Embed Size (px)
Citation preview
DRM FOR YOUR APPLICATIONS IN THE CLOUD
NIMBUS NINJAS
The Nimbus Ninjas TeamTushar Tambay: VP Engineering. High Cloud Security.
MBA candidate at Haas School of Business, University of California, Berkeley.
Background: Operating Systems, Enterprise Storage Systems, File Systems, Enterprise Security.
Brandon Wong: Student Instructor and Researcher, University of California, Berkeley
Masters Student in Civil Systems Engineering
Background: Introduction to Programming Student Instructor, Floating Sensor Control Developer, Tree Sap Flow Measurement Developer
Andy Yao: Principal Product Manager, Oracle
MBA candidate at Haas School of Business, University of California, Berkeley.
Background: Enterprise software R&D, Sales and marketing.
Nitin Nagpal: Engineering Manager, NetApp
MBA candidate at Haas School of Business, University of California, Berkeley.
Background: Enterprise storage and security, Backup/Archive solutions, Storage Security Solutions, Secondary Storage Solutions and Storage File system Engineering.
Ben Dahl, Pelion Ventures
Our Beginning
• Firms moving to public cloudsTarget customer
• Keep applications and data secure in the CloudProblem
Security conscious firms wanting to utilize public cloud infrastructure
Cloud service providers wanting to attract security conscious customers
Prototype product
Outreach to security conscious customers
Product evaluation
Secure public cloud data with end-user controlled key management
Enable firms to move applications into public cloud securely
Strengthen Cloud Solution Providers by enabling them to deliver trusted data and application service
Cloud service providers
Open source community
SaaS ISVs
R&D costsSupport costs
Marketing costsS/W license
Direct and via cloud service provider
IP
Personnel
High degree of trust & confidence
BUSINESS MODEL – Week 1Key Partners Key Activities Value Proposition Customer Relationship Customer Segment
Channel
RevenueCost Structure
Key Resources
Our Interview Schedule
• Week 2 : 4 • Week 3 : 15• Week 4 : 4 [Sorry! ]
• Week 5 : 35• Week 6 : 28• Week 7 : 14• Week 8 : 12
112 Interviews
First Pivot
Help firms secure cloud based servers
Cloud == Cloud StorageCloud_Storage : Convenient but insecure
Protect data stored with Box, Dropbox, CloudDrive etc..
Feedback
Before
After
Cloud Infrastructure Providers
Prototype product
Outreach to security conscious customers
Product evaluation
Open source community
R&D costsSupport costs
Marketing costs S/W license
IP
Personnel
Cloud StorageProviders
Cloud Storage Users(Enterprises)
High degree of trust & confidence
Indemnify against content liability
St.aaS, IaaS Providers Cloud Storage Users
(consumer)
IaaS, PaaS
Enterprise Cloud Infrastructure Users
Provide secure storage mgmt service to customers
Rent storage+mgmtbut own your data
Securely shred data. Avoid provider lock-in
Direct
Key Partners Key Activities Value Proposition Customer Relationship Customer Segment
Channel
RevenueCost Structure
Key Resources
BUSINESS MODEL – Week 3
Several startups already targeting this space
Second Pivot
Help consumers and firms secure their data on Box, Dropbox etc.
• Focus on securing Applications
• Target Cloud Service Providers instead of users
Feedback
Before
After
Price Per server encrypted
IaaS ProvidersEx. Enki, Varinsic, Savvis
Prototype product
Outreach to security conscious customers
Product evaluation
Open source community
R&D costsSupport costs
Marketing costs
Price Per VM encrypted
IP
Personnel
Content Mgmt ???
St.aaS ProvidersEx. Varinsic, Box
St.aaS Users – SMB+EntEx. Box users
High degree of trust &
confidence
Indemnify against content liability
IaaS Providers St.aaS User Consumers
Ex. Dropbox, AMZN clouddrive users
IaaS, PaaS
IaaS Users (SMB+ Ent.)
Ex. HealthcareStartups, LeagalFirms, Provide secure infrastructure
service to customers
Rent infrastructure, own your data
Securely shred data. Avoid
provider lock-in.
