Cloud Computing: Withumsmith+Brown, PC

CLOUD COMPUTING
Rose Klimovich, Telx Sumit Pal, WithumSmith+Brown
October 22, 2009
WithumSmith+Brown, PC
Certified Public Accountants and Consultants
telx |THEINTERCONNECTIONCOMPANY
AGENDA
Business Priorities and Trends

Worldwide cloud services revenue will grow to $150.1 billion in 2013. 41% of the respondents indicated that they are either evaluating cloud solutions for use in their businesses, or already piloting cloud solutions.
Cloud Core Financial Accounting
2008 15% 2010 22% expected 2012 27% expected More than 1 in 4 of companies!
The cloud is forcing thoughtful adaptation of certain security controls.
Business Priorities and Trends
PROBLEM
Data storage is one of the fastest growing parts of the IT budget New applications are tough to get approved and take time to implement; this breaks down the relationship of IT and business users Capital budgets are tight Servers and storage are underutilized
Answer: Cloud Services

DELIVERY MODELS
What are cloud services?

Cloud Services: Resources (storage, computing, applications, security services) organized in remote data centers that customers can usually access over an IP Network and only pay for what they use Types of cloud: Public, Private, Hybrid Cloud Service Delivery models
Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS)
The Promise of the Cloud
SaaS: Everything as a Service

Software as a Service Communications as a Service IT as a Service Faster TTM Subscription based One to many Public Infrastructure
Provides: 1.Business users with flexible developed applications 2.Application Developers with a platform with standard/open APIs 3.IT Architects with a platform for delivering real time capabilities
Issues: Cost is higher as user base grows do all users use the service? Less flexibility or custom-ability
10
IaaS: Everything in the Cloud

IaaS Cloud Services: Massively scalable resources (storage and/or computing) organized in remote data centers that customers can access over an IP (or sometimes private) Network. Acquisition Model: Service Computing Storage Applications Security Information
Business Model: Pay for usage
Access Model: Internet or Private Network
Technical Model: Scalable, elastic, shareable, dynamic provisioning and resource allocation telx |THEINTERCONNECTIONCOMPANY
11
How does this work? Example: Amazon EC2

Create an Amazon Machine Image (AMI) containing your applications, libraries, data and associated configuration settings. (Or use pre-configured, templated images) Upload the AMI into Amazon S3. Use Amazon EC2 web service to configure security and network access Choose which instance type(s) and operating system you want, then start, terminate, and monitor as many instances of your AMI as needed, using the web service APIs or the variety of management tools provided. Determine whether you want to run in multiple locations, utilize static IP endpoints, or attach persistent block storage to your instances Pay for the resources that you consume, like instance-hours or data transfer.
12
BENEFITS & CHALLENGES
13
Benefits of Cloud
PERFORMANCE AND LATENCY REDUCTION SCALABILITY
Application moved closer to end-user
Additional servers provisioned as needed
COST OPTIMIZATION
INTEROPERABILITY
Web services; hybrids Application and data moved to optimally utilize capacity Services up quickly and on demand
FLEXIBILITY
Spare servers for Disaster Recovery
BUSINESS CONTINUITY
14
Cloud Challenges
Security dissolves the corporate perimeter Privacy and Regulatory who owns the data? Who can touch the data? Cap Ex vs. Op Ex buying might be better for consistent, stable data Reliability and Performance users may see higher latency and worse performance Federation how do you move between on premises and cloud and inter cloud End to end control can I measure the performance? Platform are the tools for development available? Culture are we ready to do this?
15
Performance and Reliability

You need to know
The performance characteristics of the applications Know how/where your users will access the cloud
Ask the cloud provider for system availability, fault tolerance, scalability and performance variability of their service Ask the cloud provider for a SAS 70 Type II audit report for the data center operations Look for providers in locations with bandwidth diversity and density for optimal performance to support applications
Is the cloud instance close to users? Is it located in a co-location center with a choice of network providers?
16
Total Cost of Ownership

Cloud has the benefit of pay for what you use
Grows as you grow Low upfront cost No excess capacity Fairly simple price lists Good for new and growing applications and those with burstable demand
However,
Buying equipment might be better in situations where you have more stable demand and where the application is database intensive Make sure you look at all the costs: network upgrades, non-active users, data backup, licensing
17
SECURITY
Most companies use perimeter security cloud breaks the perimeter How secure is the cloud provider?
Have an incident response, notification and remediation process Are in a secure co-location facility Do ongoing 3rd party assessments (e.g. SAS 70 Type II Audit) and make these available to customers Compartmentalize job duties, systems; limit knowledge of customers and their data Define the DMZ Secure inter-host communication Supports strong authentication and robust password policies Provide an audit trail for system changes
18
Privacy
Who owns the data? Who can touch the data? A users privacy and confidentiality risks vary significantly with the terms of service and privacy policy established by the cloud provider. The location of information in the cloud may have significant effects on the privacy and confidentiality protections of information and on the privacy obligations of those who process or store the information. Legal uncertainties make it difficult to assess the status of information in the cloud as well as the privacy and confidentiality protections available to users.
19
Legal , Financial and Risk

