Credit Unions and The Cloud By: Chris Sachse
Agenda! Introduction.! Definition of the cloud.! Discuss cloud popularity.! Look at the use of the cloud.! Discuss cloud management.! Discuss cloud security.! Common cloud misnomers.! The future of the cloud
Introduction! Christopher Sachse! Principal and Founder of Horsetail Technologies and Continuous Compliance! 10 years of IT consulting with a focus in Credit Unions! Specializing in technical design, architecture and project management! Cloud broker and aggregator
Horsetail Tech! Horsetail serves the IT needs of highly regulated industries with a focus on credit unions.! Business Process and Technology Assessment (BP&T) 16 phase technology assessment and strategy! IT Managed Services advanced management, strategy and monitoring services! Cloud Broker assess, select, provision, manage! Technology as a Service - Hybrid cloud services and infrastructure! Special Project Management and Consulting
Presentation! I hope that you leave here today understanding:! WHAT- what the cloud is.! WHO- who the cloud is and who uses the cloud.! WHERE- where the cloud is located.! WHY- why the cloud is gaining in popularity.! HOW- how the cloud operates and how credit unions operate the cloud.! The relationship and importance of the cloud impact on the credit union market.! Security and Safety- how to protect data in the cloud.! Interactive!
What is the cloud?
What is the Cloud?! The origin of the term is unclear. The use of a cloud to symbolize the internet and other networks helped the terms use.! The cloud is a broad term that doesn t have a specific definition.! Hosted computing services.! Shared services.! Distributed computing.! Network based services.
What is the cloud! Cloud Examples! Hosted Exchange- Email! Hosted Applications- Adobe! Hosted Servers! Firewalls as a service! Hosted File Storage! Cloud Backup and Recovery! Hosted Phone Systems! Security applications! Email encryption and email security
What is the cloud?! Common Cloud Terms:! SaaS: Software as a Service or Security as a Service! TaaS: Technology as a Service! FWaaS: Firewall as a Service! IaaS: infrastructure as a Service! AaaS: Application as a Service! PaaS: Platform as a Service
What is the cloud?! How does it work?! Client locations and mobile devices or remote users connect to the cloud services.! Cloud providers offer options in terms of connections.! SSL VPN, TLS, VPN, Private Connectivity, etc.! The provider delivers a service to the client for a fixed fee.! Responsibility for services varies greatly based on provider.! Who backs up the systems? Who patches, updates and supports the system?
What is the cloud?! Public cloud: services offered and open for use by the public. Google, Amazon and Microsoft are among the leaders.! Private cloud: the private cloud is a custom built for a sole organization.! Community cloud: shared cloud among a specific community.! Hybrid cloud: this is a more common term recently. It can mean everything from a cloud and on premise solution to a solution leveraging multiple clouds.
What is the cloud? Cloud Provider WWW Mobile User Credit Union
Why the cloud?
Why the cloud? Cloud Benefits! Fixed cost- Not Lower! Lifecycle management! Support! Uptime! Premium Infrastructure! Recovery Cloud Detriments! Lack of customization! Minimal control! Performance! Unwarranted confidence! Assumptions! Support assumptions! Infrastructure assumptions
Cloud Popularity! Cloud usage and acceptance is exploding. IT companies are seeing over 90% growth of cloud services per year since 2006.! Flexibility met the recession and the decrease in the cost of bandwidth. Users were used to using the cloud because of their mobile devices and companies were looking for less expensive options to serve their technology needs.
Cloud Popularity! Big data! Storing, analyzing and using data is required for credit unions to serve members, as a result networks require significant infrastructure to support big data.! Backup and disaster recovery! The cost of high availability, backup and disaster recovery can become too great to manage and the cloud offers options.! Mobility! Credit unions must support mobile computing initiatives.! Operational costs vs. capital expenses! The cloud offers financial options that traditional infrastructure does not.
