SlideShare a Scribd company logo

dtechnClouologyassociatepart2

Anne Starr, profile picture
Anne Starr

The document discusses principles for managing cloud services, including IT service management principles and managing service levels in a cloud environment. It covers key areas of control for IT governance and business-IT alignment when outsourcing to the cloud. It also discusses elements that need to be in place for IT governance, such as service level management, reporting systems, clear service level agreements (SLAs), audit standards, and certification standards the provider should have. The document then summarizes ISO 20000 quality specifications for information systems and its processes for service delivery, relationship management, control processes, and resolution processes. It provides examples of questions to ask cloud providers regarding audits, data location, contract provisions, and migration to other providers.

Education
1 of 55
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
2.2. The principles of managing Cloud services
2.2.1 IT Service Management Principles in a Cloud Environment Outsourcing to the Cloud means that the provider needs to be in control of the complete supply chain. Key areas of control: • IT governance; the customer needs to remain in control over his/her business processes • Business-IT alignment; the customer needs to make sure that the Cloud IT processes support his/her business in the short and long term
IT Governance The following elements need to be in place: • Good Service Level Management • Different requirements for the different Cloud models • Reporting system • Clear SLA’s with ‘SMART’ performance criteria • Proper audit standards and internal audit mechanisms • Provider: • ISO/IEC 20000:2011 (Service Management) • ISO/IEC 27001-2 (Information Security) • Customer: • COBIT® or ISO/IEC 38500:2008 (corporate governance of IT) (COBIT® is a registered trademark of the Information Systems Audit and Control Association (ISACA)/IT Governance Institute (ITGI))
2.2.2 Managing Service Levels in a Cloud Environment ISO/IEC 20000:2011 quality specifications Component Consisting of Purpose Quality specifications Information System • People • Processes • Technology • Partners To manage information • Availability • Capacity • Performance • Security • Scalability • Adjustability • Portability Support • Changes, system restoration in case of failure • Maintenance To ensure performance according to the agreed requirements
ISO/IEC 20000:2011 Processes • The provider needs to conform to the process requirements. • Its staff need to be familiar with the processes and adhere to the procedures and instructions! Process group Process Service delivery processes − Service Level Management − Service Reporting − Service Continuity and Availability Management − Budgeting and Accounting for Services − Capacity Management − Information Security Management Relationship processes − Business Relationship Management − Supplier Management Control processes − Configuration Management − Change Management Resolution processes − Incident Management − Problem Management Release process − Release and Deployment Management
Questions to ask the Cloud provider • How are audits performed? • Where are the servers located, and which legislation applies to the data? • What are the provisions when a service changes or ends (service life cycle and end of life)? • What are the provisions if we want to migrate to another provider (contract life cycle and end of life)?
3. Using the Cloud
3.1 Overview of Accessing the Cloud
3.1.1 Accessing Web applications through a Web Browser • Basic ingredients: - “any” web enabled device - PC, laptop, tablet, smart phone, thin client - Internet browser - Internet connection - Provider, IP-address - Cloud based application - SaaS solution
3.1.2 Cloud Web Access Architecture Basic ingredients: • Standard protocols (for each ISO-OSI layer) • Web enabled device • PC • Laptop • Tablet • Smart phone • And… (revival of the computer terminal) Thin Client • Internet access
Understanding open standards for the Cloud: the OSI model Copyright & source: http://www.lrgnetworks.com
Examples of standard protocols • HTTP • VT • RTSE • API-sockets • TCP and IP • SSL • Ethernet, • IEEE 802.3, • 10BASE-T
3.1.3 The use of a Thin Client • A simple network enabled computer • No moving parts like a hard disk or DVD drive • Boots from the network • Benefits: • Lower costs; initial price and running costs • Simple; no moving parts • Better for the environment; they produce less heat and need less cooling, sometimes not even a fan • Heightened security; booting from the network with controlled access, no local data, etc. • Less chance of user errors
Categories of Web applications … for everyone • Google Gmail • Yahoo Mail • Twitter • Zimbra • Salesforce • Dropbox • Skype • …..
Categories of Web applications … for business • Customer Relationship • Management (CRM) • Enterprise Resource Planning (ERP) • HR solutions • IT Service Management • Finance & accounting • Web design and management •Email (professional) •Webmail •Office suites •E-Business •Online Storage •Collaboration •Video conferencing