Make sure your cloud provider is financially stable Make sure provider has a disaster recovery and business continuity plan Legal
Plan for what happens at termination (planned or unplanned) Include SLAs both for performance and around data breaches Understand any secondary uses of the data by the cloud provider and develop contract language to prohibit it What are their policies for data retention Watch for changes in laws that effect cloud and how your provider plans to respond How will they deal with electronic discovery? How does this fit with your compliance requirements?
Laws
20
AR
RE EU
Y? AD
WithumSmith+Brown, PC20
21
Key Questions
What are the compliance requirements for:
Security when transferring and storing data Backup/restore procedures and disaster recovery plans Data privacy in each relevant jurisdiction Authenticating users and governing access rights Checking and verifying data transactions Reporting of usage and performance metrics Requirements definition, prototyping, testing and user acceptance Governance and change management
22
Key Questions
What are the minimum and preferred standards for:
Daily, monthly and annual downtime, both planned and unplanned Application response times (e.g. to deliver a query response or post a transaction) Frequency, timeliness and detail of performance reporting Helpdesk support access (by role, channel and hours) and response times Time to resolve a support ticket Time to resolve a billing or customer service query Technology and functional upgrade cycles
23
Key Questions
What are the requirements for functional scope & adaptability:
Integration capabilities for connecting to enterprise and local systems Complexity and detail of processes to be automated Language, currency, tax and regulatory variations Number of separate business and operational entities Volume of transactions processed at peak and average load Frequency of change to business processes Delegated administration and configuration by line-ofbusiness users Developer toolset and breadth of configuration/extension options
24
Is my enterprise ready for cloud computing?

Economic impact. Changes the way that new IT projects are planned and implemented, enabling more frequent, incremental changes that flex with the business. Transition to real-time business. On-demand application infrastructures that allows management to take faster, betterinformed decisions. Technology and governance framework. CIOs must make sure that they can connect to, monitor and co-ordinate ondemand assets. Retain accountability for resources being operated by third-party providers. Development and upgrade cycles. More incremental, agile development styles. Upgrades occur more frequently, allowing the organization to absorb new technology and functionality as continuous improvement. Change management. A more agile, adaptable organization requires active, skilful change management.
25
How do I get started?

Consider an on-site inspection Talk to references Some sites have a way to see a demo or set up a test account, check it out Start with one application possibly a new application, one that is cost prohibitive today or one in development/test Plan data migration and testing Work on user preparation, training and support
26
What Happens in the Real World?

Chiizu.com: Cloud computing and storage
We offer hosted services to customers of all sizes and can get them up-and-running quickly. ..our work is very seasonal allows us to add and subtract resources as our business dictatesand we aren't paying for excess capacity.
ASU: Cloud Storage Tertiary copy online and accessible in seconds
Kaiser Permanente: SaaS Implementing strategic technological innovations that maximize employee productivity
27
Thank you
Rose Klimovich, telX
rklimovich@telx.com
Sumit Pal, WithumSmith+Brown

spal@withum.com

Cloud Computing: Withumsmith+Brown, PC

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cloud Computing: Withumsmith+Brown, PC

Uploaded by

Copyright:

Available Formats

CLOUD COMPUTING

Rose Klimovich, Telx Sumit Pal, WithumSmith+Brown

October 22, 2009

Business Priorities and Trends

Cloud Core Financial Accounting

The cloud is forcing thoughtful adaptation of certain security controls.

Business Priorities and Trends

Answer: Cloud Services

What are cloud services?

The Promise of the Cloud

SaaS: Everything as a Service

IaaS: Everything in the Cloud

Business Model: Pay for usage

Access Model: Internet or Private Network

How does this work? Example: Amazon EC2

BENEFITS & CHALLENGES

Application moved closer to end-user

Additional servers provisioned as needed

Spare servers for Disaster Recovery

Performance and Reliability

Total Cost of Ownership

Legal , Financial and Risk

Is my enterprise ready for cloud computing?

How do I get started?

What Happens in the Real World?

ASU: Cloud Storage Tertiary copy online and accessible in seconds

Sumit Pal, WithumSmith+Brown

You might also like