Managing Use Risks

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Realizing the Benefits of Hybrid Cloud. Anand MS Cloud Solutions Architect Microsoft Asia Pacific

Towards the Cloud! Ian Osborne Director, Digital Systems KTN, Intellect

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

Clinical Trials in the Cloud: A New Paradigm?

Are You Prepared for the Cloud? Nick Kael Principal Security Strategist Symantec

Key Considerations of Regulatory Compliance in the Public Cloud

Cloud Computing Technology

Security & Trust in the Cloud

Compliance and the Cloud: What You Can and What You Can t Outsource

Welcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014

Kroll Ontrack VMware Forum. Survey and Report

On Premise Vs Cloud: Selection Approach & Implementation Strategies

Expert Reference Series of White Papers. Understanding NIST s Cloud Computing Reference Architecture: Part II

CLOUD COMPUTING. A Primer

Cloud Computing. What is Cloud Computing?

Auditing Cloud Computing and Outsourced Operations

IS PRIVATE CLOUD A UNICORN?

Orchestrating the New Paradigm Cloud Assurance

Private Cloud 201 How to Build a Private Cloud

Hybrid Cloud: Overview of Intercloud Fabric. Sutapa Bansal Sr. Product Manager Cloud and Virtualization Group

Cloud Security Introduction and Overview

Consumption IT. Michael Shepherd Business Development Manager. Cisco Public Sector May 1 st 2014

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

Cloud Computing: Background, Risks and Audit Recommendations

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Availability Digest. HP CloudSystem February 2012

Cloud Security & Risk. Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com

The Cloud at 30,000 feet. Art Ridgway Scripps Media Inc. Managing Director Newspaper IT Operations

Assessing Risks in the Cloud

SaaS Security for the Confirmit CustomerSat Software

The Elephant in the Room: What s the Buzz Around Cloud Computing?

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH Agenda. Security Cases What is Cloud? Road Map Security Concerns

Compliance and Cloud Computing

Cloud & Security. Dr Debabrata Nayak Debu.nayak@huawei.com

Hosting Services VITA Contract VA AISN (Statewide contract available to any public entity in the Commonwealth)

Program. Maria Fiore Business Development Manager Hartco. Hugo Boutet igovirtual. Introduction to MicroAge. SME and «cloud computing» 2006 MicroAge

Session 5. Mixing and matching Public, Private and Hybrid Clouds for maximum benefits

Security Issues in Cloud Computing

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

A Gentle Introduction to Cloud Computing

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

Healthcare Enterprise View of Cloud What is Cloud Additional Needs Cloud Models Cloud Economics 101 Stack Decision Framework

Cloud Computing. Cloud computing:

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Cloud Computing in Higher Education: A Guide to Evaluation and Adoption

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

SECURE CLOUD COMPUTING

The Keys to the Cloud: The Essentials of Cloud Contracting

Cloud Computing: Risks and Auditing

Infrastructure as a Service (IaaS) Dancik International and Peak 10

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Hans Bos Microsoft Nederland.

Evaluating the Cloud An Executive Perspective

ABOUT US. Our mission. Our vision

Virtualization Impact on Compliance and Audit

Awareness, Trust and Security to Shape Government Cloud Adoption

BUSINESS MANAGEMENT SUPPORT

Cloud IT, Privacy, and Security. June 13, 2013

custom hosting for how you do business

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

Transcription:

Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012

Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture Growth of the Cloud Evolution of Cloud Services Cloud Service Economics Security and Privacy Issues References 1

Definitions What is Cloud Computing? For the purpose of this article, consider that cloud computing is an allinclusive solution in which all computing resources (hardware, software, networking, storage, and so on) are provided rapidly to users as demand dictates. The resources, or services, that are delivered are governable to ensure things like high availability, security, and quality. The key factor to these solutions is that they possess the ability to be scaled up and down, so that users get the resources they need: no more and no less. IBM Cloud Computing for the Enterprise, 2009 Definitions from NIST SP400-145 Essential Characteristics On-demand self-service Broad network access Resource pooling Rapid elasticity Measured service Service Models Software as a Service SaaS Google Docs Application running in a cloud infrastructure with access via a thin client such a web browser Platform as a Service PaaS Microsoft Azure A cloud environment optimized for developing and running applications Savvis VPDC Infrastructure as a Service Iaas Servers, storage, and network functions delivered via the cloud 2

Definitions Deployment Models (NIST) Private Cloud The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple users (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. Public Cloud The cloud infrastructure is provisioned for open use by the general public. Community Cloud The cloud infrastructure is provisioned for exclusive use by a specific community of users from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). Hybrid Cloud The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). 3

