TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Â
Cloud Computing Strategy and Architecture
1. Hendrix Yapputro
certified IT architect
certified ISO 27000 lead auditor â cloud security
Cloud Computing
Strategy & Architecture
2. Further Reading
1. National Institute of Standards and Technology Special Publication 800-145.
2. CompTia Cloud www.comptia.org
3. Could Computing Explained: the implementation handbook for enterprise.
4. Architecting the Cloud: Design Decision for Cloud Computing Service Model (SaaS,
PaaS, Iaas)
3. Cloud Computing
Cloud computing is a model for enabling
ubiquitous, convenient, on-demand network
access to a shared pool of configurable
computing resources (e.g., networks, servers,
storage, applications, and services) that can be
rapidly provisioned and released with minimal
management effort or service provider
interaction.
National Institute of Standards and Technology Special Publication 800-145
4. Essential Characteristics
On-demand self-service
A consumer can unilaterally provision computing capabilities, such as server time and network storage,
as needed automatically without requiring human interaction with each service provider
Broad network access
Capabilities are available over the network and accessed through standard mechanisms that promote
use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and
workstations).
Rapid elasticity
Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly
outward and inward commensurate with demand. To the consumer, the capabilities available for
provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
1
2
3
National Institute of Standards and Technology Special Publication 800-145
5. Essential Characteristics
Resource pooling
The providerâs computing resources are pooled to serve multiple consumers using a multi-tenant model,
with different physical and virtual resources dynamically assigned and reassigned according to consumer
demand.
Measured service
Cloud systems automatically control and optimize resource use by leveraging a metering capability at
some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and
active user accounts).
4
5
National Institute of Standards and Technology Special Publication 800-145
7. Business Driver
What???
Mr. Business
Mr. IT
but, this
is the fact
.
.
.
Business costs have to be efficient for winning business competition. It can be achieved by:
1. Reducing costs for gaining efficiency, and
2. Agility
8. Cost Leadership
Because of its lower cost, the cost
leader is able to charge a lower
price than its competitors yet make
the same level of profit.
If companies in the industry charge
similar prices for their products, the
cost leader still makes higher profit
than its competitors because of its
lower costs.
And, if rivalry within the industry
increases and companies start to
compete on price, the cost leader
will be able to withstand
competition better than the other
companies because of its lower
costs.
Building competitive advantage through Cost Leadership
A companyâs goal in pursuing a cost-leadership strategy is to outperform competitors by doing
everything it can to produce goods/service at a cost lower than theirs.
9. Agility
Cloud ProviderCustomer Modules
Business need to rapidly develop new products (particularly applications or web-based services) without
being limited by the cost of computing hardware or being stalled by long procurement time
Shorten time to market1
Mobility3
Global access to organizational enterprise resources
is required for organizations with a distributed
workforce.
Rapid internal
development & testing
The ability to provision and de-provision development and testing
environments on demand provides organizations with greater
opportunities to improve their business processes by developing
applications internally or testing off-the-shelf software in their
environment.
2
CompTiaCompTia Cloud Essential
10. MANAGEMENT OF CLOUD â
READY APPLICATION
Management of Cloud-ready Application
11. Cloud Ready Application
E N D - T O - E N D M a n a g e m e n t o f C l o u d
IaaS vs PaaS SLA
Monitoring
No of Data Center
PricingType of Instance
Certification
Support
Most providers have a set number of servers that can be
used, with a specific number of CPUs, amount of memory,
and operating system. Others have fully customizable
instances.
There are no standards for PaaS-based applications. Each
provider uses different APIs based on its platform. Choosing
a specific provider might force a lock-in with a technology
that cannot be migrated later to a different provider. Use
IaaS unless you are comfortable with the technology used by
a PaaS provider and you do not foresee a change in the
technology used.
