Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012
Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture Growth of the Cloud Evolution of Cloud Services Cloud Service Economics Security and Privacy Issues References 1
Definitions What is Cloud Computing? For the purpose of this article, consider that cloud computing is an allinclusive solution in which all computing resources (hardware, software, networking, storage, and so on) are provided rapidly to users as demand dictates. The resources, or services, that are delivered are governable to ensure things like high availability, security, and quality. The key factor to these solutions is that they possess the ability to be scaled up and down, so that users get the resources they need: no more and no less. IBM Cloud Computing for the Enterprise, 2009 Definitions from NIST SP400-145 Essential Characteristics On-demand self-service Broad network access Resource pooling Rapid elasticity Measured service Service Models Software as a Service SaaS Google Docs Application running in a cloud infrastructure with access via a thin client such a web browser Platform as a Service PaaS Microsoft Azure A cloud environment optimized for developing and running applications Savvis VPDC Infrastructure as a Service Iaas Servers, storage, and network functions delivered via the cloud 2
Definitions Deployment Models (NIST) Private Cloud The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple users (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. Public Cloud The cloud infrastructure is provisioned for open use by the general public. Community Cloud The cloud infrastructure is provisioned for exclusive use by a specific community of users from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). Hybrid Cloud The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). 3
IDC vs. NIST Views of Cloud Computing Copyright IDC 4
Definitions - Single vs. Multi Tenant Single tenant An application, server or infrastructure platform with a single individual or business entity as the user Multi tenant An application, server or infrastructure platform with multiple unrelated individuals or business entities as users Example Managed ADF Application Layer IPPD Single Tenant Virtual Server Layer Red Hat Linux Single Tenant Physical Server Layer HP Proliant Multi Tenant Storage Layer EMC Multi Tenant Security Layer Cisco Firewall Single Tenant 5
Virtualization Platforms Virtual servers and server hypervisors VMware commercial, owned by EMC Xen open source, developed at Cambridge University Hyper-V - Microsoft Hypervisors allow for the creation of multiple virtual computers running individual operating systems (eg, Linux, Windows) on a single physical platform Storage Area Networks (SAN) A storage area network (SAN) is a dedicated network that provides access to consolidated, block level data storage. SANs are primarily used to make storage devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear like locally attached devices to the operating system. 6
Sample Cloud Architecture Component View Copyright Savvis 7
TCI Cloud Reference Architecture Functional View Trusted Cloud Initiative Reference Architecture Oct 2011 8
Gartner Magic Quadrant for Public Cloud Infrastructure Copyright Gartner 9
Print and Mail Services in the Cloud Ricoh Managed ADF Services 10
Projected Cloud Growth2011-2020 Current market size - $40.7B Projected size 2020 - $241B SaaS market is fastest growing 2011 - $21.2B 2020 - $132.5B PaaS growth 2011 - $820M 2020- $11.9B IaaS growth 2011 - $2.94B 2017 - $5.4B 2020 - declining Source: Forrester Research 11
Evolution of Cloud Services Value 1990 2012 12
Cloud/Managed Services Model SaaS Vendor Managed On-site License Vendor Managed On-site SaaS Vendor Managed Cloud Infrastructure/Service/Asset/Finance Continuum Offering Options License Customer Managed On-site Low Infrastructure Service/Asset/Finance Cloud-Multi Tenant Vendor Mgt SaaS High Customer Control Hosted-Single Tenant Vendor Mgt Service/Rental On-site Vendor Mgt Service/Rental On-site Vendor Mgt Financed License On-site Vendor Mgt License Colocation Customer Mgt Varies On-site Customer Mgt Rental Economy of Scale High On-site Customer Mgt Financed License On-site Customer Mgt License Low 13
Cloud Economics/ ROI Page 1 (SaaS example) Investment Requirements Year One Total Net Present Value 5 Year Hardware Software Item Description Cloud In-House Cloud In-House Total hardware cost for project; includes traditional servers and storage AND cost of any infrastructure upgrades (or allocations of those project costs) Total software costs for project; includes traditional licensing as well as additional software cost needed to enable solution $ 13,500 $ 32,000 $ 13,500 $ 49,221 $ - $ 11,500 $ - $ 11,500 Internal one time Internal charges or costs (separate from integration costs) $ - $ 2,800 $ - $ 2,800 External one time External vendor or partner charges for installation (separate from integration budget) $ - $ - $ - $ - Hosting/SaaS fee Annualized cost of cloud application $ 25,000 $ - $ 106,757 $ - Licensing Specific recurring license costs $ - $ 7,500 $ - $ 7,500 Software maintenance and support Bandwidth allocation Traditional support and maintenance charges $ 2,025 $ 4,325 $ 8,647 $ 18,469 Bandwidth charges for project (calculated as a percentage of annual spend on Internet connectivity) $ 6,000 $ 2,400 $ 25,622 $ 10,249 Staffing allocation Allocation of internal manpower budgeted to support project $ 7,500 $ 40,000 $ 32,027 $ 170,811 Monitoring upgrades Additional (or allocated) cost to add status and performance monitoring for either option $ 6,000 $ 1,500 $ 9,270 $ 1,500 Backup/archive Cost to add desired backup and archiving of data based on IT requirements $ 4,000 $ 500 $ 5,635 $ 2,135 Failover/redundancy Cost to add desired failover and/or redundancy based on business continuity plan $ 7,500 $ 2,500 $ 15,676 $ 10,676 Integration costs Total costs to provide data integration between project and existing data sets; should be budgeted to achieve optimum connectivity among all systems $ 4,250 $ - $ 6,703 $ - Security review cost One-time cost to have security (or external team) assess integration of new project $ 7,500 $ - $ 7,500 $ - Ongoing compliance/audit Additional (or allocated) cost to add this project to existing security and audit practices; should include any non-it costs, such as accounting or compliance auditing $ 5,000 $ 3,500 $ 21,351 $ 14,946 Other Any other additional costs uniquely associated with each option $ - $ - $ - $ - Total $ 88,275 $ 108,525 $ 252,689 $ 299,807 Total cost difference for cloud $ 20,250 $ 47,118 Copyright InformationWeek 14