IDC vs. NIST Views of Cloud Computing Copyright IDC 4

Definitions - Single vs. Multi Tenant Single tenant An application, server or infrastructure platform with a single individual or business entity as the user Multi tenant An application, server or infrastructure platform with multiple unrelated individuals or business entities as users Example Managed ADF Application Layer IPPD Single Tenant Virtual Server Layer Red Hat Linux Single Tenant Physical Server Layer HP Proliant Multi Tenant Storage Layer EMC Multi Tenant Security Layer Cisco Firewall Single Tenant 5

Virtualization Platforms Virtual servers and server hypervisors VMware commercial, owned by EMC Xen open source, developed at Cambridge University Hyper-V - Microsoft Hypervisors allow for the creation of multiple virtual computers running individual operating systems (eg, Linux, Windows) on a single physical platform Storage Area Networks (SAN) A storage area network (SAN) is a dedicated network that provides access to consolidated, block level data storage. SANs are primarily used to make storage devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear like locally attached devices to the operating system. 6

Sample Cloud Architecture Component View Copyright Savvis 7

TCI Cloud Reference Architecture Functional View Trusted Cloud Initiative Reference Architecture Oct 2011 8

Gartner Magic Quadrant for Public Cloud Infrastructure Copyright Gartner 9

Print and Mail Services in the Cloud Ricoh Managed ADF Services 10

Projected Cloud Growth2011-2020 Current market size - $40.7B Projected size 2020 - $241B SaaS market is fastest growing 2011 - $21.2B 2020 - $132.5B PaaS growth 2011 - $820M 2020- $11.9B IaaS growth 2011 - $2.94B 2017 - $5.4B 2020 - declining Source: Forrester Research 11

Evolution of Cloud Services Value 1990 2012 12

Cloud/Managed Services Model SaaS Vendor Managed On-site License Vendor Managed On-site SaaS Vendor Managed Cloud Infrastructure/Service/Asset/Finance Continuum Offering Options License Customer Managed On-site Low Infrastructure Service/Asset/Finance Cloud-Multi Tenant Vendor Mgt SaaS High Customer Control Hosted-Single Tenant Vendor Mgt Service/Rental On-site Vendor Mgt Service/Rental On-site Vendor Mgt Financed License On-site Vendor Mgt License Colocation Customer Mgt Varies On-site Customer Mgt Rental Economy of Scale High On-site Customer Mgt Financed License On-site Customer Mgt License Low 13

Cloud Economics/ ROI Page 1 (SaaS example) Investment Requirements Year One Total Net Present Value 5 Year Hardware Software Item Description Cloud In-House Cloud In-House Total hardware cost for project; includes traditional servers and storage AND cost of any infrastructure upgrades (or allocations of those project costs) Total software costs for project; includes traditional licensing as well as additional software cost needed to enable solution $ 13,500 $ 32,000 $ 13,500 $ 49,221 $ - $ 11,500 $ - $ 11,500 Internal one time Internal charges or costs (separate from integration costs) $ - $ 2,800 $ - $ 2,800 External one time External vendor or partner charges for installation (separate from integration budget) $ - $ - $ - $ - Hosting/SaaS fee Annualized cost of cloud application $ 25,000 $ - $ 106,757 $ - Licensing Specific recurring license costs $ - $ 7,500 $ - $ 7,500 Software maintenance and support Bandwidth allocation Traditional support and maintenance charges $ 2,025 $ 4,325 $ 8,647 $ 18,469 Bandwidth charges for project (calculated as a percentage of annual spend on Internet connectivity) $ 6,000 $ 2,400 $ 25,622 $ 10,249 Staffing allocation Allocation of internal manpower budgeted to support project $ 7,500 $ 40,000 $ 32,027 $ 170,811 Monitoring upgrades Additional (or allocated) cost to add status and performance monitoring for either option $ 6,000 $ 1,500 $ 9,270 $ 1,500 Backup/archive Cost to add desired backup and archiving of data based on IT requirements $ 4,000 $ 500 $ 5,635 $ 2,135 Failover/redundancy Cost to add desired failover and/or redundancy based on business continuity plan $ 7,500 $ 2,500 $ 15,676 $ 10,676 Integration costs Total costs to provide data integration between project and existing data sets; should be budgeted to achieve optimum connectivity among all systems $ 4,250 $ - $ 6,703 $ - Security review cost One-time cost to have security (or external team) assess integration of new project $ 7,500 $ - $ 7,500 $ - Ongoing compliance/audit Additional (or allocated) cost to add this project to existing security and audit practices; should include any non-it costs, such as accounting or compliance auditing $ 5,000 $ 3,500 $ 21,351 $ 14,946 Other Any other additional costs uniquely associated with each option $ - $ - $ - $ - Total $ 88,275 $ 108,525 $ 252,689 $ 299,807 Total cost difference for cloud $ 20,250 $ 47,118 Copyright InformationWeek 14