3.1.4 Overview of the use of Mobile Devices in accessing the Cloud
Mobile web enabled devices • Tablet • Smart phone Platforms: • Apple iPhone • Google Android • Blackberry • Windows phone + interoperability between different cellphone networks - no/low interoperability between platforms
Typical solutions for mobile devices • Text messaging • E-mail • Apps • Navigation • Streaming radio • TV • Internet browser • And …. Anything you can imagine (or not)
3.2. HOW Cloud Computing can support business processes
3.2.1 Impact of Cloud Computing on primary business processes • Primary processes are Purchasing, Manufacturing, Sales, Advertising and Marketing • Contribution of Public or Hybrid Cloud computing For example: • Purchasing and Manufacturing • Collaboration with suppliers: Exchange and share platforms • Sales, Advertising and Marketing • Interaction with potential customers and the market: social media • Communication with customers: social media • Registration of customer contacts: CRM
3.2.2 Role of standard applications in collaboration • Social Media (also for business use!) • LinkedIN, Facebook, Twitter • Email/Webmail • Google Gmail, Yahoo Mail • Videoconferencing • Skype • File sharing • Dropbox • Sales and CRM • Salesforce
Application Example: Content Management Systems • Large numbers of people contribute and share stored data • Controlled access to data, based upon user roles • Easy storage and retrieval of data • Reduction of repetitive duplicate input • Easier report writing & communication between users: previous versions are accessible • Access is location independent
3.3 Service providers using the Cloud
3.3.1 Impact on Relationship Vendor Customer • The relationship between provider and customer changes • Customer intimacy: running the customer’s business • Running the whole supply chain • Requirement to demonstrate performance and compliance • New and clear SLA’s • Audit trail • Compliance to legislation, regulations and international audit standards
3.3.2 Benefits and Risks of providing Cloud based Services • Benefits: business opportunities • New lease of life for “old” data centers (IaaS) • Better use of resources because of multi-tenancy • Economics of scale • Quickly develop and run applications in the same environment (PaaS) • Risks: challenges • Compliance - Standards, legislation and regulations • Performance - Availability, capacity, flexibility, scalability • Security • Privacy
4. Security and Compliance
Overview of Security and Compliance
4.1 Security risks and mitigating measures
4.1.1 Security risks in the Cloud • Data breaches / loss • Shared technology vulnerabilities • Insecure application interfaces • Malicious insiders • Abuse of Cloud Services • Denial-of-Service • Account, service and traffic hijacking • Insufficient Due Diligence Copyright & Source: Cloud Security Alliance (CSA), paper: “Cloud Security Alliance The Notorious Nine: Cloud Computing Top Threats in 2013”.
4.1.2 Measures mitigating Security Risks • Risk: • Data breaches/loss • Shared technology vulnerabilities • Insecure application interfaces • Malicious insiders • Abuse of Cloud Services • Unknown risk profile and account • Account, service and traffic hijacking • Insufficient Due Diligence • Mitigation: • Authentication, audit, authorization, etc. • Operations procedures, operational security practices, etc. • Design for security, etc. • HR vetting procedures, etc. • Validation of credentials, active monitoring of traffic, etc. • SLA structures, Cloud provider compliance audits • Strong authentication, active monitoring, etc. • Assess the financial health of the Cloud service provider Copyright & Source: Cloud Security Alliance (CSA), paper: ‘Cloud Security Alliance “Top Threats to Cloud Computing” Version 1.0 (2010)’ and “Cloud Security Alliance The Notorious Nine: Cloud Computing Top Threats in 2013” Controls are added in the Notorious Nine instead of mitigating measures.
4.2 Managing identity and privacy
Overview of Managing identity and privacy
4.2.1 Authentication • Non-Cloud authentication • Simple authentication using user-id and password • Active directory authentication • Uses your active directory account credentials • Uses Kerberos protocol (no transmission of readable data) • Authentication in the Cloud • Active directory authentication (VMware plays the role of the domain controller and/or security server) • LDAP (Lightweight Directory Access Protocol) or Kerberos
Triple-A Authentication • Authentication • Triple identification, what/who you • Know (password) • Have (token/smart card) • Are (fingerprint or retina scan) • Authorization • leveled • Accountability • periodic logs & audit data
4.2.2. Main aspects of Identity Management • Typical characteristics of an Identity Management system are: • Role management; IT implementation of a business role. • Role hierarchy; a representation of an organization chart. • Separation of duties. • Group management; permissions are not given to people but to roles. • Self-service functions. • Password synchronization. • Digital Identity; presence and location determine available services and capabilities.