Cloud Economics/ ROI Page 2 Expected Return (Sales, Savings, Productivity) Year One Total Net Present Value 5 Year Total Item Cloud In-House Cloud In-House Sales impact $ - $ - $ - $ - IT cost impact (calculated) $ 20,250 $ (20,250) $ 47,118 $ (47,118) Cost impact (other factors) $ 175,000 $ 175,000 $ 747,300 $ 747,300 Employee productivity impact $ 302,322 $ 302,322 $ 1,290,999 $ 1,290,999 Other $ - $ - $ - $ - Potential returns $ 497,572 $ 457,072 $ 2,085,417 $ 1,991,181 Hard returns (factoring out productivity) $ 195,250 $ 154,750 $ 794,418 $ 700,182 Return on investment Net return $ 106,975 $ 46,225 $ 541,729 $ 400,375 121% 43% 214% 134% Speed to market impact Expected time to implement solution (in months) 2 4 Potential impact on year one return $ 17,829 $ (17,829) Cost of capital 5.5% Copyright InformationWeek 15
Security and Compliance Issues Core security issue is exposure of confidential information, aka PII Very relevant issue for 3 rd party service providers handling PII Personally identifiable information (PII) is protected by federal and state statues Example: California data breach notification law, SB1386: [10] (e) For purposes of this section, "personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social security number. (2) Driver's license number or California Identification Card number. (3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. (f) For purposes of this section, "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. 16
Security and Compliance Issues How to address security issues? Best Practices + 3 rd Party Audits = Compliance = Meets Minimum for organizations to allow 3 rd party vendors to handle PII Examples of Security Compliance Standards Payment Card Industry (PCI) DSS 2.0 Covers end to end security for payment cards SSAE16 Type II aka SOC II (replaces SAS 70 Type II) Audit standard for outsourced data center, network, cloud and other IT services ISO 27000 standards ISO standards and certification for information security Health Insurance Portability and Accountability Act (HIPAA) Standards for processing personal health information 17
Health Care Security & Data Breach Survey Cost of a Data Breach Cause of Data Breach Mobile Device Security Policies Barriers to Improved Security Copyright Ponemon Institute 18
Cloud Security Alliance POV 13 Domains of Focus for Cloud Computing Cloud Architecture Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont., and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Virtualization Top Threats to Cloud Computing 1. Security on the Network 2. Identity Management 3. Compliance 4. Data Integration 5. Vendor Lock-In 6. Vendor Viability 7. Manageability 8. Availability 9. Shared Resources 10. Legal Ambiguity Identity and Access Management 19
References NIST Definition of Cloud Computing SP800-145 Sept 2011 3 pages http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf NIST DRAFT Cloud Computing Synopsis and Recommendations SP800-146 May 2011 84 pages http://csrc.nist.gov/publications/pubsdrafts.html#sp-800-146 Gartner Magic Quadrant Report for Public Cloud Infrastructure March 2012 http://www.gartner.com/technology/reprints.do?id=1-18bc06x&ct=111213&st=sb Gartner Magic Quadrant Report for Managed Hosting December 2011 http://www.gartner.com/technology/reprints.do?id=1-19l41nj&ct=120306&st=sg Information Week Cloud ROI Modeler March 2012 Excel spreadsheet http://reports.informationweek.com/abstract/5/8678/cloud- Computing/2012-informationweek-cloud-roimodeler.html?cid=nl_analyt iwkrnwlslspeced20120308&wc=4 20
References Information Week Cloud ROI Calculations March 2012 26 pages http://reports.informationweek.com/abstract/5/8702/cloud- Computing/research-cloud-roicalculations.html?cid=nl_analyt iwkrnwlslspeced20120308&wc=4 Information Week 2012 State of Cloud Computing February 2012 29 pages http://reports.informationweek.com/abstract/5/8658/cloud- Computing/research-2012-state-of-cloudcomputing.html?cid=nl_analyt iwkrnwlslspeced20120308&wc=4 Information Week 2012 Fundamentals of Cloud vs. In-House IT Spend February 2012 14 pages http://reports.informationweek.com/abstract/5/8694/cloud- Computing/fundamentals-cloud-vs-in-house-it-spend-smart-in- 2012.html?cid=nl_analyt iwkrnwlslspeced20120308&wc=4 Cloud Industry Forum UK Adoption Trends 2011 February 2011 15 pages http://www.cloudindustryforum.org/downloads/whitepapers/cifwhite-paper-1-2011-cloud-uk-adoption-and-trends.pdf 21
Useful Web Sites cloudsecurityalliance.org - Cloud Security Alliance www.27000.org - ISO Information Security Standards www.pcisecuritystandards.org/security_standards/ - PCI DSS 2.0 and other information http://www.ponemon.org Ponemon Institute, data privacy experts http://csrc.nist.gov/news_events/hipaa- May2011_workshop/presentations.html 2011 Conference - Safeguarding Health Information: Building Assurance Through HIPAA Security http://www.hhs.gov/ocr/privacy/hipaa/administrative /securityrule/index.html - The HIPAA Security Rule 22