Introduction toCloud computingFrank Kovacs
September 26, 2011
Introduction to Cloud computingPage 2
Agenda
► Overview and nomenclature► Cloud computing:
► Deployment strategies► Adoption – rewards► Adoption – risks► Audit strategies
► News and facts► Summary
Introduction to Cloud computingPage 3
Overview and nomenclature
► What is Cloud? ► Cloud computing is an approach to shared infrastructure in which large
pools of systems are linked together to provide IT services. ► Following are its basic characteristics
► Users are typically not aware of the underlying technologies used to provide the services
► Users can call up resources from the cloud, use them and then release them when they are done in a self-service fashion
► The cloud is widely accessible, most commonly through the Internet
Introduction to Cloud computingPage 4
Overview and nomenclature
► Don’t we already use it? ► Emails, messengers► Mobile applications► Software► Web applications► Managing servers
► Who provides it?► Providers like Google► Amazon, Facebook, etc. have their
own cloud services► Number of providers for customer-
based applications are entering the market
Customers
Google Others
AmazonFacebook
Introduction to Cloud computingPage 5
Overview and nomenclature
► Where does Cloud stand?
Single purpose systems
VirtualizationService
driven data centers
Cloud computing
Single task
Multiple tasks
Introduction to Cloud computingPage 6
Overview and nomenclature
► Is it easy to understand? ► Article “CIOs Lack Adequate Cloud Computing Knowledge” published on
CIO.com provides interesting statements based on a study► “It’s not much that buyers are not skilled at cloud computing capabilities but that
they have not had much real-world practice at utilizing them. Or there is not enough relevant, real-world data available from providers to do meaningful business case assessments”
► “It’s as much a function of practicing the skills as acquiring them”► Above article reflects the current state of available knowledge on cloud
computing. It becomes a pointer that current and future providers and customers need to keep pace with this new approach.
► Cloud Computing thus currently needs thorough assessment and knowledge at each stage.
Introduction to Cloud computingPage 7
Overview and nomenclature
► Cloud computing is divided into three broad categories► Software as a service (SaaS) provides consumer the capability to use
provider’s applications running on cloud infrastructure which are accessible from various client devices(web browser, email)
Consumer
Control limit
ApplicationSoftware
Infrastructure software
Operating system
Virtualization layer
Physical servers
Networking and firewalling
Data centers
Example. Example. Example. Example. Example. Components Machinery
Microsoft Office
SQL server,Java,ASP.NET
Windows, Linux
Vmware, Xen IBM,Dell, HP
Routers,switches,firewalls
Data center,mechanical and electrical devices
Provider
Introduction to Cloud computingPage 8
Overview and nomenclature
► Cloud computing is divided into three broad categories► Platform as a service (PaaS) provides consumer the capability to deploy
onto cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by provider
Consumer
Control limit
ApplicationSoftware
Infrastructure software
Operating system
Virtualization layer
Physical servers
Networking and firewalling
Data centers
Example. Example. Example. Example. Example. Components Machinery
Microsoft Office
SQL server,Java,ASP.NET
Windows, Linux
Vmware, Xen IBM,Dell, HP
Routers,switches,firewalls
Data center,mechanical and electrical devices
Provider
Introduction to Cloud computingPage 9
Overview and nomenclature
► Cloud computing is divided into three broad categories► Infrastructure as a service (IaaS) provides consumer a platform that
includes storage and network capabilities where they can deploy and run any software. Customers no longer purchase servers ,software, data centre space, but instead buy those resources as a fully outsourced services
Consumer
Control limit
ApplicationSoftware
Infrastructure software
Operating system
Virtualization layer
Physical servers
Networking and firewalling
Data centers
Example. Example. Example. Example. Example. Components Machinery
Microsoft Office
SQL server,Java,ASP.NET
Windows, Linux
Vmware, Xen IBM,Dell, HP
Routers,switches,firewalls
Data center,mechanical and electrical devices