Single sign-on (SSO) for web services • Problem: Security infrastructure in the Cloud is distributed • Solution: Single sign-on (SSO) • All distributed elements consolidated on an SSO-server • Credentials are offered by AD-account, token or smart card • Uses SOAP protocol
4.2.3 Privacy, compliance issues and safeguards in Cloud Computing • Issues • Handling of Personal Identifiable Information (PII) • Compliance to international privacy legislation and regulations • Safeguards • Effective Access Control and Audit • Secure Cloud Storage • Secure Network Infrastructure
Personal Identifiable Information (PII) • Forms of identification: SSN, passport, fingerprints • Occupational: job title, company name • Financial: bank numbers, credit records • Health care: insurance, genetic • Online activity: log-ins • Demographic: ethnicity • Contact: phone, e-mail
International Privacy/Compliance • USA: the Privacy Act 1974, federal laws HIPAA & GLBA and Safe harbor • Japan: Personal Information Protection Law and Law for Protection of Computer Processed Data Held by Administrative Organs (1988) • Canada: PIPEDA (Personal Information Protection and Electronic Data Act 2008) and Privacy Act (1983) • EU: Laws and privacy standards of the member countries, EU Internet Privacy Law (DIRECTIVE 2002/58/EC, 2002) and EU Data Protection Directive (1998)
Safeguards • Effective Access Control and Audit • Single sign-on (SSO) • Strong authentication: password & biometric measure • Review on audit logs • Secure Cloud Storage • Encryption • Integrity by mechanisms as hashing • Secure Network Infrastructure • Encryption protocols against leakage • Integrity protocols (digital signatures) against modification • Consult a lawyer, specialized in international legislation • Know where (which country) your data is
5. Evaluation of Cloud Computing
5.1 The business case
5.1.1 The business case for Cloud computing
Business drivers • Flexibility • Time-to-market (TTM) • Costs • TCO • CAPEX vs. OPEX • TCAO • Service Level Agreements (SLA) • Performance, Security, Availability, Scalability, … • Architecture • Integration (PaaS), migration • Green(er) computing
Compelling feature: quicker time-to- market But… • Can the cloud provide the resources faster than when hosted locally in your company? • What do we give up? • What do we gain? • Is your organization willing to compromise? • Are the organization, employees, IT staff, other interested parties willing to make the change without delay?
TCO ‘and all that stuff’ Statement: into the Cloud lowers your TCO of IT • Is this true or are you just redistributing costs? • Capital costs are lowered significantly, but are replaced by subscriptions, pay-per-use, expensive support contracts, etc. (CAPEX becomes OPEX) • We need to compare what we are paying now to the Cloud scenario • Not only as a snap-shot, bu also as a long term video
Example: Total cost of application ownership (TCAO) • Server costs • Storage costs • Network costs • Backup and archive costs • Disaster recovery costs • Data center infrastructure costs • Platform costs • Software maintenance costs (package software) • Software maintenance costs (in-house software) • Help desk support costs • Operational support personnel costs
5.1.2 Operational and staffing benefits • Operational benefits (examples): • Managed services • Self-service (unmanaged services) • instant server deployment • software licensing without impact on CAPEX • uptimes are guaranteed • Backups as a service (always off-site) • Staffing benefits (examples): • Less IT staff (less wages to be paid) • Lower recruitment, HR and training costs • Lower employee benefits
5.2 Evaluating implementations
Overview of Evaluating Cloud Computing Implementations
5.2.1 The evaluation of performance factors, management requirements and satisfaction factors Typical questions to be asked are: • How long does it take to resolve incidents and problems? • How good is the security of the Cloud data center? • How does system performance; i.e., connection and transaction speeds, compare to your own data center and private network? Advice: It makes sense to do a comparative study of several providers before you sign a contract.
Evaluating Cloud Implementations • Power savings • Floor space savings • Network infrastructure • Maintenance • Software licensing • Time to value • Trial period • Service • Wiser investment • Security • Compliance • Faster delivery of what you want • Less CAPEX • Short-term needs
Performance, Requirements and Satisfaction Try before you buy! • Demand a trial period! • Do not commit until you are certain it works the way you want, especially when considering a completely new software package or completely new service!
5.2.2 Evaluation of service providers and services: what you get for your money You need a Governance framework! • Performance • monthly technical performance reports; • exception reports; • quarterly management reviews. • Compliance • Third party statements for: • SAS70, ISAE3402 • ISO/IEC 20000, 27001, 9001, etc.
END