Cloud Economics/ ROI Page 2 Expected Return (Sales, Savings, Productivity) Year One Total Net Present Value 5 Year Total Item Cloud In-House Cloud In-House Sales impact $ - $ - $ - $ - IT cost impact (calculated) $ 20,250 $ (20,250) $ 47,118 $ (47,118) Cost impact (other factors) $ 175,000 $ 175,000 $ 747,300 $ 747,300 Employee productivity impact $ 302,322 $ 302,322 $ 1,290,999 $ 1,290,999 Other $ - $ - $ - $ - Potential returns $ 497,572 $ 457,072 $ 2,085,417 $ 1,991,181 Hard returns (factoring out productivity) $ 195,250 $ 154,750 $ 794,418 $ 700,182 Return on investment Net return $ 106,975 $ 46,225 $ 541,729 $ 400,375 121% 43% 214% 134% Speed to market impact Expected time to implement solution (in months) 2 4 Potential impact on year one return $ 17,829 $ (17,829) Cost of capital 5.5% Copyright InformationWeek 15

Security and Compliance Issues Core security issue is exposure of confidential information, aka PII Very relevant issue for 3 rd party service providers handling PII Personally identifiable information (PII) is protected by federal and state statues Example: California data breach notification law, SB1386: [10] (e) For purposes of this section, "personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social security number. (2) Driver's license number or California Identification Card number. (3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. (f) For purposes of this section, "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. 16

Security and Compliance Issues How to address security issues? Best Practices + 3 rd Party Audits = Compliance = Meets Minimum for organizations to allow 3 rd party vendors to handle PII Examples of Security Compliance Standards Payment Card Industry (PCI) DSS 2.0 Covers end to end security for payment cards SSAE16 Type II aka SOC II (replaces SAS 70 Type II) Audit standard for outsourced data center, network, cloud and other IT services ISO 27000 standards ISO standards and certification for information security Health Insurance Portability and Accountability Act (HIPAA) Standards for processing personal health information 17

Health Care Security & Data Breach Survey Cost of a Data Breach Cause of Data Breach Mobile Device Security Policies Barriers to Improved Security Copyright Ponemon Institute 18

Cloud Security Alliance POV 13 Domains of Focus for Cloud Computing Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont., and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Virtualization Top Threats to Cloud Computing 1. Security on the Network 2. Identity Management 3. Compliance 4. Data Integration 5. Vendor Lock-In 6. Vendor Viability 7. Manageability 8. Availability 9. Shared Resources 10. Legal Ambiguity Identity and Access Management 19

References NIST Definition of Cloud Computing SP800-145 Sept 2011 3 pages http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf NIST DRAFT Cloud Computing Synopsis and Recommendations SP800-146 May 2011 84 pages http://csrc.nist.gov/publications/pubsdrafts.html#sp-800-146 Gartner Magic Quadrant Report for Public Cloud Infrastructure March 2012 http://www.gartner.com/technology/reprints.do?id=1-18bc06x&ct=111213&st=sb Gartner Magic Quadrant Report for Managed Hosting December 2011 http://www.gartner.com/technology/reprints.do?id=1-19l41nj&ct=120306&st=sg Information Week Cloud ROI Modeler March 2012 Excel spreadsheet http://reports.informationweek.com/abstract/5/8678/cloud- Computing/2012-informationweek-cloud-roimodeler.html?cid=nl_analyt iwkrnwlslspeced20120308&wc=4 20

References Information Week Cloud ROI Calculations March 2012 26 pages http://reports.informationweek.com/abstract/5/8702/cloud- Computing/research-cloud-roicalculations.html?cid=nl_analyt iwkrnwlslspeced20120308&wc=4 Information Week 2012 State of Cloud Computing February 2012 29 pages http://reports.informationweek.com/abstract/5/8658/cloud- Computing/research-2012-state-of-cloudcomputing.html?cid=nl_analyt iwkrnwlslspeced20120308&wc=4 Information Week 2012 Fundamentals of Cloud vs. In-House IT Spend February 2012 14 pages http://reports.informationweek.com/abstract/5/8694/cloud- Computing/fundamentals-cloud-vs-in-house-it-spend-smart-in- 2012.html?cid=nl_analyt iwkrnwlslspeced20120308&wc=4 Cloud Industry Forum UK Adoption Trends 2011 February 2011 15 pages http://www.cloudindustryforum.org/downloads/whitepapers/cifwhite-paper-1-2011-cloud-uk-adoption-and-trends.pdf 21

Useful Web Sites cloudsecurityalliance.org - Cloud Security Alliance www.27000.org - ISO Information Security Standards www.pcisecuritystandards.org/security_standards/ - PCI DSS 2.0 and other information http://www.ponemon.org Ponemon Institute, data privacy experts http://csrc.nist.gov/news_events/hipaa- May2011_workshop/presentations.html 2011 Conference - Safeguarding Health Information: Building Assurance Through HIPAA Security http://www.hhs.gov/ocr/privacy/hipaa/administrative /securityrule/index.html - The HIPAA Security Rule 22

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information