Provider
Introduction to Cloud computingPage 10
Overview and nomenclature
► Cloud has its own very vocabulary which changes with respect to risks involved. There is no right way to balance these risks
► How these three categories SaaS, BaaS and PaaS evolve will be interesting phase
Key ideas
Introduction to Cloud computingPage 11
Trends in Cloud deployment strategies
► Business models► Subscription
► Long duration and consistent services► Better earning and revenue visibility
► Usage-based► Seasonal business and variable work load► Less earning and revenue visibility
► Advertising-based► Successful in consumer segments► Ad revenue supports applications
► Success-based► Pricing based on success of services
Introduction to Cloud computingPage 12
Trends in Cloud Deployment strategies
► Deployment models► Private Cloud
► Operated solely for an organization► May be operated by organization or third party
► Public Cloud► Available to general public or large industry group► Owned by an organization selling cloud services
► Community Cloud► Cloud Infrastructure is shared by several organizations► May be operated by organization or third party
► Hybrid Cloud► Cloud infrastructure is composition of two or more clouds► Both entities remain unique but are bound by proprietary technology enabling
application portability
Introduction to Cloud computingPage 13
Trends in Cloud deployment strategies
► These trends helps us to identify 3 main entities ► Enterprise (service consumer )► Cloud(public/private/hybrid/community)► End user
End user Enterprise
Introduction to Cloud computingPage 14
Overview and nomenclature
► Cloud computing is adaptable and flexible with different levels of deployment strategies which supports diverse use cases pertaining to cloud, enterprise and end-user entities
Key ideas
Introduction to Cloud computingPage 15
Cloud installation – rewards
► Why Cloud ?► Ease of deployment► Broad network access► Elastic scalability► Efficient resource sharing► Measured services► Lowers cost
Introduction to Cloud computingPage 16
Cloud installation – rewards
► Why Cloud ?► Ease of deployment► Broad network access► Elastic scalability► Efficient resource sharing► Measured services► Lowers cost
► On-demand self service► No cabling or hardware► Deploy infrastructure with
software
Introduction to Cloud computingPage 17
Cloud installation – rewards
► Why Cloud ?► Ease of deployment► Broad network access► Elastic scalability► Efficient resource sharing► Measured services► Lowers cost
► Capabilities available over Internet
► Can be accessed through PDAs, Laptops, mobile phones
Introduction to Cloud computingPage 18
Cloud installation – rewards
► Why Cloud ?► Ease of deployment► Broad network access► Elastic scalability► Efficient resource sharing► Measured services► Lowers cost
► Add or remove computing capacity instantly
► Control infrastructure as per application demands
► Flexible with variable workload
Introduction to Cloud computingPage 19
Cloud installation – rewards
► Why Cloud ?► Ease of deployment► Broad network access► Elastic scalability► Efficient resource sharing► Measured services► Lowers cost
► Serve multiple consumers► Sense of location independence► Resources include memory,
bandwidth, virtual machines, etc.
Introduction to Cloud computingPage 20
Cloud installation – rewards
► Why Cloud ?► Ease of deployment► Broad network access► Elastic scalability► Efficient resource sharing► Measured services► Lowers cost
► Metering capability► Resource usage can be
monitored and controlled► Provides transparency to provider
and consumer
Introduction to Cloud computingPage 21
Cloud installation – rewards
► Why Cloud ?► Ease of deployment► Broad network access► Elastic scalability► Efficient resource sharing► Measured services► Lowers cost
► Pay as per usage► Avoids maintenance cost for
servers► No contracts or buying servers
Introduction to Cloud computingPage 22
Cloud installation – rewards
► Do these rewards really make a difference to firms?
► Does it fit with your company size ?
► Ease of deployment► Broad network access► Elastic scalability► Efficient resource sharing► Measured services► Lowers cost
The company =
The company
The company
reward
Introduction to Cloud computingPage 23
Cloud installation – rewardsCisco example
► Do these rewards really make a difference to Cisco?
► Does it fit with Cisco size?