More Related Content

PDF
Organizing for faster innovation - People, process, culture, and technology
Tom Laszewski
 
PDF
Journey to the cloud in banking and finance webinar
continohq
 
PDF
Transformation As A Service
Papu Bhattacharya
 
PDF
AWS Cloud Center Excellence Quick Start Prescriptive Guidance
Tom Laszewski
 
PDF
Aws cloud practitioner training - Dot Net Tricks
Gaurav Singh
 
PPTX
Enterprise Cloud Transformation
Cloud Best Practices Network
 
PPTX
Private Equity Value Creation Carve Outs, Divestitures and mergers
Tom Laszewski
 
PDF
CA Cloud Service Management: Configuring Change Management
CA Technologies
 
Organizing for faster innovation - People, process, culture, and technology
Tom Laszewski
 
Journey to the cloud in banking and finance webinar
continohq
 
Transformation As A Service
Papu Bhattacharya
 
AWS Cloud Center Excellence Quick Start Prescriptive Guidance
Tom Laszewski
 
Aws cloud practitioner training - Dot Net Tricks
Gaurav Singh
 
Enterprise Cloud Transformation
Cloud Best Practices Network
 
Private Equity Value Creation Carve Outs, Divestitures and mergers
Tom Laszewski
 
CA Cloud Service Management: Configuring Change Management
CA Technologies
 

What's hot (11)

PPTX
Accenture 2014 AWS re:Invent Enterprise Migration Breakout Session
Tom Laszewski
 
PPTX
Cloud Service Management. A New Beginning.
Mark O'Loughlin
 
PDF
Technical Due Diligence with AWS
Tom Laszewski
 
PDF
Post transaction cloud value creation
Tom Laszewski
 
PDF
AWS Cloud Adoption Framework and Workshops
Tom Laszewski
 
PPTX
Migrating Legacy Applications to AWS Cloud: Strategies and Challenges
OSSCube
 
PPTX
Your Cloud Strategy: Evolution or Revolution
Sirius
 
PDF
Creating an Operating Model to enable a high frequency organization
Tom Laszewski
 
PDF
Defining Your Cloud Strategy
Internap
 
PPTX
Webinar: Make Your Cloud Strategy Work for 2016
Alexandra Sasha Tchulkova
 
PDF
Five keys to successful cloud migration
IBM
 
Accenture 2014 AWS re:Invent Enterprise Migration Breakout Session
Tom Laszewski
 
Cloud Service Management. A New Beginning.
Mark O'Loughlin
 
Technical Due Diligence with AWS
Tom Laszewski
 
Post transaction cloud value creation
Tom Laszewski
 
AWS Cloud Adoption Framework and Workshops
Tom Laszewski
 
Migrating Legacy Applications to AWS Cloud: Strategies and Challenges
OSSCube
 
Your Cloud Strategy: Evolution or Revolution
Sirius
 
Creating an Operating Model to enable a high frequency organization
Tom Laszewski
 
Defining Your Cloud Strategy
Internap
 
Webinar: Make Your Cloud Strategy Work for 2016
Alexandra Sasha Tchulkova
 
Five keys to successful cloud migration
IBM
 
Ad

Similar to dtechnClouologyassociatepart2 (20)

PPTX
gkkCloudtechnologyassociate(cta)day 2
Anne Starr
 
PPTX
cloud-computing--------------------.pptx
neymrsantosjr11
 
PPTX
Cloud is not an option, but is security?
Jody Keyser
 
PDF
SECURITY ISSUES IN CLOUD COMPUTING
International Journal of Technical Research & Application
 
PDF
Securing The Journey To The Cloud
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
PPTX
Cloudhnologysstecociat
Anne Starr
 
PDF
Ch-1-INTRODUCTION (1).pdf
2BA19CS016BharatiJad
 
PDF
cloud session uklug
dominion
 
PPTX
Simplified Success: Cloud Fundamentals for Business & Product Managers
Simpliaxis
 
PPTX
Cloud Computing - The new buzz word
Quadrisk
 
PPTX
Cloud computing overview
Dimitar Georgiev
 
PPTX
Why the cloud is more secure than your existing systems
Ernest Mueller
 
PPTX
Cloud computing & security basics
Rahul Gurnani
 
PPTX
Cloud computing 101
George Marootian
 
PPTX
Cloud Computing Unveiled: Challenges, Security Frameworks, and Best Practices
Boston Institute of Analytics
 
