Cloud Computing: Is my organisation ready for the cloud?

Name: Dilshan FonsekaStudent ID: 40273660Supervisor: Prof Michael Johnson

1

Contents

Business Considerations: Introduction (2-3mins) Types of the Clouds (2mins) Nature of Cloud Computing (3-5mins) Yesterday, Today & Tomorrow (1 min) Organizational Impact & Risk (3-4mins)

Technical Considerations: Cloud Security (5mins) Service Integration of the cloud (5-10mins)

Conclusion Question Time

2

Introduction

What is Cloud Computing? “…is internet based development and use of

computer technology…” So what does this mean to an

organization? Organizations looking to make innovations their

priority. They seek new ideas to keep competitive Find means to cut costs.

3

Types of Cloud

Source: Gauging the True Enterprise of Cloud Computing, Accenture 4

Characteristics of Cloud Computing

Cloud computing builds on established market trends Survey carried out by F5 Networks Inc indicated

that:▪ 80% of large enterprise IT managers are at least in trial

stage for cloud computing initiatives.▪ IT managers are aggressively adopting cloud computing. ▪ Half of respondents reported that they have already

deployed a public cloud computing implementation ▪ 45% of respondents currently using private clouds.▪ 66 % of respondents indicating that they have a dedicated

budget for cloud computing initiatives.

Source: F5 Networks Inc. Research [2009], Cloud Computing Study Research Report, 5

Characteristics of Cloud Computing

Virtual Machines used as standard deployment objects Virtualization enhanced flexibility because it

isn’t tied to a specific physical server. Enables a dynamic datacenter for resources. Virtualization allows applications to be

deployed and scaled rapidly. Can be configurable.

6

Example

7

Benefits of the Cloud

Cost Infrastructure rented rather than bought CAPEX can be zero

Business Continuity Server patching, backup, data redundancy is taking care off by external sources Leaves the organization to carry on with its day-to-day business.

Flexibility Ability to scale on demand Ability to test and prototype applications

Time Reduce runtime Reduce response time

Resources Free organization from supporting high costs, time consuming IT functions when taking

subscription to the cloud. Pay-As-You-Go

Pay on a monthly or subscription fee Others

8

Various Cost Comparison

9

Return on Investment (ROI)

10

Organizational Impact & Risk When considering a move to the Cloud, we must

first understand the impact it will have to the existing infrastructure of the organization.

Organizations cannot simply decide to take on the cloud overnight. They must be ready for it. How have organizational architectures evolved over the

past 10 years and how will it continue to evolve? Organizations must carry out its own feasibility analysis.

Cloud computing will impact an organization on at least two levels: the department, and the employees.

11

Organizational Impact & Risk There are many forms of risk to an

organization that the organization must be aware of: Security Privacy concerns Data integrity Availability Business acceptability.

12

Cloud Security

Perhaps the biggest concerns about cloud computing are security and privacy. Privacy is a major issue.

Organizations can compensate this dilemma by implementing stricter security measures, such as: VPNs (SSL and IPSec) for transport security Two-factor authentication between services, clouds, and

users and applications. Data encryption Digital signatures.

13

Cloud Security

14

Cloud Computing Infrastructure Models

Organizations must consider which infrastructure model best suits them when considering the move to the cloud.

Cloud computing infrastructure models: Public Cloud

▪ Run by Third Parties, and applications from different customers are likely to be mixed together on the clouds servers, storage systems, and networks.

▪ A public cloud provides services to multiple customers, and is typically deployed at a co-location facility.

15

Public Cloud structure

16

Cloud Computing Infrastructure Models

Private Cloud▪ Private clouds are built for the exclusive use of one client,

providing the utmost control over data, security, and quality of service.

▪ Private clouds may be hosted at a co-location facility or in an enterprise datacenter. They may be supported by the company, by a cloud provider, or by a third party such as an outsourcing firm.

17

Private Cloud structure

18

Architectural Layers

Cloud Computing can describe services being provided at any of the traditional layers from hardware to applications.

