Making real sense of enterprise Cloud computing in the context of your business is not always a trivial task. The volume, diversity and intensity of opinions on what cloud can do for your organization are relentless, as are the pressures to lower IT costs, speed up implementations, simplify enterprise IT and deliver more value in your own organizations. Shifting your mission critical systems to the cloud presents a formidable range of challenges for many organizations, least of which the potential loss of control over your disaster recovery capability. Conversely, keeping your enterprise IT systems where you can see them, and using the cloud to manage your backups and disaster recovery may appear to run counter to the prevailing perception that the cloud is the ultimate destination for all IT systems. In this presentation, Rob Livingstone will be covering off some of the key considerations of disaster recovery planning in the hybrid cloud environment and how, paradoxically, cloud could either be the cause of your disaster or has the potential to save you from one. He will be offering practical insights and tips on how you should approach the cloud when it comes to planning for the worst so that you come out looking your best.

1. © All rights reserved. Rob Livingstone Advisory Pty Ltd. Unauthorized redistribution prohibited without prior approval.
‘Navigating through the Cloud’ is a Trademark of Rob Livingstone Advisory Pty Ltd.
Will the Cloud be your disaster, or
will Cloud be your disaster recovery?
American Machinist Webinar
October 25th, 2012
ROB LIVINGSTONE
- PRINCIPAL, Rob Livingstone Advisory Pty Ltd, and
- Fellow, University of Technology, Sydney, Australia
navigatingthrougthecloud.com

2. Agenda
What I will be covering
1. Exploring the real definition of Cloud
2. Scope of this presentation
3. Hybrid Cloud is the reality
4. Cloud in the context of the manufacturing industry
5. Systemic vs. Technical risks
6. Could cloud be your Disaster?
7. Could cloud be your disaster recovery?

3. 1. Exploring the real definition of Cloud
The most quoted Definition
of Cloud:
Cloud computing is a model for enabling convenient,
on-demand network access to a shared pool of
configurable computing resources (e.g. networks,
servers, storage, applications, and services) that can
be rapidly provisioned and released with minimal
management effort or cloud provider interaction
• US National Institute of Standards and Technology’s (NIST)
definition

4. 1. Exploring the real definition of Cloud
The most sensible Definition of Cloud:
“Forget your technical definition of the Cloud,
ask your mom what the Cloud is….
…And what your mother will tell you about
the Cloud is that it means it’s not on my
computer.”
Dave Asprey – Global VP, Cloud Security, Trend Micro
‘Navigating through the Cloud ‘ - Podcast Episode 23 rd May 2012

5. 2. Scope of this presentation

6. 2. Scope of this presentation
Cloud
c ific
spe re?
OUR e futu
to Y in th
is map and
s th h now
doe bot
How tives,
initia

7. 2. Scope of this presentation
Inherent Risk Relationship with Cloud
Service Delivery and Deployment Models
http://www.coso.org

8. 2. Scope of this presentation
Inherent Risk Relationship with Cloud
Service Delivery and Deployment Models
loud
cific C http://www.coso.org
spe re?
OUR e futu
to Y in th
is map and
s th h now
doe bot
How tives,
initia

9. 2. Scope of this presentation
• You’re counting on SaaS vendor in order to
provide all the multi-tenancy for your data.
• You hope they’ve written their applications well,
secure their databases, and so on ….
• You’re sharing the database with everyone else.

10. 3. Hybrid Cloud is the reality
Hybrid will be the dominant form in the enterprise
“Within five years, it will be primarily deployed by
enterprises working in a hybrid mode”. - Gartner
Gartner "Predicts 2012: Cloud Computing Is Becoming a Reality”
(Published: 8 December 2011 ID:G00226103)

11. 3. Hybrid Cloud is the reality
…. And with the Hybrid Cloud comes complexity….

12. 3. Hybrid Cloud is the reality
…. And with the Hybrid Cloud comes complexity….
m ple
ot si
m is n
ste
ecosy
this
ing
nag
Ma

13. 3. Hybrid Cloud is the reality……
…. As is the potential for complexity….!
• Orchestrating versioning,
change control and rollback
• Availability
• Security
• Life expectancy alignments
• Business Continuity
• Identity Management
• Due diligence
• Forensics
• Legislative / Jurisdictional
• Contractual complexity
….. To name but a few

14. 4. Cloud in the context of the manufacturing industry……
1. Start with your business model and strategy.
• What’s your driver in looking at cloud?
• Do not make cloud your default starting position
2. Test any assumptions that integration with your
proprietary / embedded manufacturing systems to the
cloud is easy or low cost. (Eg SCADA)
3. Network latency between the cloud and on premise
systems for time critical processes may preclude the
adoption of cloud
4. 24x365 operations and public cloud? Oil and water?