Cisco had a very successful migration to cloud realizing over $480M annually in increased application development funding alone
► Ease of deployment► Broad network access► Elastic scalability► Efficient resource sharing► Measured services► Lowers cost
Cisco
► 180,000+ people worldwide in the extended Cisco family► 300 locations in 90 countries ► 400 buildings
Cisco
Introduction to Cloud computingPage 24
Cloud installation – rewardsCisco example
► Where Cisco benefited?
Cost savings in various departments
Data centers
$71M storage-related cost
avoided
Network systems
Cost reduction of 23%
Mobility
$400-$700/ employee
cabling cost20% reduction in
helpdesk calls
Security
Saving time which was spent
to fix security attacks
Unified communication
Cost savings on contact centers, tools and voice
communications
Tele-presence
$132.46M saved as 36864+ meetings avoided
Introduction to Cloud computingPage 25
Cloud installation – rewards
► Cloud rewards improve productivity in range of departments handling massive sized networks
► If large company like Cisco can implement and use it successfully then definitely other companies can
Key ideas
Introduction to Cloud computingPage 26
Cloud installation – risks
► Security issues include but are not limited to:► Privileged user access► Regulatory compliance► Data location► Data segregation► Recovery► Investigative support
Introduction to Cloud computingPage 27
Cloud installation – risks
► What security issues?► Privileged user access► Regulatory compliance► Data location► Data segregation► Recovery► Investigative support
► Sensitive data processed outside the enterprise
► Outsourced services bypass physical, logical and personnel controls
Introduction to Cloud computingPage 28
Cloud installation – risks
► What security issues?► Privileged user access► Regulatory compliance► Data location► Data segregation► Recovery► Investigative support
► Customers ultimately responsible for security and integrity of own data
► Traditional service providers are subjected to external audits and security certifications
Introduction to Cloud computingPage 29
Cloud installation – risks
► What security issues?► Privileged user access► Regulatory compliance► Data location► Data segregation► Recovery► Investigative support
► Consumer won’t know where the data is stored.
► Service provider may not be storing and processing data in a specific jurisdiction
Introduction to Cloud computingPage 30
Cloud installation – risks
► What security issues?► Privileged user access► Regulatory compliance► Data location► Data segregation► Recovery► Investigative support
► Data is present in a shared environment
► Encryption is effective but is not full proof
Introduction to Cloud computingPage 31
Cloud installation – risks
► What security issues?► Privileged user access► Regulatory compliance► Data location► Data segregation► Recovery► Investigative support
► Data might be lost in disaster.► Provider may not be able to do a
complete restoration in a short duration
Introduction to Cloud computingPage 32
Cloud installation – risks
► What security issues?► Privileged user access► Regulatory compliance► Data location► Data segregation► Recovery► Investigative support
► Investigating inappropriate activity with data may be impossible
► Data for multiple customers may be co-located and spread across changing set of hosts and data centers
Introduction to Cloud computingPage 33
Possible solutions
► How to minimize the risk?► Conduct a risk assessment to evaluate legal, reputational and technical
risks ► Ensure transparency vendor operations for effective oversight over
system security and privacy ► Require vendors to commit to the location of cloud data centers► Personal information should not be transferred to law enforcement
agencies or tax/ financial auditors► Use the services of legal advisors who understand international privacy
laws while creating contracts
Introduction to Cloud computingPage 34
Cloud installation – risks
► Every coin has two sides and Cloud is no different, it brings with it certain unique risks
► Good part is there are several solutions if appropriately implemented can help avoid possible cloud risks
Key ideas
Introduction to Cloud computingPage 35
Audit strategies for Cloud implementation
► Audit strategies consider the following aspects► Organizational issues► Security and privacy issues► Legal and compliance issues► Performance issues
► Auditing for Cloud is a challenging process, it plays role at each stage in cloud implementation
