building a secure compliant cloud for the enterprise n.
Skip this Video
Loading SlideShow in 5 Seconds..
Building a Secure, Compliant Cloud for the Enterprise PowerPoint Presentation
Download Presentation
Building a Secure, Compliant Cloud for the Enterprise

Loading in 2 Seconds...

play fullscreen
1 / 32

Building a Secure, Compliant Cloud for the Enterprise - PowerPoint PPT Presentation

  • Uploaded on

Building a Secure, Compliant Cloud for the Enterprise. January 19th, 2011 Adam C. Greenfield. PCI DSS, SOX, HIPAA, GLBA, NCUA, FFIEC, NIST, FISMA. PCI DSS, SOX, HIPAA, GLBA, NCUA, FFIEC, NIST, FISMA. PCI DSS, SOX, HIPAA, GLBA, NCUA, FFIEC, NIST, FISMA.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Building a Secure, Compliant Cloud for the Enterprise' - moeshe

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
building a secure compliant cloud for the enterprise

Building a Secure, Compliant Cloud for the Enterprise

January 19th, 2011

Adam C. Greenfield






prioritizing cloud computing
Prioritizing Cloud Computing

Key Trend - Prioritization for cloud computing is increasing dramatically.

cloud hosting vs physical servers
Cloud Hosting vs. Physical Servers

Q: When considering a hardware refresh, how likely is it that you will evaluate cloud hosting as an alternative to purchasing physical servers.

  • Highly likely – 38%
  • Somewhat likely – 42%
  • Unlikely – 15%
  • Won’t consider it – 5%
cloud security top concern
Cloud – Security Top Concern

To your best knowledge, what are the top three obstacles Cloud Computing providers must overcome?

cloud top 3 concerns
Cloud – Top 3 Concerns

To your best knowledge, what are the top three obstacles Cloud Computing providers must overcome?

mid enterprise and above security top concern
Mid-Enterprise and Above – Security Top Concern

Large companies expect higher levels of Security and Control.

Due to their size, larger companies are more frequently the targets of malicious data attacks and have a greater need to protect their assets due to compliancy and regulatory requirements. Types of Cloud Computing solutions they will pursue include: R&D projects, quick promotions, online collaboration, partner integration, social networking , new business ventures (Forrester).

geographic redundancy
Geographic Redundancy

Q: How important is a provider’s ability to offer multi-site, high-availability and redundancy across multiple datacenters in your decision to host with them?

  • (All respondents / >250 employee respondents)
  • 42%/48% Very Important
  • 41%/43% Important
  • 14%/10% Neutral
  • 3%/0% Not important

Our respondents gave a clear indication of the importance high-availability holds for them in choosing a hosting provider. 83% of all respondents and 91% of large company respondents indicated that this was either very important or important in their choice of a hosting company.

Not a single large company respondent indicated that this wasn’t important to them. Clearly if a hosting provider isn’t offering these capabilities they simply aren’t even in the game.

hybrid offerings critical
Hybrid Offerings Critical
  • As companies move to cloud based solutions, they are looking to leverage and integrate with existing infrastructure.
  • 31% of all companies and 40% of large companies indicated that integration with their existing infrastructure was a top three characteristic of their hosting provider
  • Large and small companies alike ranked integration with their existing infrastructure as the number two obstacle to cloud computing behind security
  • Hybrid computing certainly provides the easiest and most cost effective entry point into cloud computing until IT organizations become more comfortable with a pure multi-tenant solution.