CompTiaCompTia CloudCompTia Cloud Essential
12. Service Level Agreement
Data Ownership Data Loss
Data Location Contract Renewal
Insurance Contractual Protection
CompTiaCompTia CloudCompTia Cloud Essential
13. Negotiation of SLA
Availability of
Service
LiabilitiesControl of Data
Choice
of Law
Organizations should raise the issue of
contract negotiation with the vendor and
choose the law based on their territory
coverage
The cloud provider should disclose the
list of data centers used to store the data,
including backups. The SLA between the
vendor and the organization must also
specify how backups are handled.
Organizations should specify the
purpose of contracting with the vendor
so that it is clear that, unless the
service adequately addresses this
purpose, it is pointless to enter into the
contract.
Vendors should have documented management systems, processes, and resources. Organizations should be able
to access the average available time provided by the vendors in the different layers of services offered. And
consequences for not meeting the SLA must be clearly identified.
CompTiaCompTia Cloud Essential
15. Cloud Security Principal
Confidentiality Integrity
Availability
Confidentiality refers to the
sensitivity of data.
Integrity refers to the
reliability of data.
ISO 27000 series
Availability refers to the accessibility of
data. To be available, data needs to be
protected from disruption of service.
Other Security Reference
CompTia CloudCompTia Cloud Essential
19. Cloud Deployment Model
Private
Cloud
Community
Cloud
Public
Cloud
Hybrid
Cloud
used by a single user or group of users
within an organization, the private cloud is
owned, managed, and operated by the
organization
used by a group of related organizations with
shared concerns, such as a group of
governmental or educational institutions that
choose to share a common cloud of services
not available
to the general public
Used by the general public, public cloud
services represent the most thoroughly
virtualized cloud infrastructural design,
removing data center information
resources partially or completely.
using components of private, community,
or public clouds, the hybrid cloud provides
access to two or more infrastructures
bridged by standardized technologies or
proprietary cloud services.
National Institute of Standards and Technology Special Publication 800-145
20. Cloud Service Model
âą The capability provided to the consumer is to use the
providerâs applications running on a cloud infrastructure2.
The applications are accessible from various client devices
through either a thin client interface, such as a web browser
(e.g., web-based email), or a program interface. The
consumer does not manage or control the underlying cloud
infrastructure including network, servers, operating systems,
storage, or even individual application capabilities, with the
possible exception of limited user-specific application
configuration settings.
Software as a Service
âą The capability provided to the consumer is to deploy onto
the cloud infrastructure consumer-created or acquired
applications created using programming languages, libraries,
services, and tools supported by the provider.
Platform as a Service
âą The capability provided to the consumer is to provision
processing, storage, networks, and other fundamental
computing resources where the consumer is able to deploy
and run arbitrary software, which can include operating
systems and applications.
Infrastructure as a Service
CompTiaCompTia CloudCompTia Cloud Essential
21. Cloud Network Architecture
Interconnectivity
âą For e-mail
SMTP
âą For file transfer
FTP
âą For web access
HTTP & HTTPS
Architecture
Physical
Data-Link
Network
Transport
Session
Presentation
Application
send
Physical
Data-Link
Network
Transport
Session
Presentation
Application
receive
media
SaaS
PaaS
IaaS
Open Systems Interconnection (OSI)
22. Cloud Adoption Strategy
Aligning cloud deployment with
organizational goal
1
Impact of cloud adoption to business
process
2
Understanding the improve of SLA3
Any organization that is considering adoption of cloud services must start by identifying the type of
cloud service components it intends to take advantage of before starting plans for integration with an
existing enterprise network
Prior to adopting cloud computing services, an organization must fully understand the impact they will
have on existing business processes.
Culture & Business Changesa
Management Changesb
Testing & Readinessc
CompTia CloudCompTia Cloud Essential
25. LEGAL ISSUE OF CLOUD
COMPUTING
Legal Issue of Cloud Computing
26. Jurisdiction of Data Location
ⶠThe location of the physical servers
ⶠThe location of the service providerâs headquarters
ⶠThe location of the data owner
ⶠThe locations the data passes through between the providerâs servers
Cloud Computing
Provider
Cloud Computing
Customer
Data Center
Data Center
Data Center
This issue can be mitigated by contractually obligating the service provider to keep data
within appropriate geographic locations.
CompTia Cloud Essential