You are on page 1of 54

Cloud Computing in the Enterprise:

A Question of Control
.. And who has it .

INF5890
Ben Eaton
31/03/2014
1

The Cloud We all use it

But Im going to talk about cloud


computing in an enterprise setting

Background
Defining the Cloud
Cloud Architecture
Managing the Cloud in organisations
Adoption & Issues of Cloud in the
Enterprise
3

Cloud Computing in the


Enterprise

Background
Defining the Cloud
Cloud Architecture
Managing the Cloud in organisations
Adoption & Issues of Cloud in the
Enterprise

High Expectations

Forecast growth in industry revenues associated with Cloud


Computing (Forrester):
$61Bn for 2012 (Kirsker, 2012)
Growing to $241Bn by 2020 (Dignan, 2011)

Cloud represents a $3.3 trillion transformation thats


going on in the computing world
Microsoft are betting the company on cloud
(Steve Ballmer CEO Microsoft 2011)

Overhyped and old news?


In Public Discourse

Or about to enter the mainstream?

Source: Gartner 19 August 2013 http://www.gartner.com/newsroom/id/25755


15

Gartners hype cycle for emerging technologies, 2013

Cloud Computing in the


Enterprise

Background
Defining the Cloud
Cloud Architecture
Managing the Cloud in organisations
Adoption & Issues of Cloud in the
Enterprise

Technical Origins of Cloud


Computing
Computing as a service and accessing remote and distributed hardware
and software resources over a network is not a new concept.
1960's notions of :
"computing utilities" (Cafaro & Aloisio, 2011; Kleinrock, 2005)
Virtualisation (Graziano 2011)

Gradual development over next forty years, e.g.


Distributed IT infrastructures in the 80's and 90's
Application Service Provision (ASPs) in the 90's and 00s

However they were all constrained by a lack of computing power and


network bandwidth.
(Venters & Whitley 2012)

Technical Origins of Cloud


Computing
Factors conspired at the turn of the millennium to facilitate Cloud
Computing:
Rise of cheap computing power and network bandwidth
The rise of large scale computing architectures and enabling technologies
around Grid computing enabling affordable high power computing tasks
Adaptation of these architectures for large data centres of commodity
hardware to service the IT business needs of organisations such as
Google, Amazon and Microsoft
Commercialisation of their computing architectures in ways that could be
sold as the first Cloud Computing services.
(Venters & Whitley 2012)

10

Cloud Computing Definition


U.S. National Institute for Standards and
Technology (NIST):
Cloud computing is a model for enabling ubiquitous,
convenient, ondemand network access to a shared
pool of configurable computing resources (e.g.
networks, servers, storage, applications and
services) that can be rapidly provisioned and
released with minimal management effort or service
provider interaction
(Mell & Grance, 2011)
11

In its most Basic Form


It is a means of:
outsourced shared-computing where
resources
are virtualised, distributed and pooled
amongst external data centres
accessed by users through the internet
(Venters & Whitley 2012)

12

Key Components of Cloud

13

What it delivers Service Models


Customers may purchase:
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)

14

Infrastructure as a Service (IaaS)


Virtualisation of physical Compute Assets
Storage
Processing

No control over underlying cloud infrastructure


Control over ability to deploy and run software
operating systems and applications

E.g. Amazon Web Services (AWS)


Used for:
File Backup
Temporary Processing Campaigns, Product Design
15

Platform as a Service (PaaS)


Virtual development environment
Develop & deploy applications for the Cloud
No control over underlying Cloud infrastructure
Control over deployed application
e.g. provisioning and access

E.g. Google App Engine, Microsoft Azure


Used for:
Startups quick way of deploying Cloud apps
Enterprise productivity - apps for internal to the org
Enterprise storefronts means of developing interface between business and public

16

Software as a Service (SaaS)


Access to Service Providers Applications that execute on the
Cloud
Accessed via thin client interface such as a web browser (or
smartphone app)
No control over underlying Cloud infrastructure
Minimal control over application settings
E.g. Gmail, Google Docs, DropBox, Facebook, Evernote etc
Uses: You name it
17

Scope of Control

Source: Liu et al (2011) NIST Cloud Computing Reference Architecture


18

Key Components of Cloud

19

Essential Characteristics
On Demand Self Service
Commoditised

Measured Service
Variable Cost Model, pay for capacity you use

Resource Pooling
High Utilisation & Economies of scale

Rapid Elasticity
Commission / Decommission Capacity

Broad Network Access


Accessibility over internet
20

Which meets Organisations desires


to

Simplify the management of their IT resources (hardware,


middleware and software) resources

Scale up (or down) available resource capacity dynamically


on demand

Reduce and simplify their costs

Whilst ensuring levels of data security, service latency and


service availability are at least maintained and preferably
improved.

21

Key Components of Cloud

22

Deployment Models
So far so good but Cloud can be
deployed in different ways
Public
Private

Which have implications on the


organisation . control!