PDF
R1. John W. RittinghouseCloud Computing Implementation, Management, and Secur...
ArunKumar750226
 
PDF
IBM Point of View: Security and Cloud Computing
IBM India Smarter Computing
 
PDF
IBM Point of view -- Security and Cloud Computing (Tivoli)
IBM India Smarter Computing
 
PDF
Cloud presentatie bug 2011 v2
Frank de Jong
 
PPTX
Cloud management
surbhi jha
 
gkkCloudtechnologyassociate(cta)day 2
Anne Starr
 
cloud-computing--------------------.pptx
neymrsantosjr11
 
Cloud is not an option, but is security?
Jody Keyser
 
SECURITY ISSUES IN CLOUD COMPUTING
International Journal of Technical Research & Application
 
Securing The Journey To The Cloud
Niloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
Cloudhnologysstecociat
Anne Starr
 
Ch-1-INTRODUCTION (1).pdf
2BA19CS016BharatiJad
 
cloud session uklug
dominion
 
Simplified Success: Cloud Fundamentals for Business & Product Managers
Simpliaxis
 
Cloud Computing - The new buzz word
Quadrisk
 
Cloud computing overview
Dimitar Georgiev
 
Why the cloud is more secure than your existing systems
Ernest Mueller
 
Cloud computing & security basics
Rahul Gurnani
 
Cloud computing 101
George Marootian
 
Cloud Computing Unveiled: Challenges, Security Frameworks, and Best Practices
Boston Institute of Analytics
 
R1. John W. RittinghouseCloud Computing Implementation, Management, and Secur...
ArunKumar750226
 
IBM Point of View: Security and Cloud Computing
IBM India Smarter Computing
 
IBM Point of view -- Security and Cloud Computing (Tivoli)
IBM India Smarter Computing
 
Cloud presentatie bug 2011 v2
Frank de Jong
 
Cloud management
surbhi jha
 
Ad

More from Anne Starr (20)

PPTX
I01letor20so201leutor2020
Anne Starr
 
PPTX
Iso27001leadauditor2020
Anne Starr
 
PPTX
Ccsddm5days
Anne Starr
 
PPT
Dayblic
Anne Starr
 
PPT
Day1cspbeblic
Anne Starr
 
PPTX
Dncybersecurity
Anne Starr
 
PPTX
Dancyrityshy 1foundatioieh
Anne Starr
 
PPTX
2 slides(2ndvariadaystion)
Anne Starr
 
PPTX
Sec4
Anne Starr
 
PPTX
Secuntialesse
Anne Starr
 
PPTX
Securityic2
Anne Starr
 
PPTX
)k
Anne Starr
 
PDF
inte
Anne Starr
 
PDF
Awtitioneressentialsdeckscloudprac401-577
Anne Starr
 
PDF
01wslouAsentialsdeck2dpractitioneres-400
Anne Starr
 
PDF
uderessAwscloentialsdeck1-2ion00
Anne Starr
 
PPTX
Cmbysantocsddsh
Anne Starr
 
PPTX
Cddmbysantcsosh
Anne Starr
 
PPTX
Ccbysantsddosh
Anne Starr
 
PPTX
Ccsdbyhday1santodms
Anne Starr
 
I01letor20so201leutor2020
Anne Starr
 
Iso27001leadauditor2020
Anne Starr
 
Ccsddm5days
Anne Starr
 
Dayblic
Anne Starr
 
Day1cspbeblic
Anne Starr
 
Dncybersecurity
Anne Starr
 
Dancyrityshy 1foundatioieh
Anne Starr
 
2 slides(2ndvariadaystion)
Anne Starr
 
Sec4
Anne Starr
 
Secuntialesse
Anne Starr
 
Securityic2
Anne Starr
 
)k
Anne Starr
 
inte
Anne Starr
 
Awtitioneressentialsdeckscloudprac401-577
Anne Starr
 
01wslouAsentialsdeck2dpractitioneres-400
Anne Starr
 
uderessAwscloentialsdeck1-2ion00
Anne Starr
 
Cmbysantocsddsh
Anne Starr
 
Cddmbysantcsosh
Anne Starr
 
Ccbysantsddosh
Anne Starr
 
Ccsdbyhday1santodms
Anne Starr
 

Recently uploaded (20)

PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PDF
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PDF
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PPTX
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
RMMM.pdf make it easy to upload and study
sajedul2
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 

dtechnClouologyassociatepart2

  • 1. 2.2. The principles of managing Cloud services
  • 2. 2.2.1 IT Service Management Principles in a Cloud Environment Outsourcing to the Cloud means that the provider needs to be in control of the complete supply chain. Key areas of control: • IT governance; the customer needs to remain in control over his/her business processes • Business-IT alignment; the customer needs to make sure that the Cloud IT processes support his/her business in the short and long term
  • 3. IT Governance The following elements need to be in place: • Good Service Level Management • Different requirements for the different Cloud models • Reporting system • Clear SLA’s with ‘SMART’ performance criteria • Proper audit standards and internal audit mechanisms • Provider: • ISO/IEC 20000:2011 (Service Management) • ISO/IEC 27001-2 (Information Security) • Customer: • COBIT® or ISO/IEC 38500:2008 (corporate governance of IT) (COBIT® is a registered trademark of the Information Systems Audit and Control Association (ISACA)/IT Governance Institute (ITGI))
  • 4. 2.2.2 Managing Service Levels in a Cloud Environment ISO/IEC 20000:2011 quality specifications Component Consisting of Purpose Quality specifications Information System • People • Processes • Technology • Partners To manage information • Availability • Capacity • Performance • Security • Scalability • Adjustability • Portability Support • Changes, system restoration in case of failure • Maintenance To ensure performance according to the agreed requirements
  • 5. ISO/IEC 20000:2011 Processes • The provider needs to conform to the process requirements. • Its staff need to be familiar with the processes and adhere to the procedures and instructions! Process group Process Service delivery processes − Service Level Management − Service Reporting − Service Continuity and Availability Management − Budgeting and Accounting for Services − Capacity Management − Information Security Management Relationship processes − Business Relationship Management − Supplier Management Control processes − Configuration Management − Change Management Resolution processes − Incident Management − Problem Management Release process − Release and Deployment Management
  • 6. Questions to ask the Cloud provider • How are audits performed? • Where are the servers located, and which legislation applies to the data? • What are the provisions when a service changes or ends (service life cycle and end of life)? • What are the provisions if we want to migrate to another provider (contract life cycle and end of life)?
  • 7. 3. Using the Cloud
  • 8. 3.1 Overview of Accessing the Cloud
  • 9. 3.1.1 Accessing Web applications through a Web Browser • Basic ingredients: - “any” web enabled device - PC, laptop, tablet, smart phone, thin client - Internet browser - Internet connection - Provider, IP-address - Cloud based application - SaaS solution
  • 10. 3.1.2 Cloud Web Access Architecture Basic ingredients: • Standard protocols (for each ISO-OSI layer) • Web enabled device • PC • Laptop • Tablet • Smart phone • And… (revival of the computer terminal) Thin Client • Internet access
  • 11. Understanding open standards for the Cloud: the OSI model Copyright & source: http://www.lrgnetworks.com
  • 12. Examples of standard protocols • HTTP • VT • RTSE • API-sockets • TCP and IP • SSL • Ethernet, • IEEE 802.3, • 10BASE-T
  • 13. 3.1.3 The use of a Thin Client • A simple network enabled computer • No moving parts like a hard disk or DVD drive • Boots from the network • Benefits: • Lower costs; initial price and running costs • Simple; no moving parts • Better for the environment; they produce less heat and need less cooling, sometimes not even a fan • Heightened security; booting from the network with controlled access, no local data, etc. • Less chance of user errors
  • 14. Categories of Web applications … for everyone • Google Gmail • Yahoo Mail • Twitter • Zimbra • Salesforce • Dropbox • Skype • …..
  • 15. Categories of Web applications … for business • Customer Relationship • Management (CRM) • Enterprise Resource Planning (ERP) • HR solutions • IT Service Management • Finance & accounting • Web design and management •Email (professional) •Webmail •Office suites •E-Business •Online Storage •Collaboration •Video conferencing
  • 16. 3.1.4 Overview of the use of Mobile Devices in accessing the Cloud
  • 17. Mobile web enabled devices • Tablet • Smart phone Platforms: • Apple iPhone • Google Android • Blackberry • Windows phone + interoperability between different cellphone networks - no/low interoperability between platforms
