Introduction to Cloud computing - Chapters Site - Home · How these three categories SaaS, BaaS and...

Introduction toCloud computingFrank Kovacs

September 26, 2011

Introduction to Cloud computingPage 2

Agenda

► Overview and nomenclature► Cloud computing:

► Deployment strategies► Adoption – rewards► Adoption – risks► Audit strategies

► News and facts► Summary


Overview and nomenclature

► What is Cloud? ► Cloud computing is an approach to shared infrastructure in which large

pools of systems are linked together to provide IT services. ► Following are its basic characteristics

► Users are typically not aware of the underlying technologies used to provide the services

► Users can call up resources from the cloud, use them and then release them when they are done in a self-service fashion

► The cloud is widely accessible, most commonly through the Internet



► Don’t we already use it? ► Emails, messengers► Mobile applications► Software► Web applications► Managing servers

► Who provides it?► Providers like Google► Amazon, Facebook, etc. have their

own cloud services► Number of providers for customer-

based applications are entering the market

Customers

Google Others

AmazonFacebook



► Where does Cloud stand?

Single purpose systems

VirtualizationService

driven data centers

Cloud computing

Single task

Multiple tasks



► Is it easy to understand? ► Article “CIOs Lack Adequate Cloud Computing Knowledge” published on

CIO.com provides interesting statements based on a study► “It’s not much that buyers are not skilled at cloud computing capabilities but that

they have not had much real-world practice at utilizing them. Or there is not enough relevant, real-world data available from providers to do meaningful business case assessments”

► “It’s as much a function of practicing the skills as acquiring them”► Above article reflects the current state of available knowledge on cloud

computing. It becomes a pointer that current and future providers and customers need to keep pace with this new approach.

► Cloud Computing thus currently needs thorough assessment and knowledge at each stage.



► Cloud computing is divided into three broad categories► Software as a service (SaaS) provides consumer the capability to use

provider’s applications running on cloud infrastructure which are accessible from various client devices(web browser, email)

Consumer

Control limit

ApplicationSoftware

Infrastructure software

Operating system

Virtualization layer

Physical servers

Networking and firewalling

Data centers

Example. Example. Example. Example. Example. Components Machinery

Microsoft Office

SQL server,Java,ASP.NET

Windows, Linux

Vmware, Xen IBM,Dell, HP

Routers,switches,firewalls

Data center,mechanical and electrical devices

Provider



► Cloud computing is divided into three broad categories► Platform as a service (PaaS) provides consumer the capability to deploy

onto cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by provider

Consumer

Control limit

ApplicationSoftware


Operating system


Physical servers


Data centers


Microsoft Office


Windows, Linux




Provider



► Cloud computing is divided into three broad categories► Infrastructure as a service (IaaS) provides consumer a platform that

includes storage and network capabilities where they can deploy and run any software. Customers no longer purchase servers ,software, data centre space, but instead buy those resources as a fully outsourced services

Consumer

Control limit

ApplicationSoftware


Operating system


Physical servers


Data centers


Microsoft Office


Windows, Linux




Provider



► Cloud has its own very vocabulary which changes with respect to risks involved. There is no right way to balance these risks

► How these three categories SaaS, BaaS and PaaS evolve will be interesting phase

Key ideas


Trends in Cloud deployment strategies

► Business models► Subscription

► Long duration and consistent services► Better earning and revenue visibility

► Usage-based► Seasonal business and variable work load► Less earning and revenue visibility

► Advertising-based► Successful in consumer segments► Ad revenue supports applications

► Success-based► Pricing based on success of services


Trends in Cloud Deployment strategies

► Deployment models► Private Cloud

► Operated solely for an organization► May be operated by organization or third party

► Public Cloud► Available to general public or large industry group► Owned by an organization selling cloud services

► Community Cloud► Cloud Infrastructure is shared by several organizations► May be operated by organization or third party

► Hybrid Cloud► Cloud infrastructure is composition of two or more clouds► Both entities remain unique but are bound by proprietary technology enabling

application portability


Trends in Cloud deployment strategies

► These trends helps us to identify 3 main entities ► Enterprise (service consumer )► Cloud(public/private/hybrid/community)► End user

End user Enterprise



► Cloud computing is adaptable and flexible with different levels of deployment strategies which supports diverse use cases pertaining to cloud, enterprise and end-user entities

Key ideas


Cloud installation – rewards

► Why Cloud ?► Ease of deployment► Broad network access► Elastic scalability► Efficient resource sharing► Measured services► Lowers cost




► On-demand self service► No cabling or hardware► Deploy infrastructure with

software




► Capabilities available over Internet

► Can be accessed through PDAs, Laptops, mobile phones




► Add or remove computing capacity instantly

► Control infrastructure as per application demands

► Flexible with variable workload




► Serve multiple consumers► Sense of location independence► Resources include memory,

bandwidth, virtual machines, etc.




