Cloud Services Overview

(1)

Cloud Services Overview

John Hankins

Global Offering Executive

Ricoh Production Print Solutions

May 23, 2012

(2)

Cloud Services Agenda

Definitions

Types of Clouds

The Role of Virtualization

Cloud Architecture

Growth of the Cloud

Evolution of Cloud Services

Cloud Service Economics

Security and Privacy Issues

References

(3)

Definitions – What is Cloud Computing?

“For the purpose of this article, consider that cloud computing is an all-

inclusive solution in which all computing resources (hardware, software,

networking, storage, and so on) are provided rapidly to users as demand

dictates. The resources, or services, that are delivered are governable to

ensure things like high availability, security, and quality. The key factor to

these solutions is that they possess the ability to be scaled up and down,

so that users get the resources they need: no more and no less.” IBM –

Cloud Computing for the Enterprise, 2009

Definitions from NIST SP400-145

Essential Characteristics

• On-demand self-service

• Broad network access

• Resource pooling

• Rapid elasticity

• Measured service

Service Models

• Software as a Service – SaaS

Application running in a cloud infrastructure with access via a thin client such a web

browser

• Platform as a Service – PaaS

A cloud environment optimized for developing and running applications

• Infrastructure as a Service – Iaas

Servers, storage, and network functions delivered via the cloud

2 Google Docs

Microsoft Azure

Savvis VPDC

(4)

Definitions – Deployment Models (NIST)

Private Cloud

The cloud infrastructure is provisioned for exclusive use by a single

organization comprising multiple users (e.g., business units). It may

be owned, managed, and operated by the organization, a third party,

or some combination of them, and it may exist on or off premises.

Public Cloud

The cloud infrastructure is provisioned for open use by the general

public.

Community Cloud

The cloud infrastructure is provisioned for exclusive use by a specific

community of users from organizations that have shared concerns

(e.g., mission, security requirements, policy, and compliance

considerations).

Hybrid Cloud

The cloud infrastructure is a composition of two or more distinct

cloud infrastructures (private, community, or public) that remain

unique entities, but are bound together by standardized or

proprietary technology that enables data and application portability

(e.g., cloud bursting for load balancing between clouds).

(5)

IDC vs. NIST Views of Cloud Computing

Copyright IDC 4

(6)

Definitions - Single vs. Multi Tenant

Single tenant

An application, server or infrastructure platform with a

single individual or business entity as the user

Multi tenant

An application, server or infrastructure platform with

multiple unrelated individuals or business entities as users

Example – Managed ADF

Application Layer

IPPD – Single Tenant

Virtual Server Layer

Red Hat Linux – Single Tenant

Physical Server Layer

HP Proliant – Multi Tenant

Security Layer

Cisco Firewall – Single Tenant

Storage Layer

EMC – Multi Tenant

(7)

Virtualization Platforms

Virtual servers and server hypervisors

• VMware – commercial, owned by EMC

• Xen – open source, developed at Cambridge University

• Hyper-V - Microsoft

Hypervisors allow for the creation of multiple virtual

computers running individual operating systems (eg,

Linux, Windows) on a single physical platform

Storage Area Networks (SAN)

A storage area network (SAN) is a dedicated network that provides

access to consolidated, block level data storage. SANs are primarily used

to make storage devices, such as disk arrays, tape libraries, and optical

jukeboxes, accessible to servers so that the devices appear like locally

attached devices to the operating system.

6

(8)

Sample Cloud Architecture – Component View

Copyright Savvis

(9)

TCI Cloud Reference Architecture – Functional View

8 Trusted Cloud Initiative Reference Architecture

Oct 2011

(10)

Gartner Magic Quadrant for Public Cloud Infrastructure

Copyright Gartner

(11)

Print and Mail Services in the Cloud

10 Ricoh Managed ADF Services

(12)

Projected Cloud Growth2011-2020

Current market size - $40.7B

Projected size 2020 - $241B

SaaS market is fastest growing

• 2011 - $21.2B

• 2020 - $132.5B

PaaS growth

• 2011 - $820M

• 2020- $11.9B

IaaS growth

• 2011 - $2.94B

• 2017 - $5.4B

• 2020 - declining

Source: Forrester Research

(13)

Evolution of Cloud Services

12 1990 2012

V a lu e

(14)

