Security Cloud – A Case Study

Shayne Bates CCSK, CHS-V, CPP, DABCHS

What is the cloud?

Technology Economic Business

Generational Computing Changes

3

The essential advantages of the Cloud …

… way more that IT cost center savings …

5

Cloud Computing

Key Trends•Big Data revolution• Social media•Real time information• Instrumented world

Business Drivers•Lower TCO, companies looking for less-capital

intensive solutions•Widespread Use of SAAS in all company sizes•Rising maintenance fees from the "mega

vendors”•Rapid return on investment (ROI)•Subscription-based revenue models in-demand

Technology Drivers•Wireless growth and

broadband availability• Faster, cheaper hardware• Increased virtualization•Data ubiquity• Storage CompressionCloud

Computing

Drivers of Cloud Adoption

0.8 1.3 2.13.3

4.76.5

8.510.8

13.7

18.0

25.7

35.0

0.0

5.0

10.0

15.0

20.0

25.0

30.0

35.0

40.0

2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020

Exabytes

Growth in Data(Demand-Side)

CAGR 10-20:41%

Source: IDC & EMC Joint Study, May 2010

CAGR 10-15: 46%

Growth in Data (Demand) will be met by the growth in instances (Supply).

46%CAGR in the growth of data 2010-15

44xGrowth of digital data between 2009-2020

34% of all data will pass through the cloud by 2020

MICROSOFT CONFIDENTIAL 6

Explosion of Big Data

Source: Gartner June 2010

Increasing Virtualization Rates

Multi-Core Innovation

WW Virtualization penetration rates:

2010 2011 2012 2013 2014 2015

33% 35% 36% 36% 38% 40%

4 time increase in instances (49% CAGR) while physical servers increasing at 6%. Multiples of work can be

managed in the cloud.7

7xGrowth in core capacity 2010-2015

Server Trends

SMIT LRF server units shipped (FY10)

13M 15M 17.5M 20M 22.3M

3.5M5.2M

7.6M

10M

13M

-

10

20

30

40

FY11 FY12 FY13 FY14 FY15M

illio

ns

Cloud Traditional

15% CAGR

49% CAGR

Server Instances – Cloud vs. Traditional

Growth of Instances(Supply-Side)

+

Consumerization of IT

Consumerization…“A PC on every desktop…and in every home” …

Consumer Experience

Maintaining security,privacy, control,

compliance

Enabling people to work theway they want, anywhere

and with any device

Enterprise Requirements

Corporate Policy

Three Cloud Service Models

9

•

•

•

•

•

•

•

•

•

•

•

•

•

Management of Cloud Services

(On-Premises)

Storage

Servers

Networking

O/S

Middleware

Virtualization

Data

Applications

Runtime

You

man

age

Infrastructureas a Service

Storage

Servers

Networking

O/S

Middleware

Virtualization

Data

Applications

Runtime

Other M

anages

You

man

age

Platformas a Service

Other M

anages

You

man

age

Storage

Servers

Networking

O/S

Middleware

Virtualization

Applications

Runtime

Data

Softwareas a Service

Other M

anages

Storage

Servers

Networking

O/S

Middleware

Virtualization

Applications

Runtime

Data

The 3-4-5 of Cloud

Software as a Service (SaaS)Platform as a Service (PaaS)Infrastructure as a Service(IaaS)

PrivateCommunityPublicHybrid

On-demand self serviceBroad network accessResource poolingRapid elasticityMeasured service

Four Cloud Types

12

•

•

•

•

•

•

•

•

•

•

•

•

•

5 Characteristics

13

On-Demand Self-Service

Broad Network Access

Resource Pooling Rapid Elasticity

Consumer direct, automated provisioning with no human interaction at provider

Capabilities delivered over the network accessed through

standard mechanisms (laptop,

WP7 etc…)

Capabilities are rapidly and elastically

provisioned, some automated, depending

on requirements. “SOC-in-a-box”

Measured Service

Cloud system automatically

monitors, optimizes, controls and reports

resource use transparently

Providers computing resources are pooled and dynamically assigned to serve multiple consumers

Cloud Choices and Fundamentals

Strategy Development Process

Candidate ProcessesDevelop list of core candidates

Broad network accessMeasured ServiceOn demand self-serviceRapid elasticityResource pooling

CapabilityEfficiencyEfficacyEffect

Risk Management for Cloud Computing

Security Buyers Guide, Shayne Bates, “Understanding Risk Management Approaches in the cloud computing service model”, November 2010,http://www.securitybuyer.com/content/latest-edition-online-november-2010

Risk

What is a Strong Business Case?

Vision

Cost Savings

Need/Pain

Business Value

Cloud Transformation Framework

Architecture and Location Migration 3rd Party Partners

Determine arrangements for provision of cloud services (e.g. where/who is the ContGo cloud) and formalize SLA’s.

Emergence of evolved applications (and capabilities) leveraging cloud characteristics. Exploitation of core technologies (e.g. -O365 & Azure).

Encourage development of new functionality that utilizes the 5 key cloud characteristics.

Non Core Technologies

Divest management and ownership of non-core technologies. Utilize partners who are world class (e.g. –MSIT for network transport).

Support and Maintenance

Arrangements with providers and partners who deliver high quality, low cost services.

Cloud Types

Specify PaaS Private Hybrid cloud wiring for technologies used by MSGS (e.g. –Operations, Showcase, P3 etc.).

Separate Physical Platform from Applications

Remove specific dependencies to hardware platforms and particular physical locations (but consider GRC implications).

Virtualization Evolution

Decide how components will be virtualized (e.g. - Azure hosted or Hyper-V) and how they connect and interoperate.

Phase (1) Divest & Partner Phase (2) Virtualize

(3) Host (4) Native Cloud

SharePoint Mgmt. & Support

Network Transport

(MSIT)

Decide Capabilities & Providers

‘To Be’ State

Divest and Partner

Non Core Items Divested &

Partner Decisions Complete

Date ________

Technology Mix (current discussions)

Virtualization

=+++

Virtualization - Wiring of

Apps

Choice of StandardsPlatform

GRC Compliance

Date ______

Interoperability Between

functions (apps)=+++

Location independence

is Achieved

RoadMap: Components and Timeline

“Best-in-class” Hosting

DecisionsSLA’s

Completed

Azure Platform Emerges

Hosting of MSGS Core Functions

Current Functions

Fully Deployed and

Hosted

Date ________

From Hosted to Native

Cloud Apps

=+++

MSFT Technology Leveraged

Technology V2 (Cloud

Winners)

Date ________

New Capabilities

=+++Native Cloud

Deployed & New Capabilities are

Realized

Hybrid Cloud Wiring

(Apps & Data )

Development of Native

Cloud Apps

19

Customer Decision Framework

Customer Decision Framework

Q&A