Cloud services is grouped into three categories: Software-as-a-Service (SaaS) Platform-as-a-Service (PaaS) Infrastructure-as-a-Service (IaaS)

19

Architectural Layers - SaaS

Software-as-a-Service

20

Architectural Layers - PaaS

Platform-as-a-Service

21

Architectural Layers – IaaS

Infrastructure-as-a-Service

22

Architecture considerations – Behind the firewall

Securing browser based Internet applications Secure Sockets Layer (SSL) Forms Authentication (2FA) Session Cookies

Layered architecture Firewalled Network Perimeter Web Tier (Presentation) Application Tier (BL) Data Tier Internal Ancillary Services

23

Existing Architectural layer

24

Defense in Depth – Layered Security Architecture (Current)

Network PerimeterNetwork Perimeter

Internet

Web TierWeb Tier

Application TierApplication Tier

DataData ServicesServices

PR

IVA

TE

SECRETS

Authenticate first, operate second

25

Public Authentication LayerPublic Authentication Layer

Outside the Firewall – Authenticate First, Operate Second

Bank staff manage identity and access control

Customers authenticate to the bank

Authentication ServicesAuthentication Services

Application1Application1 Application 2Application 2

Cloud ServiceCloud Service

Access presented as credential to “federated” cloud services

Cloud ServiceCloud Service

Cloud ServiceCloud Service

Security access returned

Authentication Overview

26

Application Web Integration LayerApplication Web Integration Layer

CAAS - Overview

Bank staff manage identity and access control

ApplicationApplicationeBankeBank

ApplicationApplication

Authentication ServicesAuthentication Services

Session Management

Single Identity Store

Hardware Security Module (crypto)

Authentication Services also provide:

Trading AppTrading AppSuperann AppSuperann App

Authentication SSO LayerAuthentication SSO Layer

Customers “single sign-on (SSO) to eBank affiliated applications

Integrating Applications

Integrating Applications

CAASCAAS

Legend

Application1Application1 Application 2Application 2

Architecture well Primed to secure the cloud

Augmenting Active Directory: Is a relatively simple extension exercise Will be a core AD feature

Service Integration SSB services already provide basic SAML ticketing functions:

▪ Provides SAML transformation services today to support various applications SSO▪ Built on “Zermatt”, therefore Microsoft “Geneva” will not be too difficult

Newly built cloud assets Trust banks (Authentication) signed tokens using standard claim-based integration

patterns SAML tokens are as secure as eBanks cookies are today. Trusted separation of function vs. security

27

Internal Channel Authentication for staff based cloud services

28

Authentication External Integration Channel

Authentication External Integration Channel

Authentication ServicesAuthentication Services

Bank’sENet

Integrating Applications

Integrating Applications

CAASCAAS

Legend

“Geneva” STS“Geneva” STS

MicrosoftMicrosoft

Authentication InternalIntegration Channel

Authentication InternalIntegration Channel

“Geneva” Web Connector“Geneva” Web Connector

IPNet

IPNet ServicesIPNet Services

“Geneva” STS“Geneva” STS

SAML token generation could be as applicable for bank staff as it is for external clients…

•MyEmailAnywhere•Access to externally hosted instrumentation logs

Cloud Computing Standards Cloud computing emphasizes efficiency.

Helps reduce maintenance Deployment costs

Cloud computing raises the level of abstraction. All components are virtualized Fast composition of higher-level applications or platforms

Testing applications in the cloud is an important aspect to an organization. Functional Non-Functional

29

Conclusion

The cloud will continue to evolve over the coming decade and there is no one approach that will become the standard.

The cloud is primarily an economic proposition that will require careful evaluation. Organizations need to understand what their business is, what the value and role of the datacenter is and what the best set of services available are.

The good news is that with the evolution of the cloud, organizations will have lots of good options.

So in conclusion, large organizations should invest in Cloud computing. Considering the cloud is not only beneficial one, but also a practical one.

An organization should consider the cloud as the benefits definitely outweigh the costs in the long term.

I have also provided three examples of real organizations, that have successfully taken the cloud on board, in my report.

30

References

T Mather, S Kumaraswamy, S Latif [2009], Cloud Security and Privacy: An Enterprise Perspective on Risk and Compliance, O’Reilly, California

L Herbert, J Erickson [2009], The ROI of Software-as-a-Service, Forrester, July 2009

IBM Research [2007], IBM Unveils “Blue Cloud” – Analyst briefing, IBM, November 2007

I Sorbello [2009], Security in the Cloud – CAAS, Commonwealth Bank of Australia Literature, Sydney

F5 Networks Inc. Research [2009], Cloud Computing Study Research Report, http://www.f5.com/news-press-events/press/2009/20090824a.html, Seattle

R Katz [2008], “Tower and the cloud: Higher education in the age of Cloud Computing”;Educause, USA

Accenture Research, The Enterprise Cloud Stack:Gauging the True Enterprise Impact of Cloud Computing, Accenture, 2008

IBM Research [2009], IBM Service Management: Fulfilling the SOA Vision, http://www-01.ibm.com/software/tivoli/governance/action/06182009.html, IBM, July 2009

31

Thank You & Questions

32