Requirements gathering
Vendor selection
Implementation planning Pilot Migration
Embed, settle, validate, operate
► Investigating inappropriate activity with data may be impossible► Data for multiple customers may be co-located and spread across
changing set of hosts and data centers
Introduction to Cloud computingPage 36
Audit strategies for Cloud implementation
► Audit strategies consider the following aspects► Organizational issues► Security and privacy issues► Legal and compliance issues► Performance issues
► Auditing for Cloud is a challenging process, it plays role at each stage in cloud implementation
Requirements gathering
Vendor selection
Implementation planning Pilot Migration
Embed, settle, validate, operate
► Identify control requirements
Risks considered:► Incomplete requirements► Overly optimistic business case
Introduction to Cloud computingPage 37
Audit strategies for Cloud implementation
► Audit strategies consider the following aspects► Organizational issues► Security and privacy issues► Legal and compliance issues► Performance issues
► Auditing for Cloud is a challenging process, it plays role at each stage in cloud implementation
Requirements gathering
Vendor selection
Implementation planning Pilot Migration
Embed, settle, validate, operate
► Vendor Evaluation support
► Review updated business case
Risks considered:► Incomplete selection criteria► Excessive cost on one sector
Introduction to Cloud computingPage 38
Audit strategies for Cloud implementation
► Audit strategies consider the following aspects► Organizational issues► Security and privacy issues► Legal and compliance issues► Performance issues
► Auditing for Cloud is a challenging process, it plays role at each stage in cloud implementation
Requirements gathering
Vendor selection
Implementation planning Pilot Migration
Embed, settle, validate, operate
► Data Migration assessment
► Vendor Management Review
Risks considered:► Design is not secure, fault tolerant
or traceable► Controls not considered
Introduction to Cloud computingPage 39
Audit strategies for Cloud implementation
► Audit strategies consider the following aspects► Organizational issues► Security and privacy issues► Legal and compliance issues► Performance issues
► Auditing for Cloud is a challenging process, it plays role at each stage in cloud implementation
Requirements gathering
Vendor selection
Implementation planning Pilot Migration
Embed, settle, validate, operate
► Assess Migration of processes or areas to the Cloud
Risks considered:► Inadvertent exposure of private
data
Introduction to Cloud computingPage 40
Audit strategies for Cloud implementation
► Audit strategies consider the following aspects► Organizational issues► Security and privacy issues► Legal and compliance issues► Performance issues
► Auditing for Cloud is a challenging process, it plays role at each stage in cloud implementation
Requirements gathering
Vendor selection
Implementation planning Pilot Migration
Embed, settle, validate, operate
► Data Migration Assessment
► Project Assessment
Risks considered:► Inadvertent exposure of private
data► Business process don’t work as
expected
Introduction to Cloud computingPage 41
Audit strategies for Cloud implementation
► Audit strategies consider the following aspects► Organizational issues► Security and privacy issues► Legal and compliance issues► Performance issues
► Auditing for Cloud is a challenging process, it plays role at each stage in cloud implementation
Requirements gathering
Vendor selection
Implementation planning Pilot Migration
Embed, settle, validate, operate
► Control Review, Assessment/Test
Risks considered:► Loss of financial records
Introduction to Cloud computingPage 42
Overview and nomenclature
► Cloud implementation is similar to traditional IT development process but poses unique risks which makes assessment at every stage essential.
Key ideas
Introduction to Cloud computingPage 43
News and facts
► Economic opportunities► There are 50 Million servers worldwide today. By 2013 60% of server
workload will be virtualized ► MarketsandMarkets.com in their report, Cloud Computing Market – Global
Forecast (2010 -2015) predicts that the global cloud computing market is expected to grow from $37.8 billion in 2010 to $121.1 billion in 2015 at a CAGR of 26.2% from 2010 to 2015.
► Experton Group is forecasting that the German cloud computing market is forecast to grow from EUR 1.14 billion in 2010 to EUR 8.2 billion in 2015.