23

Public Cloud

Source: Liu et al (2011) NIST Cloud Computing Reference Architecture

24

Public Cloud
E.g: Amazon AWS, Google App Engine, Microsoft 365 etc
Benefits of computing with:
Significant Cost Savings (Economies of Scale, PAYG, Low Overheads)
Hi Performance (Super computer power,Latency)
Very Flexible (switching on & off Virtualised Hardware and Software)

Popular with Small Medium Businesses = Access to Power


Comes at cost of loss of control
Lack of transparency
Sharing of computing assets
Your competitor could be using the neighbouring VM how secure?

Multi-tenancy architecture shared by all


25

Private Cloud

Source: Liu et al (2011) NIST Cloud Computing Reference Architectu

Not shared - operated solely for a single organization.


Hosted / Non Hosted Solutions
Benefit: Under enterprise control
Whilst VM architecture essential, it will lack benefits of sharing:
Cost; Scalability; Performance

26

Private Cloud

Source: Liu et al (2011) NIST Cloud Computing Reference Architectu

Not shared - operated solely for a single organization.


Hosted / Non Hosted Solutions
Benefit: Under enterprise control
Whilst VM architecture essential, it will lack benefits of sharing:
Cost; Scalability; Performance

27

Private Cloud

Source: Liu et al (2011) NIST Cloud Computing Reference Architectu

Not shared - operated solely for a single organization.


Hosted / Non Hosted Solutions
Benefit: Under enterprise control
Whilst VM architecture essential, it will lack benefits of sharing:
Cost; Scalability; Performance

28

Cloud Computing in the


Enterprise

Background
Defining the Cloud
Cloud Architecture
Managing the Cloud in organisations
Adoption & Issues of Cloud in the
Enterprise

29

Cloud Service Orchestration


Architecture
Web, HTTP (REST / SOAP)

a
Pa

a
Ia

a
Sa

Service Layer (s/w)


S

Resource
Abstraction &
Control Layer
(m/w)
Physical Resource
Layer (h/w)

Resource
Abstraction
Resource Control
Hardware
Facility
30

Resource Abstraction & Control


Layer
APIs

Web

a
Pa

a
Ia

a
Sa

Service Layer (s/w)


S

Virtual Machines & Virtual Storage

Resource
Abstraction &
Control Layer
(m/w)
Physical Resource
Layer (h/w)

Resource
Abstraction
Resource Control

Hypervisors
Access Control
Resource Allocation
Usage Monitoring

Hardware
Facility
31

Virtualisation & Virtual


Machines

Single Tenancy vs Multi


Tenancy

User A @ Company 1
User B @ Company 1

Single Tenancy

User C @ Company 1

User A @ Company 1
User B @ Company 2
User C @ Company 3

Multi Tenancy

Cloud Computing in the


Enterprise

Background
Defining the Cloud
Cloud Architecture
Managing the Cloud in organisations
Adoption & Issues of Cloud in the
Enterprise

34

Managing the Cloud in organisations

Concerns how enterprise IT department manages cloud


services with different stakeholders such as:-

With rest of the enterprise organisation


With the State
With Suppliers (Cloud Service Providers & Vendors)

35

Managing the Cloud :


vis--vis the rest of the organisation

Management of cloud =

sourcing
purchasing
integration with portfolio
usage
When to get rid of

Who manages Cloud services?


The IT Department . Or
Departments themselves (e.g. marketing, sales, finance etc)
LOBS provisioning their own services .. DropBox security

Enterprise Cloud Service Broker

Bring Your Own Device (BYOD)

The changing role and skill sets of the IT department in a Cloud based
enterprise
This will effect you!

36

Governance of Enterprise Cloud:


vis--vis the state (national & EU law)
What kind of law? . Typically
processing of personal data
free movement of personal data

Compliance with local laws & regulation


Act No. 31 relating to the processing of personal data (Personal Data Act) (14 April
2000)
Data laws and regulations increasingly by industry vertical

E.g. retail banking - Bankenes Standardiseringskontor (BSK)

Compliance with international laws


EU Directive 95/46/EC Data Protection Directive
Industry verticals e.g. finance

Section 404 of the Sarbanes-Oxley Act of 2002

Complexity of competing jurisditions (customer in Norway, CSP in USA, host in INDIA)

Audits
E.g. SAS 70
37

Governance of Enterprise Cloud:


vis--vis suppliers (& contracts)

Contractual relationship
Can have similarities to outsourcing contract
Tensions between the different parties

Enterprises desire tight & tailored contracts offering


Equivalence to In house systems
Measures to minimise perceived risk (see next page)
Commitment to detailed levels of service allowing enterprises to
retain control
Outsourcing style contracts