  • 18. Typical solutions for mobile devices • Text messaging • E-mail • Apps • Navigation • Streaming radio • TV • Internet browser • And …. Anything you can imagine (or not)
  • 19. 3.2. HOW Cloud Computing can support business processes
  • 20. 3.2.1 Impact of Cloud Computing on primary business processes • Primary processes are Purchasing, Manufacturing, Sales, Advertising and Marketing • Contribution of Public or Hybrid Cloud computing For example: • Purchasing and Manufacturing • Collaboration with suppliers: Exchange and share platforms • Sales, Advertising and Marketing • Interaction with potential customers and the market: social media • Communication with customers: social media • Registration of customer contacts: CRM
  • 21. 3.2.2 Role of standard applications in collaboration • Social Media (also for business use!) • LinkedIN, Facebook, Twitter • Email/Webmail • Google Gmail, Yahoo Mail • Videoconferencing • Skype • File sharing • Dropbox • Sales and CRM • Salesforce
  • 22. Application Example: Content Management Systems • Large numbers of people contribute and share stored data • Controlled access to data, based upon user roles • Easy storage and retrieval of data • Reduction of repetitive duplicate input • Easier report writing & communication between users: previous versions are accessible • Access is location independent
  • 23. 3.3 Service providers using the Cloud
  • 24. 3.3.1 Impact on Relationship Vendor Customer • The relationship between provider and customer changes • Customer intimacy: running the customer’s business • Running the whole supply chain • Requirement to demonstrate performance and compliance • New and clear SLA’s • Audit trail • Compliance to legislation, regulations and international audit standards
  • 25. 3.3.2 Benefits and Risks of providing Cloud based Services • Benefits: business opportunities • New lease of life for “old” data centers (IaaS) • Better use of resources because of multi-tenancy • Economics of scale • Quickly develop and run applications in the same environment (PaaS) • Risks: challenges • Compliance - Standards, legislation and regulations • Performance - Availability, capacity, flexibility, scalability • Security • Privacy
  • 26. 4. Security and Compliance
  • 27. Overview of Security and Compliance
  • 28. 4.1 Security risks and mitigating measures
  • 29. 4.1.1 Security risks in the Cloud • Data breaches / loss • Shared technology vulnerabilities • Insecure application interfaces • Malicious insiders • Abuse of Cloud Services • Denial-of-Service • Account, service and traffic hijacking • Insufficient Due Diligence Copyright & Source: Cloud Security Alliance (CSA), paper: “Cloud Security Alliance The Notorious Nine: Cloud Computing Top Threats in 2013”.
  • 30. 4.1.2 Measures mitigating Security Risks • Risk: • Data breaches/loss • Shared technology vulnerabilities • Insecure application interfaces • Malicious insiders • Abuse of Cloud Services • Unknown risk profile and account • Account, service and traffic hijacking • Insufficient Due Diligence • Mitigation: • Authentication, audit, authorization, etc. • Operations procedures, operational security practices, etc. • Design for security, etc. • HR vetting procedures, etc. • Validation of credentials, active monitoring of traffic, etc. • SLA structures, Cloud provider compliance audits • Strong authentication, active monitoring, etc. • Assess the financial health of the Cloud service provider Copyright & Source: Cloud Security Alliance (CSA), paper: ‘Cloud Security Alliance “Top Threats to Cloud Computing” Version 1.0 (2010)’ and “Cloud Security Alliance The Notorious Nine: Cloud Computing Top Threats in 2013” Controls are added in the Notorious Nine instead of mitigating measures.
  • 31. 4.2 Managing identity and privacy
  • 32. Overview of Managing identity and privacy
  • 33. 4.2.1 Authentication • Non-Cloud authentication • Simple authentication using user-id and password • Active directory authentication • Uses your active directory account credentials • Uses Kerberos protocol (no transmission of readable data) • Authentication in the Cloud • Active directory authentication (VMware plays the role of the domain controller and/or security server) • LDAP (Lightweight Directory Access Protocol) or Kerberos
  • 34. Triple-A Authentication • Authentication • Triple identification, what/who you • Know (password) • Have (token/smart card) • Are (fingerprint or retina scan) • Authorization • leveled • Accountability • periodic logs & audit data
  • 35. 4.2.2. Main aspects of Identity Management • Typical characteristics of an Identity Management system are: • Role management; IT implementation of a business role. • Role hierarchy; a representation of an organization chart. • Separation of duties. • Group management; permissions are not given to people but to roles. • Self-service functions. • Password synchronization. • Digital Identity; presence and location determine available services and capabilities.
