Rose Klimovich, Telx Sumit Pal, WithumSmith+Brown

October 22, 2009

WithumSmith+Brown, PC
Certified Public Accountants and Consultants


WithumSmith+Brown, PC




WithumSmith+Brown, PC

telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown.1 billion in 2013. “Cloud” Core Financial Accounting • 2008 – 15% • 2010 – 22% expected • 2012 – 27% expected More than 1 in 4 of companies! The cloud is forcing thoughtful adaptation of certain security controls. PC .3 Business Priorities and Trends Worldwide cloud services revenue will grow to $150. 41% of the respondents indicated that they are either evaluating cloud solutions for use in their businesses. or already piloting cloud solutions.

PC .4 Business Priorities and Trends telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown.

5 PROBLEM • Data storage is one of the fastest growing parts of the IT budget • New applications are tough to get approved and take time to implement. this breaks down the relationship of IT and business users • Capital budgets are tight • Servers and storage are underutilized Answer: Cloud Services telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown. PC .


7 What are cloud services?  Cloud Services: Resources (storage. applications. computing. Private. security services) organized in remote data centers that customers can usually access over an IP Network and only pay for what they use  Types of cloud: Public. Hybrid  Cloud Service Delivery models • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (SaaS) telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown. PC .

8 The Promise of the Cloud telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown. PC .

IT Architects with a platform for delivering real time capabilities Issues: • Cost is higher as user base grows – do all users use the service? • Less flexibility or custom-ability telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown.9 SaaS: Everything as a Service • Software as a Service • Communications as a Service • IT as a Service Faster TTM Subscription based One to many Public Infrastructure Provides: 1. PC .Business users with flexible developed applications 2.Application Developers with a platform with standard/open APIs 3.

elastic. PC . dynamic provisioning and resource allocation telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown. shareable. Acquisition Model: Service • Computing • Storage • Applications • Security • Information Business Model: Pay for usage Access Model: Internet or Private Network Technical Model: Scalable.10 IaaS: Everything in the Cloud  IaaS Cloud Services: Massively scalable resources (storage and/or computing) organized in remote data centers that customers can access over an IP (or sometimes private) Network.

then start.      telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown. utilize static IP endpoints. libraries. or attach persistent block storage to your instances Pay for the resources that you consume. templated images) Upload the AMI into Amazon S3. data and associated configuration settings.11 How does this work? Example: Amazon EC2  Create an Amazon Machine Image (AMI) containing your applications. Determine whether you want to run in multiple locations. (Or use pre-configured. terminate. like instance-hours or data transfer. PC . Use Amazon EC2 web service to configure security and network access Choose which instance type(s) and operating system you want. and monitor as many instances of your AMI as needed. using the web service APIs or the variety of management tools provided.


PC . hybrids Application and data moved to optimally utilize capacity Services up quickly and on demand FLEXIBILITY Spare servers for Disaster Recovery BUSINESS CONTINUITY telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown.13 Benefits of Cloud PERFORMANCE AND LATENCY REDUCTION SCALABILITY Application moved closer to end-user Additional servers provisioned as needed COST OPTIMIZATION INTEROPERABILITY Web services.

Op Ex – buying might be better for consistent. PC . stable data  Reliability and Performance – users may see higher latency and worse performance  Federation – how do you move between on premises and cloud and inter cloud  End to end control – can I measure the performance?  Platform – are the tools for development available?  Culture – are we ready to do this? telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown.14 Cloud Challenges  Security – dissolves the corporate perimeter  Privacy and Regulatory– who owns the data? Who can touch the data?  Cap Ex vs.

fault tolerance. scalability and performance variability of their service  Ask the cloud provider for a SAS 70 Type II audit report for the data center operations  Look for providers in locations with bandwidth diversity and density for optimal performance to support applications • Is the cloud instance close to users? • Is it located in a co-location center with a choice of network providers? telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown. PC .15 Performance and Reliability  You need to know • The performance characteristics of the applications • Know how/where your users will access the cloud  Ask the cloud provider for system availability.

PC . data backup.16 Total Cost of Ownership  Cloud has the benefit of pay for what you use • • • • • Grows as you grow Low upfront cost No excess capacity Fairly simple price lists Good for new and growing applications and those with burstable demand  However. licensing telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown. non-active users. • Buying equipment might be better in situations where you have more stable demand and where the application is database intensive • Make sure you look at all the costs: network upgrades.