Public CSPs desire loose & general contracts reflecting


Commoditised XaaS style services
Risk Avoidance
Minimum SLAs (a la Amazon)
38

Example Risks
Geographic Risk
e.g. Whose Jurisdiction?
Data Security Risks
e.g. What happens when you move Cloud Service
Provider?
Contractual Risks
e.g. Can supplier change terms without me knowing?
Architectural Risk
e.g. How secure are multitenancy achitectures really?
Ecosystem Risk
e.g. Long supply chain in Cloud your service is as
strong as the weakest link
39

Cloud Computing in the


Enterprise

Background
Defining the Cloud
Cloud Architecture
Managing the Cloud in organisations
Adoption & Issues of Cloud in the
Enterprise

40

Global adoption of cloud in the


enterprise
Enterprise adoption of cloud is still immature
In Norway adoption is more cautious still less
economic incentives

Enterprises Still Sceptical of Public cloud


Perceived loss of control & increased levels of risk
Outweigh the benefits of public cloud

Much greater Public Cloud adoption within


SMEs
41

Global adoption of cloud in the


enterprise
Public Cloud possibly used for non core
data & services
CRM - Salesforce.com
Productivity - Microsoft Office 365

Private Cloud used for core data & services


Core Data
Customer / HR / Finance & Accounting

Core Services
Essential Business Processes core to the enterprise
42

Global adoption of cloud in the


enterprise
In order that Public Cloud is adopted more widely in
enterprises
either
Enterprises must learn to trust large scale public Cloud SPs
& accept the risk

or
Large scale CSPs improve their contractual terms to
accommodate enterprises

or perhaps a bit of both


43

Spare Slides

44

Cloud Computing in the


Enterprise

Background
Defining the Cloud
Cloud Architecture
Managing the Cloud in organisations
Adoption & Issues of Cloud in the
Enterprise

45

(NIST) Cloud Reference Architecture

Sa
aS
S

Resource
Abstraction
Resource
Control
Hardware

Security
Privacy

Pa
a

Cloud Service
Management

Service
Layer

Ia
aS

Resource
Layer

Cloud
Audit
or

Cloud
Broke
r

Service Orchestration

Physical
Layer

Cloud
Consu
mer

Cloud Provider

Facility

Cloud Carrier

ce: Liu et al (2011) NIST Cloud Computing Reference Architecture

46

Cloud Service Orchestration


Architecture
Web, HTTP (REST / SOAP)

a
Pa

a
Ia

a
Sa

Service Layer (s/w)


S

Resource
Abstraction &
Control Layer
(m/w)
Physical Resource
Layer (h/w)

Resource
Abstraction
Resource Control
Hardware
Facility
47

Service Layer
Web, HTTP (REST / SOAP)

a
Pa

a
Ia

a
Sa

Service Layer (s/w)


S

Resource
Abstraction &
Control Layer
(m/w)
Physical Resource
Layer (h/w)

Resource
Abstraction
Resource Control
Hardware
Facility
48

Physical Resource Layer


Web, HTTP (REST / SOAP)

a
Pa

a
Ia

a
Sa

Service Layer (s/w)


S

Resource
Abstraction &
Control Layer
(m/w)
Physical Resource
Layer (h/w)

Resource
Abstraction
Resource Control
Hardware
Facility
49

Virtualisation & Virtual


Machines

Resource Abstraction & Control


Layer
APIs

Web

a
Pa

a
Ia

a
Sa

Service Layer (s/w)


S

Virtual Machines & Virtual Storage

Resource
Abstraction &
Control Layer
(m/w)
Physical Resource
Layer (h/w)

Resource
Abstraction
Resource Control

Hypervisors
Access Control
Resource Allocation
Usage Monitoring

Hardware
Facility
51

Single Tenancy vs Multi


Tenancy

User A @ Company 1
User B @ Company 1

Single Tenancy

User C @ Company 1

User A @ Company 1
User B @ Company 2
User C @ Company 3

Multi Tenancy

Multi Tenancy & Risk


On-Premises Data Centre
(e.g. Private Cloud)

Cloud Security Alliance - https://wiki.cloudsecurityalliance.org/guidance/index.php/Cloud_Computing_Architectural_Framework

Off-Premises Data Centre


(e.g. Public Cloud)

Security Concern? Independent


organisations sharing the same
hypervisor
53

Public

Private

Amazon AWS

Cloudstack

HTTP (REST/SOAP)

HTTP (REST/SOAP)

Amazon

Open

Physic Resour
al
ce
Layer Layer

a
Ia

aS
Pa
a
Ia
S

Servic
e
Layer

Comparison of Service
Orchestration Stacks

Resource
Abstraction
Resource
Control

Amazon

Open

Amazon

Cloudstack

Hardware

Amazon

Open

Facility

Amazon

Open

Monolithic
Black Boxed
Closed
Cloud Service
Provider Has

Open
Layered Modular
Enterprise/Outsour
cer Has Control

54