When asked what type of cloud solution they would likely deploy, an overwhelming 78% of all and 86% of large companies indicated that they would prefer either a private, single tenant solution or a combined private single tenant/public multi-tenant cloud over a pure multi-tenant solution.

media hysteria and technology quality
Media Hysteria and Technology Quality

Search Results

  • Dedicated Hosting Outage – 58,300
  • Managed Hosting Outage – 60,000
  • Web Hosting Outage – 201,000
  • Cloud Hosting Outage – 205,000
  • Performance Issues Raise Security Concerns
  • Cloud Outages Can Be Avoided
    • Causes Include Poor Cloud Architectures, Outdated Hardware, and Consumer-Grade Technologies
  • Technology Quality Still Matters
building an enterprise cloud federation
Building an Enterprise Cloud - Federation

Private Cloud -> Public Cloud

Burst on demand

Physical -> Cloud

Resource Load Optimization

Short term workload

Network Performance will drive Proximity Decisions

Application Federation will become important in the near future


building an enterprise cloud automation
Building an Enterprise Cloud - Automation


Provisioning automation

Customers don’t want to be responsible

Resource allocation and adjustment

Work loads will drive automated resource adjustment

On demand resources will become part of every transaction

Visibility to application performance will be linked to automated resource allocation



Building an Enterprise Cloud - Instrumentation

Application performance

Instead of device performance

Resource utilization

What is being used by whom

Single “pane” of Glass

One definitive source of information

Better access to important information


pure cloud not always a solution
Pure Cloud – Not Always a Solution

Hybrid Possibly Best Route

Examples Include:

  • Regulatory ConcernsUse Dedicated, Colocated or Private Cloud for Client Data and Connect to Cloud Enterprise for Web/Database Needs.
  • New ProjectUtilize low end Cloud Services for Test/Development. Launch in a Private/Public Cloud or Dedicated Servers.
  • Seasonal SpikeUse Enterprise Cloud Services for Additional Compute Resources - Web, Database, Storage Capacity. Scale Up/Down Instantly.
  • Disaster Recovery:Replicate Infrastructure to a Secondary Datacenter for Secure Availability of Mission-Critical Data/Apps
cloud management a compliance dash board
Cloud Management: A Compliance Dash Board
  • Add Security Appliances to Your Cloud Environment
    • Reports on Vulnerability Scans, Log Management, and Intrusion Protection and Detection



hybrid solution example meet hipaa compliance
Hybrid Solution Example – Meet HIPAA Compliance

Customer Scenario

HIPAA – Electronic Medical Records


Multi-site Geographic Redundancy


Secure and Accessible Records

emerging technologies

Emerging Technologies

VMWare’svShield Offering

uses standby machines replace hardware syndication
Uses: Standby Machines Replace Hardware Syndication
  • Create VM “images” of production machines
  • Park Images in cloud
  • Automate synchronization with parked images for system state change
    • As production infrastructure changes the VM images are adjusted to reflect the change
  • No longer need to be concerned with recovery location decision
    • With cloud oriented resources workload can be moved with minimal disruption
host to cloud data vaulting
Host to Cloud Data Vaulting
  • Vault production data inside cloud to accelerate restoration
  • Existing backup software can be used to transfer data
    • Minimal disruption of existing processes
    • Offset traditional tape vaulting fees
    • Accelerate recovery by being closer to on-demand resources
virtualized desktop
Virtualized Desktop
  • Two Types of workers
    • Deskbound
      • Call centers, back office operations
    • Mobile
      • Saleforce & leadership
  • Virtualized desktops ensure there are no delays in recovery
    • System images are always consistent with production
  • Allow for ultimate portability
    • Recover anywhere
fault tolerance
Fault Tolerance
  • An alternative to traditional clusters
  • No clustering software required
  • Workload adjustments automatically occur when production demand increases
cloud burst
Cloud Burst
  • Capacity and Performance issues often result in clinical disasters
    • People usually end up sizing environment for extreme workloads
  • Establish a normal operating level baseline with a private cloud
    • Optimize your investments & benefit from virtualization
  • Federate with a public cloud to allow for fail-over and capacity bursting at time of excessive load
    • “Peak shave” your workload and move the an alternative cloud

Kevin Keelan

Denver, CO

Adam C. Greenfield