► IBM claims Cloud cuts IT labor costs by up to 50% and improves capital utilization by 75%
Introduction to Cloud computingPage 44
News and facts
► Numbers demonstrate the economic opportunity cloud computing presents
Key ideas
Introduction to Cloud computingPage 45
Summary
► Quick recap► Every coin has two sides and Cloud is no different, it brings with it certain
unique risks► Good part is there are several solutions if appropriately implemented can
help avoid possible cloud risks► Cloud implementation is similar to traditional IT development process but
poses unique risks which makes assessment at every stage essential► Numbers demonstrate the economic opportunity cloud computing
presents
Questions and answers
Thank you
Ernst & Young
Assurance | Tax | Transactions | Advisory
About Ernst & YoungErnst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 141,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.
Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit www.ey.com.
Ernst & Young LLP is a client-serving member firm of Ernst & Young Global Limited operating in the US.
© 2011 Ernst & Young LLP.All Rights Reserved.
SCORE no.
1108-1282338
Professional experience summary Frank Kovacs is an accomplished senior technology executive - currently with Ernst & Young in the Horizon Technologies area of the CIO Services group working across the CIO Agenda as well as leading the Cloud Computing competency. Most recently Frank led a team which developed the Cloud Computing Opportunity Scan which allows firms to engage E&Y for an assessment which in a matter of weeks delivers a independent comprehensive view of the firms readiness for Cloud Adoption and the benefits that can accrue from adoption for which his team won the firms Innovation Challenge. In the summer of 2010 Frank co-founded the Cloud Computing Consortium, SC3, in partnership with Stevens Institute of Technology and sits on the Advisory Boards of two of the largest Cloud Computing expo's in the industry - UP and Cloudcor. Frank has 25+ years of experience mostly at VP level at firms such as AT&T/Bell Laboratories, AIG, Citigroup, JPMorgan Chase, Bowne, Medco, GSI Commerce, Guardian, and McGraw Hill running Technology Infrastructure, the industries largest public then private data & internet networks, largest E-Commerce implementation, large scale application development organizations comprised of as much as 1700 developers & system engineers, has established then run PMO's at 5 different Fortune 500's, and has extensive process management experience as a Six Sigma Master Black Belt versed in ISO, ITIL, CMMI, CoBIT, Togaf, SOX, and is ISACA CRISC certified. Frank was part of a team that brought the Malcolm Baldridge Quality Award back to the United States after a 20 year hiatus, and has run Strategic Sourcing agreements as large as $800 Million. Frank is a highly sought after speaker for his technology views by Gartner, Forrester, the Corporate Executive Board's CIO Advisory Council, CIO Roundtables, WPO & Strategic Sourcing forum, and was keynote speaker of the IT World Congress. Frank also sits on the Board of Directors the Society of Information Management (SIM). Frank’s credits include: The Gartner Group CIO Choice Award, Comnet Ovation Award, the Vision Award for Excellence at Internet World and the Technology Managers Forum Award for Technological Innovation.
On a personal note Frank is very active in the Community for which he was recognized by the Governor of New Jersey and United States Congress for his community service efforts. Frank also hosts a weekly radio show, “Your Career Is Calling”, in conjunction with Rider University and runs a 3,800+ member networking group that will celebrate it’s 10 year anniversary in November 2011 that helps those from College Students through Experienced Professionals identify and secure employment opportunities. These efforts are estimated to have helped over 7,000 people in our local market who were downsized regain meaningful employment by teaching them new advanced job search techniques that were developed by Frank and his Radio Show co-host Rod Colon.
0907-1074192
Frank Kovacs Senior Manager Advisory Services
Contact information Ernst & Young, LLP 99 Wood Avenue Iselin, NJ 08830 Office: +1-732-516-4254 Mobile: +1-732-310-2500 EY/Comm: 8635682 Email: [email protected] Industry lines Telecom Utility Financial Services E-Commerce Media and Entertainment Pharmaceuticals High Tech Clients Cytec The Weather Channel Ernst Young Global Disney United Healthcare Group Novartis TJ Maxx Readers Digest Avaya Education Master’s Project Management, George Washington University Master’s Contract Management, Villanova University Master’s Corporate Governance, Tulane Law School Certification(s) Six Sigma Master Black Belt ISACA Certified (CRISC) Graduate Gartner CIO Academy