Abbott Cloud Strategy

June 2014
Cloud Computing Definition
Cloud computing is a model for enabling convenient, on-demand
network access to a shared pool of configurable computing
resources (e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and released with minimal
management effort or service provider interaction. This cloud model
promotes availability and is composed of five essential
characteristics (Slide 6), three service models (Slide 7), and four
delivery models (Slide 7).

Abbott Cloud Strategy Company Confidential 2

© 2014 Abbott
Cloud Strategy
Deliver new innovations and offerings that will empower IT as a
broker of services that drive speed of business and competitive
advantage transforming silos of compute, storage, end user
devices, data and applications into centralized IT services that can
be easily provisioned, managed and delivered to end-users on the
devices of their choice without sacrificing control and security.

Abbott Cloud Strategy Company Confidential 3

© 2014 Abbott
Strategy Overview
• Develop a principles and risk-based approach to adopt cloud
computing where appropriate as it is not necessarily a suitable
replacement for all current sourcing models.
• Investigate opportunities and implement cloud solutions providing
a single portal interface that determines service level
requirements, lifecycle duration (capital vs expense evaluation),
quality, regulatory and data security that determines the
appropriate type of on/off premise solution.

Abbott Cloud Strategy Company Confidential 4

© 2014 Abbott
Essential Characteristics
Characteristic Description
On demand self Provision computing capabilities, such as server time and network storage, as
service needed automatically without requiring human interaction with each service’s
provider
Broad network Capabilities are available over the network and accessed through standard
access mechanisms that promote use by heterogeneous thin or thick client platforms (e.g.
mobile phones, laptops, and PDAs)
Resource pooling Computing resources are pooled to serve multiple consumers using a multi-tenant
model, with different physical and virtual resources dynamically assigned and
reassigned according to consumer demand. There is a sense of location
independence in that the customer generally has no control or knowledge over the
exact location of the provided resources but may be able to specify location at a
higher level of abstraction (e.g. country, state, or data center). Examples of
resources include storage, processing, memory, network bandwidth, and virtual
machines.
Rapid elasticity Capabilities can be rapidly and elastically provisioned to quickly scale.
Measured Cloud systems automatically control and optimize resource use by leveraging a
Service metering capability at some level of abstraction appropriate to the type of service (for
example, storage, processing, bandwidth, and active user accounts). Resource
usage can be monitored, controlled and reported; providing transparency for both the
provider and consumer of the utilized service.

Abbott Cloud Strategy Company Confidential 6

© 2014 Abbott
Cloud Delivery Models and Service Types
Delivery Model Description
Private clouds Dedicated off premise infrastructure model that is walled off with
enterprise-class protections.
Public clouds Shared off premise infrastructure model typically provided at a lower
cost than a private cloud that could limit configuration, security, and SLA
specificity, making them a less-than-ideal fit for services using sensitive
data that is subject to compliancy or safe harbor regulations.
Internal clouds Provided on premise and behind company-built protections
Hybrid clouds An integrated cloud services arrangement capable of moving work loads
between Internal and Private Clouds typically defined by security,
compliance, and SLA specificity.
Service Model Description
Infrastructure as a Service Provides X86 compute and storage resources on demand
(IaaS)
Platform as a Service Provides a platform upon which applications can be developed and
(PaaS) executed
Software as a Service Provides end-users with the use of a comprehensive application, rather
(SaaS) than buying, installing and running software yourself. The provider
guarantees application capabilities and a level of service availability.
Examples include salesforce.com and workday.

Abbott Cloud Strategy Company Confidential 7

© 2014 Abbott
Legal & Privacy Considerations
• Legal
– Ability to discover information
– Awareness of geographic region legislative, regulatory, and data sovereignty
requirements
– Service agreements need to specify cloud provider accountabilities
• Privacy
– Awareness of geographic region legislative, regulatory, and data sovereignty
Risk of compromise to confidential information through third party access to
sensitive information.
– Shared data resources and possible privacy risks