15. 4. Cloud in the context of the manufacturing industry……
5. Availability and uptime for critical manufacturing
processes that have a dependency on cloud may be an
issue.
• Typically Co-location has higher uptime reliability than Cloud
6. Existing IT architecture may need to be reengineered to
facilitate any cloud integration: e.g.
• Do your existing R&D, Engineering, Projects, Operations,
supply chain systems and technologies integrate well?
7. DRP / MRP and other traditionally hosted or on premise
applications may be contenders for the cloud, but be
aware of the multi-year costs, integration and
implementation effort.

16. 5. Systemic vs. Technical Risk

17. 5. Systemic vs. Technical Risk
Systemic Risks
• Taking a systemic view of risk will give you a better perspective of
the actual risk, rather that what you think the risk might be
• Systemic risks are those with the greatest potential impact as they
affect the entire system (ie: Organisation, government, country,
world…)
• Case in Point: How is that the finance industry, which is one of
the more regulated, and invests heavily in risk identification,
mitigation and transference could be the cause of the current
global financial problems?
• Systemic risk for the enterprise is the silent killer and is often the
hardest to identify as only a few have a complete, transparent and
objective overview of the overall enterprise in sufficient detail.
• Applicability to IT – Cloud especially – not often discussed

18. 5. Systemic vs. Technical Risk
Technical (or functional) Risk
• Identifying, categorising and ranking technical and
functional risks is core to conventional IT risk assessment
approaches:
o Risk of a specific event = (Impact x Probability of that
event occurring) + Risk Adjustment
• Underpins conventional risk certification frameworks e.g.
ISO 2700X
• Certification does not necessarily equal security or
effectiveness of your risk management model
• Often focusing on the diverse range of technical risks, does
not account for the interaction between risks.
• Systemic risks are often more significant than the sum of
the individual, technical risks

19. 6. Could cloud be your disaster?
In Public Cloud, all you have is your contract!

20. 7. Could cloud be your disaster ?
The Public Cloud security and risk paradox
• One of the fundamental benefits of public cloud is the
removal of IT complexity.
• It’s invisible to the end user.
• Paradoxically, this presents those organisations
concerned about IT security, risk and governance with
a challenge because lack of visibility of what’s ‘under
the covers’ may present unacceptable risks if fully
disclosed and understood.

21. 7. Could cloud be your disaster ?
Risk: some of the common questions:
•Where is you data located?
•Can you get your data back easily?
•What happened if the Cloud provider goes out of
business?
•Can you implement a Cloud software escrow
arrangement?
•Can I transfer the risk? (insurance)
•Does the provider have a disaster recovery plan?

22. 7. Could cloud be your disaster recovery?
The case for DR in the cloud
• Gartner predicts:
• By 2014, 30% of midsize companies will have
implemented disaster recovery in the cloud
(currently just over 1% currently)
• At the end of the day, rigorously test any broad
assertions and assumptions that moving your critical
production IT environment to the cloud is the ‘way
forward’
• If you have mission critical information assets and
systems, you should retain direct control over these
assets – public cloud is not your only option

23. 7. Could cloud be your disaster recovery?
The case for DR in the cloud
• Server and application virtualization has been an
enabler for DR in the cloud
• Agility to modify your DR strategy without long term
contracts of capital investments, however read any
vendor’s contract terms carefully and perform rigorous
due diligence as needed
• Scalability of cloud infrastructure mitigates against the
conventional DR oversubscription problem
• ‘Pay as you go’ DR service possibilities (DRaaS)

24. ThankYou!
ROB LIVINGSTONE
- Fellow, University of Technology, Sydney
- Principal, Rob Livingstone Advisory Pty Ltd
W1: www.rob-livingstone.com
W2: www.navigatingthroughthecloud.com
E: rob@rob-livingstone.com
P (AUS): +61 2 8005 1972
P (US): +1 (609) 843-0349
@rladvisory
© All rights reserved. Rob Livingstone Advisory Pty Ltd ABN 41 146 643 165.
Unauthorized redistribution prohibited without prior approval. ‘Navigating
through the Cloud’ is a Trademark of Rob Livingstone Advisory Pty Ltd.