Direct
Cloud Service Integrators (Dell)
Key Partners Key Activities Value Proposition Customer Relationship Customer Segment
Channel
RevenueCost Structure
Key Resources
BUSINESS MODEL – Week 4
Week 4 Week 5
35
Interviews
Enablers
Integrators
Providers
Users
Individual Consultants
• New find• Provide easy migration and integration services
• Our Space• Security requirement is ubiquitous
• Cost Benefits• Misconception and Security Awareness
• Crowded Space• Very competitive
NIMBUS NINJAS
NIMBUS NINJAS
CLOUD SERVICE PROVIDERS & INTEGRATORS
CLOUD USERS
Meet Compliance, HIPAA, PCI-DSS requirements
IaaS Cloud Providers(CSPs)
• Provide server & application hosting platforms
• Ex. FireHost, ENKI, Savvis
• Establish relationships with CSPs & Integrators
• Prototype product for POC. Validate workflow.
• Product R & D• CSP Integration
Indemnify against content liability
Enterprises using IaaS• Use private + public IaaS
clouds for internal IT services
• Ex. Legal, Financial firms
Attract security conscious customers that would otherwise stay away
Securely shred data in public cloud
Direct
Cloud integrators• DELL, BinaryWkshp, etc.
SaaS provider using IaaS• Use public IaaS Clouds to
provide internet based service• Ex. HealthMetricSystems
Avoid provider lock-in
IaaS CSPs
SEO
Establish credibility as security experts
Short term :-• Open source
community• IaaS CSPs• Cloud Integrators
Long term :-• TPM Vendors (Trusted
Platform Module)• SaaS Application
developers
Work with CSPs to help distinguishing their offering
Secure your applications in public cloud
Educate Integrators about our product
Key Partners Key Activities Value Proposition Customer Relationship Customer Segment
Channel
RevenueCost Structure
Key Resources
R&D costsSupport costs
Marketing costs Price Per VM encrypted
IP
Personnel
BUSINESS MODEL – Week 5
Week 5 Week 6
28Interviews
Modification to our offering
CSP: “80% of our customers won't know how to manage keys. so possibility of key hostings”
Helps firms keep application on cloud secure
Key Management platform hosted by CSP
Feedback
Before
After
Meet Compliance reqs.
IaaS Cloud Providers(CSPs)
• Provide server & application hosting platforms
• Ex. FireHost, ENKI, Savvis
• Establish relationships with CSPs & Integrators
• Prototype product for POC. Validate workflow.
• Product R & D• CSP Integration• Educate Integrators about
our product• Testimonials / Referrals
from industry experts
Enterprises using IaaS• Use private + public IaaS
clouds for internal IT services
• Ex. Legal, Financial firms
Attract security conscious customers
Indemnify against content liability
Direct
Cloud integrators• DELL, BinaryWkshp, etc.
SaaS provider using IaaS• Use public IaaS Clouds to
provide internet based service• Ex. HealthMetricSystems
IaaS CSPs
SEO
Establish credibility as security experts
Short term :-• Open source community• IaaS CSPs• Cloud Integrators
• Industry Experts• Vulnerability assessment,
Threat detection vendors.
Long term :-• TPM Vendors (Trusted
Platform Module)• SaaS Application
developers
Work with CSPs to help distinguishing their offering
Secure your data and applications in public cloud
Securely shred data. Avoid vendor lockin.
Key Mgmt Services
Key Partners Key Activities Value Proposition Customer Relationship Customer Segment
Channel
RevenueCost Structure
Key Resources
R&D costsSupport costs
Marketing costs• Price Per encrypted VM per year• Price per encrypted application
instance per year
IP
Personnel
BUSINESS MODEL – Week 6
Week 7: Revenue Structure
Price Per VM
Price Per Application
Cloud Service Providers NimbusNinjas
• CSPs charge customers by resources consumed• Nimbus Ninjas: $$ per VM per month
NimbusNinjas
Cloud IntegratorsCloud Service Providers
SaaS providers using IaaS
Enterprises using Cloud Applications
$25 / VM / Month
$XX / VM / Month
$25 / VM / Month
$20 / VM / Month$20 / VM / Month
$XX / Month
$XX / VM / Month
Revenue Map
• Secure your data and applications in public cloud
• Securely shred data in public cloud
• Avoid provider lock-in• Key Mgmt Services• Meet Compliance
IaaS Cloud Providers(CSPs)
• Provide server & application hosting platforms
• Ex. FireHost, ENKI, Savvis
• Establish relationships with CSPs & Integrators
• Prototype product for POC. Validate workflow.