  • 36. Single sign-on (SSO) for web services • Problem: Security infrastructure in the Cloud is distributed • Solution: Single sign-on (SSO) • All distributed elements consolidated on an SSO-server • Credentials are offered by AD-account, token or smart card • Uses SOAP protocol
  • 37. 4.2.3 Privacy, compliance issues and safeguards in Cloud Computing • Issues • Handling of Personal Identifiable Information (PII) • Compliance to international privacy legislation and regulations • Safeguards • Effective Access Control and Audit • Secure Cloud Storage • Secure Network Infrastructure
  • 38. Personal Identifiable Information (PII) • Forms of identification: SSN, passport, fingerprints • Occupational: job title, company name • Financial: bank numbers, credit records • Health care: insurance, genetic • Online activity: log-ins • Demographic: ethnicity • Contact: phone, e-mail
  • 39. International Privacy/Compliance • USA: the Privacy Act 1974, federal laws HIPAA & GLBA and Safe harbor • Japan: Personal Information Protection Law and Law for Protection of Computer Processed Data Held by Administrative Organs (1988) • Canada: PIPEDA (Personal Information Protection and Electronic Data Act 2008) and Privacy Act (1983) • EU: Laws and privacy standards of the member countries, EU Internet Privacy Law (DIRECTIVE 2002/58/EC, 2002) and EU Data Protection Directive (1998)
  • 40. Safeguards • Effective Access Control and Audit • Single sign-on (SSO) • Strong authentication: password & biometric measure • Review on audit logs • Secure Cloud Storage • Encryption • Integrity by mechanisms as hashing • Secure Network Infrastructure • Encryption protocols against leakage • Integrity protocols (digital signatures) against modification • Consult a lawyer, specialized in international legislation • Know where (which country) your data is
  • 41. 5. Evaluation of Cloud Computing
  • 43. 5.1.1 The business case for Cloud computing
  • 44. Business drivers • Flexibility • Time-to-market (TTM) • Costs • TCO • CAPEX vs. OPEX • TCAO • Service Level Agreements (SLA) • Performance, Security, Availability, Scalability, … • Architecture • Integration (PaaS), migration • Green(er) computing
  • 45. Compelling feature: quicker time-to- market But… • Can the cloud provide the resources faster than when hosted locally in your company? • What do we give up? • What do we gain? • Is your organization willing to compromise? • Are the organization, employees, IT staff, other interested parties willing to make the change without delay?
  • 46. TCO ‘and all that stuff’ Statement: into the Cloud lowers your TCO of IT • Is this true or are you just redistributing costs? • Capital costs are lowered significantly, but are replaced by subscriptions, pay-per-use, expensive support contracts, etc. (CAPEX becomes OPEX) • We need to compare what we are paying now to the Cloud scenario • Not only as a snap-shot, bu also as a long term video
  • 47. Example: Total cost of application ownership (TCAO) • Server costs • Storage costs • Network costs • Backup and archive costs • Disaster recovery costs • Data center infrastructure costs • Platform costs • Software maintenance costs (package software) • Software maintenance costs (in-house software) • Help desk support costs • Operational support personnel costs
  • 48. 5.1.2 Operational and staffing benefits • Operational benefits (examples): • Managed services • Self-service (unmanaged services) • instant server deployment • software licensing without impact on CAPEX • uptimes are guaranteed • Backups as a service (always off-site) • Staffing benefits (examples): • Less IT staff (less wages to be paid) • Lower recruitment, HR and training costs • Lower employee benefits
  • 50. Overview of Evaluating Cloud Computing Implementations
  • 51. 5.2.1 The evaluation of performance factors, management requirements and satisfaction factors Typical questions to be asked are: • How long does it take to resolve incidents and problems? • How good is the security of the Cloud data center? • How does system performance; i.e., connection and transaction speeds, compare to your own data center and private network? Advice: It makes sense to do a comparative study of several providers before you sign a contract.
  • 52. Evaluating Cloud Implementations • Power savings • Floor space savings • Network infrastructure • Maintenance • Software licensing • Time to value • Trial period • Service • Wiser investment • Security • Compliance • Faster delivery of what you want • Less CAPEX • Short-term needs
  • 53. Performance, Requirements and Satisfaction Try before you buy! • Demand a trial period! • Do not commit until you are certain it works the way you want, especially when considering a completely new software package or completely new service!
  • 54. 5.2.2 Evaluation of service providers and services: what you get for your money You need a Governance framework! • Performance • monthly technical performance reports; • exception reports; • quarterly management reviews. • Compliance • Third party statements for: • SAS70, ISAE3402 • ISO/IEC 20000, 27001, 9001, etc.
  • 55. END