Cloud/Managed Services Model

• SaaS

• Vendor Managed

• Cloud

• License

• Customer Managed

• On-site

SaaS

Vendor Managed

On-site

License

Vendor Managed

On-site

Infrastructure/Service/Asset/Finance Continuum

Infrastructure Service/Asset/Finance

Cloud-Multi Tenant Vendor Mgt SaaS

Hosted-Single

Tenant

Vendor Mgt Service/Rental

On-site Vendor Mgt Service/Rental

On-site Vendor Mgt Financed License

On-site Vendor Mgt License

Colocation Customer Mgt Varies

On-site Customer Mgt Rental

On-site Customer Mgt Financed License

On-site Customer Mgt License

Offering Options

C u s to m e r C o n tr o l

High

Low

E c o n o m y o f S c a le

Low

High

(15)

Cloud Economics/ ROI – Page 1 (SaaS example)

14 Investment Requirements Year One Total Net Present Value 5 Year

Item Description Cloud In-House Cloud In-House

Hardware Total hardware cost for project; includes traditional servers and storage AND cost of

any infrastructure upgrades (or allocations of those project costs) $ 13,500 $ 32,000 $ 13,500 $ 49,221 Software Total software costs for project; includes traditional licensing as well as additional

software cost needed to enable solution $ - $ 11,500 $ - $ 11,500 Internal one time Internal charges or costs (separate from integration costs) $ - $ 2,800 $ - $ 2,800 External one time External vendor or partner charges for installation (separate from integration budget) $ - $ - $ - $ -

Hosting/SaaS fee Annualized cost of cloud application $ 25,000 $ - $ 106,757 $ -

Licensing Specific recurring license costs $ - $ 7,500 $ - $ 7,500

Software maintenance and support

Traditional support and maintenance charges $ 2,025 $ 4,325 $ 8,647 $ 18,469 Bandwidth

allocation

Bandwidth charges for project (calculated as a percentage of annual spend on

Internet connectivity) $ 6,000 $ 2,400 $ 25,622 $ 10,249

Staffing allocation Allocation of internal manpower budgeted to support project $ 7,500 $ 40,000 $ 32,027 $ 170,811 Monitoring

upgrades

Additional (or allocated) cost to add status and performance monitoring for either

option $ 6,000 $ 1,500 $ 9,270 $ 1,500

Backup/archive Cost to add desired backup and archiving of data based on IT requirements $ 4,000 $ 500 $ 5,635 $ 2,135 Failover/redundancy Cost to add desired failover and/or redundancy based on business continuity plan $ 7,500 $ 2,500 $ 15,676 $ 10,676 Integration costs Total costs to provide data integration between project and existing data sets; should

be budgeted to achieve optimum connectivity among all systems $ 4,250 $ - $ 6,703 $ - Security review cost One-time cost to have security (or external team) assess integration of new project $ 7,500 $ - $ 7,500 $ - Ongoing

compliance/audit

Additional (or allocated) cost to add this project to existing security and audit practices; should include any non-IT costs, such as accounting or compliance auditing

$ 5,000 $ 3,500 $ 21,351 $ 14,946

Other Any other additional costs uniquely associated with each option $ - $ - $ - $ -

Total $ 88,275 $ 108,525 $ 252,689 $ 299,807

Total cost difference for cloud $ 20,250 $ 47,118

Copyright InformationWeek

(16)

Cloud Economics/ ROI – Page 2

15 Expected Return (Sales, Savings, Productivity)

Year One Total Net Present Value 5 Year Total

Item Cloud In-House Cloud In-House

Sales impact $ - $ - $ - $ -

IT cost impact (calculated) $ 20,250 $ (20,250) $ 47,118 $ (47,118)

Cost impact (other factors) $ 175,000 $ 175,000 $ 747,300 $ 747,300

Employee productivity impact $ 302,322 $ 302,322 $ 1,290,999 $ 1,290,999

Other $ - $ - $ - $ -

Potential returns $ 497,572 $ 457,072 $ 2,085,417 $ 1,991,181

Hard returns (factoring out productivity) $ 195,250 $ 154,750 $ 794,418 $ 700,182

Net return $ 106,975 $ 46,225 $ 541,729 $ 400,375

Return on

investment 121% 43% 214% 134%

Speed to market

impact

Expected time to implement solution (in

months) 2 4

Potential impact on year one return $ 17,829 $ (17,829)

Cost of capital 5.5%

(17)

Security and Compliance Issues

16 Personally identifiable information (PII) is protected by federal and state statues

Example:

California data breach notification law, SB1386:

^[10]

(e) For purposes of this section, "personal information" means an individual's first name or first initial and last name in

combination with any one or more of the following data elements, when either the name or the data elements are not

encrypted: (1) Social security number. (2) Driver's license number or California Identification Card number. (3) Account

number, credit or debit card number, in combination with any required security code, access code, or password that would

permit access to an individual's financial account. (f) For purposes of this section, "personal information" does not include

publicly available information that is lawfully made available to the general public from federal, state, or local government

records.