► Metering capability► Resource usage can be

monitored and controlled► Provides transparency to provider

and consumer




► Pay as per usage► Avoids maintenance cost for

servers► No contracts or buying servers



► Do these rewards really make a difference to firms?

► Does it fit with your company size ?

► Ease of deployment► Broad network access► Elastic scalability► Efficient resource sharing► Measured services► Lowers cost

The company =

The company

The company

reward


Cloud installation – rewardsCisco example

► Do these rewards really make a difference to Cisco?

► Does it fit with Cisco size?

Cisco had a very successful migration to cloud realizing over $480M annually in increased application development funding alone

► Ease of deployment► Broad network access► Elastic scalability► Efficient resource sharing► Measured services► Lowers cost

Cisco

► 180,000+ people worldwide in the extended Cisco family► 300 locations in 90 countries ► 400 buildings

Cisco


Cloud installation – rewardsCisco example

► Where Cisco benefited?

Cost savings in various departments

Data centers

$71M storage-related cost

avoided

Network systems

Cost reduction of 23%

Mobility

$400-$700/ employee

cabling cost20% reduction in

helpdesk calls

Security

Saving time which was spent

to fix security attacks

Unified communication

Cost savings on contact centers, tools and voice

communications

Tele-presence

$132.46M saved as 36864+ meetings avoided



► Cloud rewards improve productivity in range of departments handling massive sized networks

► If large company like Cisco can implement and use it successfully then definitely other companies can

Key ideas


Cloud installation – risks

► Security issues include but are not limited to:► Privileged user access► Regulatory compliance► Data location► Data segregation► Recovery► Investigative support



► What security issues?► Privileged user access► Regulatory compliance► Data location► Data segregation► Recovery► Investigative support

► Sensitive data processed outside the enterprise

► Outsourced services bypass physical, logical and personnel controls




► Customers ultimately responsible for security and integrity of own data

► Traditional service providers are subjected to external audits and security certifications




► Consumer won’t know where the data is stored.

► Service provider may not be storing and processing data in a specific jurisdiction




► Data is present in a shared environment

► Encryption is effective but is not full proof




► Data might be lost in disaster.► Provider may not be able to do a

complete restoration in a short duration




► Investigating inappropriate activity with data may be impossible

► Data for multiple customers may be co-located and spread across changing set of hosts and data centers


Possible solutions

► How to minimize the risk?► Conduct a risk assessment to evaluate legal, reputational and technical

risks ► Ensure transparency vendor operations for effective oversight over

system security and privacy ► Require vendors to commit to the location of cloud data centers► Personal information should not be transferred to law enforcement

agencies or tax/ financial auditors► Use the services of legal advisors who understand international privacy

laws while creating contracts



► Every coin has two sides and Cloud is no different, it brings with it certain unique risks

► Good part is there are several solutions if appropriately implemented can help avoid possible cloud risks

Key ideas


Audit strategies for Cloud implementation

► Audit strategies consider the following aspects► Organizational issues► Security and privacy issues► Legal and compliance issues► Performance issues

► Auditing for Cloud is a challenging process, it plays role at each stage in cloud implementation

Requirements gathering

Vendor selection

Implementation planning Pilot Migration

Embed, settle, validate, operate

► Investigating inappropriate activity with data may be impossible► Data for multiple customers may be co-located and spread across

changing set of hosts and data centers






Vendor selection



► Identify control requirements

Risks considered:► Incomplete requirements► Overly optimistic business case






Vendor selection



► Vendor Evaluation support

► Review updated business case

Risks considered:► Incomplete selection criteria► Excessive cost on one sector






Vendor selection



► Data Migration assessment

► Vendor Management Review

Risks considered:► Design is not secure, fault tolerant

or traceable► Controls not considered






Vendor selection



► Assess Migration of processes or areas to the Cloud

Risks considered:► Inadvertent exposure of private

data






Vendor selection



► Data Migration Assessment

► Project Assessment

Risks considered:► Inadvertent exposure of private

data► Business process don’t work as

expected






Vendor selection



► Control Review, Assessment/Test

Risks considered:► Loss of financial records



► Cloud implementation is similar to traditional IT development process but poses unique risks which makes assessment at every stage essential.

Key ideas


News and facts

► Economic opportunities► There are 50 Million servers worldwide today. By 2013 60% of server

workload will be virtualized ► MarketsandMarkets.com in their report, Cloud Computing Market – Global

Forecast (2010 -2015) predicts that the global cloud computing market is expected to grow from $37.8 billion in 2010 to $121.1 billion in 2015 at a CAGR of 26.2% from 2010 to 2015.