• Product R & D• CSP Integration• Educate Integrators about
our product• Testimonials / Referrals
from industry experts
Enterprises using Cloud Applications
Target: HealthCare, Financial and Legal firms
Direct
SaaS provider using IaaS
Target: HealthCare, Financial and Legal SaaS
providers
Short term :-• Open source community• IaaS CSPs• Cloud Integrators
• Industry Experts• Vulnerability
assessment, Threat detection vendors.
Long term :-• TPM Vendors (Trusted
Platform Module)
• SaaS Application developers
Work with CSPs to help distinguishing their offering
• Meet Compliance, HIPAA, PCI-DSS requirements
• Attract security-sensitive customers
• Indemnify against content liability
• Secure your data and applications in public cloud
• Securely shred data in public cloud
• Avoid provider lock-in• Key Mgmt Services
• IaaS CSPs
• Cloud Integrators
• SEO
• Intellectual Property• Personnel
• R&D costs• Support costs• Marketing costs
Establish credibility as security experts
Key Partners Key Activities Value Proposition Customer Relationship Customer Segment
Channel
RevenueCost Structure
Key Resources
• Price Per encrypted VM per month• Price per encrypted application instance
per month• Price per managed-key transactions?
BUSINESS MODEL – Week 7
Week 8: Public Cloud vs. Private Cloud
Lessons Learned
• ‘Large Enterprises : Public clouds do not make economic sense (yet!) Explore encryption / key management for private clouds
• Interesting use case of our technology : S/W licensing for VMs
vs.
• Secure your data and applications in public cloud
• Securely shred data in public cloud
• Avoid provider lock-in• Key Mgmt Services• Meet Compliance
Price Per server encrypted
IaaS Cloud Providers(CSPs)
• Provide server & application hosting platforms
• Ex. FireHost, ENKI, Savvis
• Establish relationships with CSPs & Integrators
• Prototype product for POC. Validate workflow.
• Product R & D• CSP Integration• Educate Integrators about
our product• Testimonials / Referrals
from industry experts
• Price Per encrypted VM per month• Price per encrypted application
instance per month• Price per managed-key transactions?
Enterprises using Cloud Applications
Target: HealthCare, Financial and Legal firms
Direct
SaaS provider using IaaS
Target: HealthCare, Financial and Legal SaaS
providers
Short term :-• Open source community• IaaS CSPs• Cloud Integrators
• Industry Experts• Vulnerability assessment,
Threat detection vendors.
Long term :
• TPM Vendors (Trusted Platform Module)
• SaaS Application developers
• Infrastructure Insurers
Work with CSPs to help distinguishing their offering
• Meet Compliance, HIPAA, PCI-DSS requirements
• Attract security-sensitive customers
• Indemnify against content liability
• Secure your data and applications in public cloud
• Securely shred data in public cloud
• Avoid provider lock-in• Key Mgmt Services
• IaaS CSPs
• Cloud Integrators
• SEO
• Intellectual Property• Personnel
• R&D costs• Support costs• Marketing and Sales costs
29 6545
Establish credibility as security experts
24
34
29
45
4
Key Partners Key Activities Value Proposition Customer Relationship Customer Segment
Channel
RevenueCost Structure
Key Resources
BUSINESS MODEL – Week 8
Summary of LESSONS LEARNED
• Locate prospective customers: • Conferences are fantastic places to meet prospects
• Stay focused: • Bad idea to address multiple market opportunities at the same
time
• Test hypothesis: • Talking to A LARGE NUMBER of customers is key
• Lean Launchpad:• Getting yelled at by Steve : Not a bad thing !