Core security issue is exposure of confidential

information, aka PII

Very relevant issue for 3 ^rd party service providers

handling PII

(18)

Security and Compliance Issues

Examples of Security Compliance Standards

Payment Card Industry (PCI) DSS 2.0

• Covers end to end security for payment cards

SSAE16 Type II aka SOC II (replaces SAS 70 Type II)

• Audit standard for outsourced data center, network, cloud and other IT

services

ISO 27000 standards

• ISO standards and certification for information security

Health Insurance Portability and Accountability Act (HIPAA)

• Standards for processing personal health information

How to address security issues?

Best Practices + 3 ^rd Party Audits = Compliance = Meets Minimum for

organizations to allow 3 ^rd party vendors to handle PII

(19)

Health Care Security & Data Breach Survey

Copyright Ponemon Institute 18

Cause of Data Breach

Mobile Device Security Policies Barriers to Improved Security

Cost of a Data Breach

(20)

Cloud Security Alliance POV

1. Security on the Network

2. Identity Management

3. Compliance

4. Data Integration

5. Vendor Lock-In

6. Vendor Viability

7. Manageability

8. Availability

9. Shared Resources

10. Legal Ambiguity

Cloud Architecture

Governance and Enterprise Risk Management

Legal and Electronic Discovery

Compliance and Audit

Information Lifecycle Management

Portability and Interoperability

Security, Bus. Cont., and Disaster Recovery

Data Center Operations

Incident Response, Notification, Remediation

Application Security

Encryption and Key Management

Identity and Access Management

Virtualization

13 Domains of Focus for Cloud

Computing

Top Threats to Cloud Computing

(21)

References

NIST Definition of Cloud Computing SP800-145

• Sept 2011 – 3 pages

• http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

NIST DRAFT Cloud Computing Synopsis and

Recommendations SP800-146

• May 2011 – 84 pages

• http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-146

Gartner Magic Quadrant Report for Public Cloud Infrastructure

• March 2012

• http://www.gartner.com/technology/reprints.do?id=1-

18BC06X&ct=111213&st=sb

Gartner Magic Quadrant Report for Managed Hosting

• December 2011

• http://www.gartner.com/technology/reprints.do?id=1-

19L41NJ&ct=120306&st=sg

Information Week Cloud ROI Modeler

• March 2012 – Excel spreadsheet

• http://reports.informationweek.com/abstract/5/8678/Cloud-

Computing/2012-informationweek-cloud-roi-

modeler.html?cid=nl_analyt__iwkrnwlslspeced20120308&wc=4

20

(22)

References

Information Week Cloud ROI Calculations

• March 2012 – 26 pages

• http://reports.informationweek.com/abstract/5/8702/Cloud-

Computing/research-cloud-roi-

calculations.html?cid=nl_analyt__iwkrnwlslspeced20120308&wc=4

Information Week 2012 State of Cloud Computing

• February 2012 – 29 pages

• http://reports.informationweek.com/abstract/5/8658/Cloud-

Computing/research-2012-state-of-cloud-

computing.html?cid=nl_analyt__iwkrnwlslspeced20120308&wc=4

Information Week 2012 Fundamentals of Cloud vs. In-House

IT Spend

• February 2012 – 14 pages

• http://reports.informationweek.com/abstract/5/8694/Cloud-

Computing/fundamentals-cloud-vs-in-house-it-spend-smart-in-

2012.html?cid=nl_analyt__iwkrnwlslspeced20120308&wc=4

Cloud Industry Forum – UK Adoption Trends 2011

• February 2011 – 15 pages

• http://www.cloudindustryforum.org/downloads/whitepapers/cif-

white-paper-1-2011-cloud-uk-adoption-and-trends.pdf

(23)

Useful Web Sites

cloudsecurityalliance.org - Cloud Security Alliance

www.27000.org - ISO Information Security

Standards

www.pcisecuritystandards.org/security_standards/ -

PCI DSS 2.0 and other information

http://www.ponemon.org – Ponemon Institute, data

privacy experts

http://csrc.nist.gov/news_events/HIPAA-

May2011_workshop/presentations.html

2011 Conference - Safeguarding Health Information:

Building Assurance Through HIPAA Security

http://www.hhs.gov/ocr/privacy/hipaa/administrative

/securityrule/index.html - The HIPAA Security Rule

22