► Experton Group is forecasting that the German cloud computing market is forecast to grow from EUR 1.14 billion in 2010 to EUR 8.2 billion in 2015.

► IBM claims Cloud cuts IT labor costs by up to 50% and improves capital utilization by 75%


News and facts

► Numbers demonstrate the economic opportunity cloud computing presents

Key ideas


Summary

► Quick recap► Every coin has two sides and Cloud is no different, it brings with it certain

unique risks► Good part is there are several solutions if appropriately implemented can

help avoid possible cloud risks► Cloud implementation is similar to traditional IT development process but

poses unique risks which makes assessment at every stage essential► Numbers demonstrate the economic opportunity cloud computing

presents

Questions and answers

Thank you

Ernst & Young

Assurance | Tax | Transactions | Advisory

About Ernst & YoungErnst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 141,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.

Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit www.ey.com.

Ernst & Young LLP is a client-serving member firm of Ernst & Young Global Limited operating in the US.

© 2011 Ernst & Young LLP.All Rights Reserved.

SCORE no.

1108-1282338

Professional experience summary Frank Kovacs is an accomplished senior technology executive - currently with Ernst & Young in the Horizon Technologies area of the CIO Services group working across the CIO Agenda as well as leading the Cloud Computing competency. Most recently Frank led a team which developed the Cloud Computing Opportunity Scan which allows firms to engage E&Y for an assessment which in a matter of weeks delivers a independent comprehensive view of the firms readiness for Cloud Adoption and the benefits that can accrue from adoption for which his team won the firms Innovation Challenge. In the summer of 2010 Frank co-founded the Cloud Computing Consortium, SC3, in partnership with Stevens Institute of Technology and sits on the Advisory Boards of two of the largest Cloud Computing expo's in the industry - UP and Cloudcor. Frank has 25+ years of experience mostly at VP level at firms such as AT&T/Bell Laboratories, AIG, Citigroup, JPMorgan Chase, Bowne, Medco, GSI Commerce, Guardian, and McGraw Hill running Technology Infrastructure, the industries largest public then private data & internet networks, largest E-Commerce implementation, large scale application development organizations comprised of as much as 1700 developers & system engineers, has established then run PMO's at 5 different Fortune 500's, and has extensive process management experience as a Six Sigma Master Black Belt versed in ISO, ITIL, CMMI, CoBIT, Togaf, SOX, and is ISACA CRISC certified. Frank was part of a team that brought the Malcolm Baldridge Quality Award back to the United States after a 20 year hiatus, and has run Strategic Sourcing agreements as large as $800 Million. Frank is a highly sought after speaker for his technology views by Gartner, Forrester, the Corporate Executive Board's CIO Advisory Council, CIO Roundtables, WPO & Strategic Sourcing forum, and was keynote speaker of the IT World Congress. Frank also sits on the Board of Directors the Society of Information Management (SIM). Frank’s credits include: The Gartner Group CIO Choice Award, Comnet Ovation Award, the Vision Award for Excellence at Internet World and the Technology Managers Forum Award for Technological Innovation.

On a personal note Frank is very active in the Community for which he was recognized by the Governor of New Jersey and United States Congress for his community service efforts. Frank also hosts a weekly radio show, “Your Career Is Calling”, in conjunction with Rider University and runs a 3,800+ member networking group that will celebrate it’s 10 year anniversary in November 2011 that helps those from College Students through Experienced Professionals identify and secure employment opportunities. These efforts are estimated to have helped over 7,000 people in our local market who were downsized regain meaningful employment by teaching them new advanced job search techniques that were developed by Frank and his Radio Show co-host Rod Colon.

0907-1074192

Frank Kovacs Senior Manager Advisory Services

Contact information Ernst & Young, LLP 99 Wood Avenue Iselin, NJ 08830 Office: +1-732-516-4254 Mobile: +1-732-310-2500 EY/Comm: 8635682 Email: [email protected] Industry lines Telecom Utility Financial Services E-Commerce Media and Entertainment Pharmaceuticals High Tech Clients Cytec The Weather Channel Ernst Young Global Disney United Healthcare Group Novartis TJ Maxx Readers Digest Avaya Education Master’s Project Management, George Washington University Master’s Contract Management, Villanova University Master’s Corporate Governance, Tulane Law School Certification(s) Six Sigma Master Black Belt ISACA Certified (CRISC) Graduate Gartner CIO Academy

Date post:	30-Jun-2018
Category:	Documents
Upload:	tranngoc
View:	212 times
Download:	0 times

Introduction to Cloud computing - Chapters Site - Home · How these three categories SaaS, BaaS and...

Documents