Embed Size (px)
Citation preview
Security Cloud – A Case Study
Shayne Bates CCSK, CHS-V, CPP, DABCHS
What is the cloud?
Technology Economic Business
Generational Computing Changes
3
The essential advantages of the Cloud …
… way more that IT cost center savings …
5
Cloud Computing
Key Trends•Big Data revolution• Social media•Real time information• Instrumented world
Business Drivers•Lower TCO, companies looking for less-capital
intensive solutions•Widespread Use of SAAS in all company sizes•Rising maintenance fees from the "mega
vendors”•Rapid return on investment (ROI)•Subscription-based revenue models in-demand
Technology Drivers•Wireless growth and
broadband availability• Faster, cheaper hardware• Increased virtualization•Data ubiquity• Storage CompressionCloud
Computing
Drivers of Cloud Adoption
0.8 1.3 2.13.3
4.76.5
8.510.8
13.7
18.0
25.7
35.0
0.0
5.0
10.0
15.0
20.0
25.0
30.0
35.0
40.0
2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020
Exabytes
Growth in Data(Demand-Side)
CAGR 10-20:41%
Source: IDC & EMC Joint Study, May 2010
CAGR 10-15: 46%
Growth in Data (Demand) will be met by the growth in instances (Supply).
46%CAGR in the growth of data 2010-15
44xGrowth of digital data between 2009-2020
34% of all data will pass through the cloud by 2020
MICROSOFT CONFIDENTIAL 6
Explosion of Big Data
Source: Gartner June 2010
Increasing Virtualization Rates
Multi-Core Innovation
WW Virtualization penetration rates:
2010 2011 2012 2013 2014 2015
33% 35% 36% 36% 38% 40%
4 time increase in instances (49% CAGR) while physical servers increasing at 6%. Multiples of work can be
managed in the cloud.7
7xGrowth in core capacity 2010-2015
Server Trends
SMIT LRF server units shipped (FY10)
13M 15M 17.5M 20M 22.3M
3.5M5.2M
7.6M
10M
13M
-
10
20
30
40
FY11 FY12 FY13 FY14 FY15M
illio
ns
Cloud Traditional
15% CAGR
49% CAGR
Server Instances – Cloud vs. Traditional
Growth of Instances(Supply-Side)
+
Consumerization of IT
Consumerization…“A PC on every desktop…and in every home” …
Consumer Experience
Maintaining security,privacy, control,
compliance
Enabling people to work theway they want, anywhere
and with any device
Enterprise Requirements
Corporate Policy
Three Cloud Service Models
9
•
•
•
•
•
•
•
•
•
•
•
•
•
Management of Cloud Services
(On-Premises)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You
man
age
Infrastructureas a Service
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Other M
anages
You
man
age
Platformas a Service
Other M
anages
You
man
age
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Softwareas a Service
Other M
anages
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
The 3-4-5 of Cloud
Software as a Service (SaaS)Platform as a Service (PaaS)Infrastructure as a Service(IaaS)
PrivateCommunityPublicHybrid
On-demand self serviceBroad network accessResource poolingRapid elasticityMeasured service
Four Cloud Types
12
•
•
•
•
•
•
•
•
•
•
•
•
•
5 Characteristics
13
On-Demand Self-Service
Broad Network Access
Resource Pooling Rapid Elasticity
Consumer direct, automated provisioning with no human interaction at provider
Capabilities delivered over the network accessed through
standard mechanisms (laptop,
WP7 etc…)
Capabilities are rapidly and elastically
provisioned, some automated, depending
on requirements. “SOC-in-a-box”
Measured Service
Cloud system automatically
monitors, optimizes, controls and reports
resource use transparently
Providers computing resources are pooled and dynamically assigned to serve multiple consumers
Cloud Choices and Fundamentals
Strategy Development Process
Candidate ProcessesDevelop list of core candidates
Broad network accessMeasured ServiceOn demand self-serviceRapid elasticityResource pooling
CapabilityEfficiencyEfficacyEffect
Risk Management for Cloud Computing
Security Buyers Guide, Shayne Bates, “Understanding Risk Management Approaches in the cloud computing service model”, November 2010,http://www.securitybuyer.com/content/latest-edition-online-november-2010
Risk
What is a Strong Business Case?
Vision
Cost Savings
Need/Pain
Business Value
Cloud Transformation Framework
Architecture and Location Migration 3rd Party Partners
Determine arrangements for provision of cloud services (e.g. where/who is the ContGo cloud) and formalize SLA’s.
Emergence of evolved applications (and capabilities) leveraging cloud characteristics. Exploitation of core technologies (e.g. -O365 & Azure).
Encourage development of new functionality that utilizes the 5 key cloud characteristics.
Non Core Technologies
Divest management and ownership of non-core technologies. Utilize partners who are world class (e.g. –MSIT for network transport).
Support and Maintenance
Arrangements with providers and partners who deliver high quality, low cost services.
Cloud Types
Specify PaaS Private Hybrid cloud wiring for technologies used by MSGS (e.g. –Operations, Showcase, P3 etc.).
Separate Physical Platform from Applications
Remove specific dependencies to hardware platforms and particular physical locations (but consider GRC implications).
Virtualization Evolution
Decide how components will be virtualized (e.g. - Azure hosted or Hyper-V) and how they connect and interoperate.
Phase (1) Divest & Partner Phase (2) Virtualize
(3) Host (4) Native Cloud
SharePoint Mgmt. & Support
Network Transport
(MSIT)
Decide Capabilities & Providers
‘To Be’ State
Divest and Partner
Non Core Items Divested &
Partner Decisions Complete
Date ________
Technology Mix (current discussions)
Virtualization
=+++
Virtualization - Wiring of
Apps
Choice of StandardsPlatform
GRC Compliance
Date ______
Interoperability Between
functions (apps)=+++
Location independence
is Achieved
RoadMap: Components and Timeline
“Best-in-class” Hosting
DecisionsSLA’s
Completed
Azure Platform Emerges
Hosting of MSGS Core Functions
Current Functions
Fully Deployed and
Hosted
Date ________
From Hosted to Native
Cloud Apps
=+++
MSFT Technology Leveraged
Technology V2 (Cloud
Winners)
Date ________
New Capabilities
=+++Native Cloud
Deployed & New Capabilities are
Realized
Hybrid Cloud Wiring
(Apps & Data )
Development of Native
Cloud Apps
19
Customer Decision Framework
Customer Decision Framework
Q&A