SAS 70 Type II Audit) and make these available to customers • Compartmentalize job duties. systems.17 SECURITY  Most companies use perimeter security – cloud breaks the perimeter  How secure is the cloud provider? • Have an incident response. PC telx | THE INTERCONNECTION COMPANY  . notification and remediation process • Are in a secure co-location facility • Do ongoing 3rd party assessments (e. limit knowledge of customers and their data • Define the DMZ • Secure inter-host communication • Supports strong authentication and robust password policies • Provide an audit trail for system changes WithumSmith+Brown.g.

18 Privacy  Who owns the data? Who can touch the data?  A user’s privacy and confidentiality risks vary significantly with the terms of service and privacy policy established by the cloud provider.  The location of information in the cloud may have significant effects on the privacy and confidentiality protections of information and on the privacy obligations of those who process or store the information. PC .  Legal uncertainties make it difficult to assess the status of information in the cloud as well as the privacy and confidentiality protections available to users. telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown.

19 Legal . Financial and Risk  Make sure your cloud provider is financially stable  Make sure provider has a disaster recovery and business continuity plan  Legal • Plan for what happens at termination (planned or unplanned) • Include SLAs both for performance and around data breaches • Understand any secondary uses of the data by the cloud provider and develop contract language to prohibit it • What are their policies for data retention • Watch for changes in laws that effect cloud and how your provider plans to respond • How will they deal with electronic discovery? • How does this fit with your compliance requirements?  Laws telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown. PC .

20 AR RE EU Y? AD telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown. PC20 .

testing and user acceptance • Governance and change management telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown. PC . prototyping.21 Key Questions  What are the compliance requirements for: • Security when transferring and storing data • Backup/restore procedures and disaster recovery plans • Data privacy in each relevant jurisdiction • Authenticating users and governing access rights • Checking and verifying data transactions • Reporting of usage and performance metrics • Requirements definition.

g.22 Key Questions  What are the minimum and preferred standards for: • Daily. channel and hours) and response times • Time to resolve a support ticket • Time to resolve a billing or customer service query • Technology and functional upgrade cycles telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown. PC . to deliver a query response or post a transaction) • Frequency. both planned and unplanned • Application response times (e. timeliness and detail of performance reporting • Helpdesk support access (by role. monthly and annual downtime.

PC .23 Key Questions  What are the requirements for functional scope & adaptability: • Integration capabilities for connecting to enterprise and local systems • Complexity and detail of processes to be automated • Language. currency. tax and regulatory variations • Number of separate business and operational entities • Volume of transactions processed at peak and average load • Frequency of change to business processes • Delegated administration and configuration by line-ofbusiness users • Developer toolset and breadth of configuration/extension options telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown.

agile development styles. Upgrades occur more frequently. skilful change management. CIOs must make sure that they can connect to.24 Is my enterprise ready for cloud computing?  Economic impact. Retain accountability for resources being operated by third-party providers. Changes the way that new IT projects are planned and implemented. PC . enabling more frequent. betterinformed decisions.  Change management. allowing the organization to absorb new technology and functionality as continuous improvement. adaptable organization requires active. incremental changes that flex with the business.” On-demand application infrastructures that allows management to take faster.  Development and upgrade cycles. A more agile.  Transition to “real-time business. telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown. More incremental. monitor and co-ordinate ondemand assets.  Technology and governance framework.

check it out  Start with one application – possibly a new application.25 How do I get started?  Consider an on-site inspection  Talk to references  Some sites have a way to see a demo or set up a test account. one that is cost prohibitive today or one in development/test  Plan data migration and testing  Work on user preparation. PC . training and support telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown.

. PC .26 What Happens in the Real World? Chiizu.our work is very seasonal …allows us to add and subtract resources as our business dictates—and we aren't paying for excess capacity.“ ASU: Cloud Storage Tertiary copy online and accessible in seconds Kaiser Permanente: SaaS Implementing strategic technological innovations that maximize employee productivity telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown. .com: Cloud computing and storage “We offer hosted services to customers of all sizes and can get them up-and-running quickly.

WithumSmith+Brown • telx | THE INTERCONNECTION COMPANY  WithumSmith+Brown.27 Thank you  Rose Klimovich. telX • rklimovich@telx. PC .com  Sumit Pal.