Abbott Cloud Strategy Company Confidential 8

© 2014 Abbott
Data Security Considerations
• Must ensure cloud service providers and their service offerings meet
Abbott security requirements (Service Provider Transparency)
• Abbott will own and remain ultimately responsible for the information
that is stored and/or processed in the cloud
• Abbott will determine what data that can by accessed by whom and
the method of access
• Ease and cost of data migration from off premise to on premise in the
event of contract termination
• Risk of data resource sharing and potential data loss and/or exposure
as a result of legal seizure of another company’s data or damage by
malware
• Data access prevention or access limitation in the event of provider
bankruptcy and/or acquisition and/or Legal seizure by law enforcement
at hosting facility
Abbott Cloud Strategy Company Confidential 9
© 2014 Abbott
Network Security & Connectivity Considerations
• Network Security
– Ability to Federate the application with Abbott’s Active Directory
– Establishment and management of a security architecture that supports
virtual extensions of Abbott’s datacenter into the cloud   
• Connectivity options and fail over requirements
– Application access via MPLS or VPN Tunnel through Abbott’s BPLS
– Application access via the Internet (port 80 and 443)
– Extending the Abbott Internal Network
– Virtual address space and prevention of address space duplication
– Multiple provider connectivity requirement between applications

Abbott Cloud Strategy Company Confidential 10

© 2014 Abbott
Reputation, Skill Set, & Performance Considerations
• Reputation
– Damage to Abbott’s reputation resulting from a privacy or security breach, or a
failure to deliver an essential service because risk was inadequately
addressed must be considered for cloud computing applications
– Ensure guaranteed service levels are achieved
• Skill Set Impact
– Less demand for software product specific skills
– More demand for business analysts, architects, portfolio and program and
change managers, and vendor/contract managers.
• Performance and Conformance
– Need to ensure that guaranteed service levels are achieved. This includes
environments where multiple service providers are utilized

Abbott Cloud Strategy Company Confidential 11

© 2014 Abbott
Application Design and Architecture Considerations
• Application Design
– There may be less opportunity for customization of applications and services
potentially increasing complexity when integrating cloud services with existing
legacy environments
– Applications will need to be designed to accommodate latency
– Existing software licensing models may not facilitate a cloud deployment
• Architecture
– Moving to a cloud environment will require more emphasis on business design
where cloud services will interface/impact business systems
– Prior to making a decision to move to a cloud computing environment,
Application IT must address the impact on business processes and eliminate
any technical barriers
– Use an architectural framework to assist in identifying potential opportunities
to deliver common and shared cloud services across business units

Abbott Cloud Strategy Company Confidential 12

© 2014 Abbott
Business Continuity & Data Considerations
• Business Continuity
– Because the cloud is dependent on internet technologies, any internet service
loss may interrupt cloud services
– Where is the information located in the event of a disaster
– Business continuity and disaster recovery plans must be well documented and
tested.
• Data Location and Retrieval
– Where does the information actually resides (or is transitioning through) at a
given point in time
– When information retrieval is required, there may be delays impacting
business units that frequently submit to audits and inspections

Abbott Cloud Strategy Company Confidential 13

© 2014 Abbott
Service Provider & Standards Considerations
• Service Provider Provisioning
– Reputation, history and sustainability should all be factors to consider when
choosing a service provider;
– Ensure portability of data is accounted for in the case of service provider
failure.
• Standards
– Strategies for open standards, interoperability, data portability, and use of
commercial off the shelf (COTS) products are required for reducing the risk of
vendor lock-in and inadequate data portability.

Abbott Cloud Strategy Company Confidential 14

© 2014 Abbott
Potential Benefits
Benefit Description
Scalability Capacity on demand provided without the capital financial commitments required for
purchase and maintenance allows for more agile enterprises that are scalable, flexible and
responsive to change. This results in faster responsiveness in service delivery
Efficiency Provides the ability to de-couple applications from existing infrastructure and enables the
reallocation of IT operational activities offers opportunity for Abbott to focus on more value
adding activities

Abbott Cloud Strategy Company Confidential 15

© 2014 Abbott
 Attachment 1: Prominent Global/Public Cloud Vendors
Vendor Model Description
Amazon IaaS Amazon offers several different in-the-cloud services. The best known is Amazon
Web Elastic Compute Cloud (EC2) which is a web service that offers resizable compute
Services capacity in the cloud. Key features include: elasticity, control, and flexibility. Other
Amazon services
include Amazon Simple Storage Service (S3), Simple DB, Cloudfront, Simple
Queue Service (SQS), and Elastic MapReduce.
Microsoft IaaS / Microsoft Azure Services Platform is a Windows-like cloud computing architecture
Azure PaaS that offers remote computing power, storage and management services. It has four
Services major parts:
• Windows Azure: Windows-based environment for running applications and
storing data on servers in Microsoft data centers
• Microsoft .Net Services: Distributed infrastructure services
• Microsoft SQL Services: Data services in the cloud based on SQL Server
• Live Services: Access data from Microsoft's Live applications and others and
allow synchronizing this data through Live Mesh.
Rackspace IaaS Similar to Google apps: i.e. provisioning of infrastructure for development of web
applications.
Savvis IaaS Savvis offers two features: a web portal that allows customers to provision their
own virtual computing and storage capabilities on either private or shared
resources. Savvis offers scalability, flexibility and virtualized utility hosting on
demand.