Cloud Popularity! The impact of the current recession.! The cloud offers credit unions the ability to make mass changes and upgrades by leveraging a monthly fee and not a large capital expense.! The impact of increased regulations.! As regulations place greater restrictions on credit unions to build and maintain secure, available and recoverable systems, the cloud offers options otherwise unavailable.! The impact of smaller staff.! As credit unions deal with smaller staffs, the cloud offers a way to outsource services resulting in less staff needed for system support.
Who is using/providing the cloud?
Who is using the cloud?! Smaller credit unions are looking to outsource almost all services from the core application to files and email.! Medium sized credit unions are looking to outsource core infrastructure to create a recoverable, secure and compliant network operation centers.! Larger credit unions are outsourcing specific applications or services.
Who is providing the cloud?! Providers range from small businesses to large technology firms.! Size doesn t matter. Smaller companies and large alike can provide good cloud services.! Vertical specialization is important
What Services are Being Provided?! Cloud Exchange! Email, contact and calendaring services! Mobile and remote connectivity.! Email security and encryption! Hosted Phone System! Removes phone system and call center systems! Removes phone lines, local and LD! Backup and Recovery! Backup system and storage located remote.! Control and support can be outsourced, shared or not provided.
How do we use and go to the cloud?
How do institutions secure the cloud?! Find a cloud broker or consultant.! Do an analysis of what services will be sent to the cloud.! Create a justification using the analysis to determine cost, performance and need.! Evaluate available vendors.! Perform vendor due diligence.! Find a partner to create and implement a go to the cloud strategy.! Manage the cloud.
How do institutions secure the cloud?! Select the right vendor.! Where is the vendor located?! Does the vendor have an SSAE-16 or similar?! Does the vendor offer data encryption?! If yes what type?! Does the vendor offer service level agreements that meet best practices and FFIEC regulations?! Does the vendor offer DDoS protection and other advanced security services.
How do institutions secure the cloud?! Connectivity! Determine what connectivity options are available.! VPN Connection! Private Connection! Public Connection! SSL-VPN! Mobile Device Access
How do institutions secure the cloud?! Access Control! Determine what systems are being used to control and manage access to cloud systems.! Active Directory! 2 Factor Authentication! Device Based Access! IP Based Access
How do institutions secure the cloud?! Encryption! Determine what encryptions options are available.! What is encrypted! Data transfer! Data Storage! How is it encrypted! Software based encryption- 256 AES, 448-bit Blowfish, etc.! Hardware based encryption- Similar to software but better performance! Transfer based encryptions- GET Encryption, VPN, etc.
How do institutions secure the cloud?! Determine what systems are cloud ready and make sense to take to the cloud.! Create a system to monitor and report on the cloud usage.! Understand data storage and data flow.! Control access.! Create custom alerting to proactively manage the cloud infrastructure.
How do institutions control the cloud?! Service monitoring! Virtual servers and PC s can be monitored using remote monitoring agents to ensure that all systems are operating as designed and kept up to date.! Bandwidth and performance monitoring can ensure that service is being delivered and protected as designed.! Visibility! Portals can provide visibly into cloud services to ensure that systems are being supported and updated as required.! Documentation! You must be able to recover you application, infrastructure or data in the event of a disaster or a provider issue. The credit union is ultimately responsible, not the provider.
Who is responsible and supports the cloud?! Support of cloud services can be a tricky concept.! Determining who is responsible to support what and how can be difficult.! Various cloud services may be purchased at one time creating a complex cloud environment.! Cloud aggregators, brokers and managers can offer systems to help support.
How do you get to the cloud?! Getting to the cloud successfully can be a difficult task.! Assess the current in house solution and document thoroughly.! Select a project manager to manage the complete project, not just the systems moving but all of the systems affected by the move.
Common cloud misnomers! Cloud service providers are responsible for data protection and integrity.! Cloud systems include disaster recovery.! Cloud systems are not complaint because data is available via the internet.! Systems are shared systems and thus have difficulty separating and protecting data.! Cloud services are cheaper than traditional infrastructure.
The future of the cloud! Big data.! Mobile devices! Enterprise networks in the cloud.! As bandwidth becomes less expensive the cloud will become more effective and we will see more and more credit unions embrace the cloud.
Questions? Thank you.