Abbott Cloud Strategy Company Confidential 17

© 2014 Abbott
Attachment 1: Prominent Global/Public Cloud Vendors
Vendor Model Description
VMware IaaS VMware offers private as well as public cloud computing. The Private cloud
vCloud computing has been designed to ensure security and compliance by deploying a
private cloud infrastructure inside a business’s firewall. The public cloud offers
customers the freedom of open standards and interoperability of applications. It
includes a common management and infrastructure platform.
Open IaaS OpenNebula is a widely used open-source tool for the efficient, dynamic and
Nebula scalable management of VMs within datacenters (private clouds) involving a
large amount of virtual and physical servers. It supports Xen, KVM and on-
demand access to Amazon EC2.
GoGrid IaaS GoGrid offers “point-and-click infrastructure”. It provides a multi-tier, cloud
computing platform that allows users to manage the cloud hosting infrastructure
completely on demand through an intuitive, web interface.
AppNexus IaaS With AppNexus, a user can launch several operating systems, run a variety of
applications, load balance these applications and store secure data
Verizon Security Verizon has teamed up with Novell to provide cloud-based identity and access
management services to help companies in outsourcing their applications to the
cloud. They claim that the move will expedite cloud computing without
compromising security

Abbott Cloud Strategy Company Confidential 18

© 2014 Abbott
Attachment 1: Prominent Global/Public Cloud Vendors
Vendor Model Description
Telstra SaaS / Telstra have partnered with a number of providers to offer on-demand ICT
IaaS services including software, platform, infrastructure and
network
Salesforce PaaS / Salesforce.com are known primarily for
SaaS • The Sales Cloud and the Service Cloud, applications for sales and customer
service (also known as customer relationship management or CRM)
• Force.com, a cloud platform for building and running business applications
• Chatter, an enterprise collaboration application
Google SaaS Google offers some of the best known cloud computing services available,
Apps including Gmail, Google Docs, Google Calendar, and Picasa. They also offer
Engine some lesser known cloud services targeted primarily at enterprises, such as
Google Sites, Google Gadgets, Google Video, and most notable, the Google
Apps Engine. Google Apps Engine is a free setup that allows the users to write
and run their web applications on Google infrastructure. While it has been
criticized for limited programming language support, the Apps Engine debuted
Java and Ajax support in April 2010. A key advantage is scalability of the
applications. GoogleApp Engine for business provides centralized administration,
reliability, support and enterprise features.

Abbott Cloud Strategy Company Confidential 19

© 2014 Abbott
Attachment 1: Prominent Global/Public Cloud Vendors
Vendor Model Description
Joyent SaaS The Joyent platform, which "enables teams to effectively communicate and
collaborate with email, calendaring, contacts, file sharing, and other shared
applications," already serves billions of Web pages every month and helped
LinkedIn scale to 1 billion page views per month. Self-described as an "On-
Demand Computing" provider, Joyent has developed, built and scaled some of
the earliest Ruby on Rails applications – and as a result, developed a world-class
infrastructure, a methodology around how to deploy and scale (both up and
down) Rails applications.

Abbott Cloud Strategy Company Confidential 20

© 2014 Abbott
Proposed End State
Off-Premise
SaaS
Service Catalog and Self-Service Portal
(CLM Proposed) Off-Premise
PaaS
Cloud Automation

Orchestration Off-Premise
(BAO Proposed) IaaS

Adapter Framework CMDB

BMC Adapters (i.e. BSA, BNA, DSO Links)

ITSM
Infrastructure Virtualization OS and Software Tools
Management Management Provisioning
(Network, Storage) (vCenter) (Bladelogic)
Show Back

Monitoring and
Capacity

Compute Virtual Network Storage

Resources Machines Resources Resources

Abbott Cloud Strategy Company Confidential 21

© 2014 Abbott