VCS Cloud Computing Overview 120910

An Overview to
Cloud Computing
1
Agenda and Objectives
Introduction
Module / Lesson Objectives

Introduction Introduce facilitators and learning objectives
Module 1: About Cloud Computing Describe Cloud Computing is the associated features and
benefits
Module 2: Types of Clouds Identify Cloud Types and Cloud Services
Module 3: Typical Cloud Architecture Identify the key characteristics and components of the Cloud
Computing architecture
Module 4: Security & Risk Describe the security, risk and compliance issues that need
to be considered and provides a risk-based approach to
addressing them
Module 5: Compliance Identify compliance regulations and data governance
requirements to Deloitte service offerings
Module 6: Governance Describe IT Governance and the need for standardized
processes
Module 7: Why Deloitte? Distinguish between the different services Deloitte offered to
support cloud computing and why clients should choose
Deloitte
Module 8: Summary Summarize lessons learned and answer remaining
questions
2 Copyright © 2010 Deloitte Development LLC. All rights reserved.

Module 1: About Cloud Computing
Learning Objectives
Upon completing this module, you will be able to:
Describe Cloud Computing is the associated features

and benefits
Duration: 5 minutes

Cloud Computing Description
• In the simplest of terms, Cloud Computing is an Internet-based

shared computing paradigm, somewhat like an electricity grid:
‒ Internet-based computing
‒ Shared resources
‒ Shared software
‒ Shared platforms and infrastructure
‒ Available on-demand
• Cloud Computing… this is the future of computing, it is cutting

edge, it is out there right now and clients are asking about it:
‒ Future of computing
‒ Cutting edge
‒ Out there, right now
‒ Clients are asking about it

Key Characteristics of Cloud Computing
Standardized Standardized IT services configurations are

implemented in order to leverage the capabilities
of cloud computing.
Easily Accessible Easy access via the Internet from any computer:
Cloud services can be conveniently accessed by
using a standard Web browser
Available On-demand Cloud computing is highly available and
scalable: Replication is part of the cloud
framework.
Scalable Capabilities are easily scaled, and can be
automatically adjusted to meet demand
Pay As You Go Pay only for what you use and only while you
use it
Self-servicing Full customer self-service: customers can
provision, manage, and terminate services
themselves

Benefits of Cloud Computing
• If you access multiple servers, you need to only request access; you don’t have
to complete the actual server setup.
• Costs are lower. Public Cloud computing customers do not own the physical
infrastructure, thus avoiding capital expenditure (CapEx) by contracting for the
service from a third-party provider.
• You can release a capability if you are no longer using the resource, while
retaining the configuration in a library for future use.
• You always have the most updated applications and setup.
• As your requirements grow, the cloud expands with you.
• Cloud user groups and communities help to drive the face of the future.
Feedback from early adopters changes the technology.
• The importance of on-demand is that you pay for only what you use, as
opposed to traditional infrastructure.
• Maintenance is easier since the host cloud environment is maintained by the
provider.

Evolution of Cloud Computing
1998-2002 Application Service Providers: Today • Network and hardware

• Applications were designed with advancements make remote
the mindset of a dedicated enablement of pieces of
operating environment. critical business processes
• Bandwidth and hardware viable.
limitations led to performance, • The global economic
reliability, and scalability issues. recession led to an increased
role of the business in
software selection and cost
reduction.
2003-2006 Grid Computing: Today • Underlying computing,
• ―The network is the computer‖ – storage, and data layers are
though famously promoted by increasingly abstracted from
hardware, database, and systems the consumer, shifting to a
software providers, the lack of true utility model.
multi-tenancy application • Proliferation of supported
architectures and related security infrastructure, platform, and
capabilities undermined these software offerings built around
impressive technical advances. cloud principles.
• The market was crowded with • Continued hardware
contradictory approaches. advances are improving
Challenges post 2010. performance, bandwidth, and
scalability.

Evolution of Cloud Computing, Cont’d.
2008-Onwards Cloud Commercialization:

• Cloud computing is coming to the market in waves of capabilities –
capabilities that improve as the technology matures
• Cloud computing is a multi-faceted concept without universally
accepted definitions.
• Organizations are awash with partial and inaccurate understanding of
cloud computing – causing confusion and barriers.
• Suppliers have rebranded products as cloud computing – diluting the
marketplace.
• Definitions for the types of clouds, disposition of cloud services, and
business models are gaining traction.
• Free-market principles are forcing fringe products from the space, with
higher-tier products gaining share.
• Emergence of ―capability clouds ‖ offering clearly packaged services
with direct business relevance and value i.e. Cloud solutions.

Module 2: Types of Clouds
Learning Objectives
Identify Cloud Types and Cloud Services
Duration: 10 minutes

What is a “Cloud”?
Public Cloud Cloud computing services from vendors that can be

accessed across the Internet or a private network,
using systems in one or more data centers, shared
among multiple customers, with varying degrees of
data privacy control.
Private Cloud Computing architectures that are built, managed, and
used internally; uses a shared services model with a
common pool of virtualized computing resources.
Data is controlled within the enterprise.
Hybrid Cloud A combination of public cloud services, private cloud
computing architectures, and classic IT infrastructure.
This forms a hybrid model that uses the best-of-breed
technologies to meet specific needs.

Public Cloud
• Quick startup time

• No capital investment required
• Allows outsourcing of non-core functions to a service
provider
Attributes
• Leverages highly scalable vendor infrastructure
• Uses a standardized software stack
• Lower initial fees, variable costs, billed by usage
• On-demand access to a shared pool of resources,

applications, and data
• Procurement and expandability is easy
Benefits
• Accessibility to public clouds
• Interfaces with public cloud services

Public Cloud Logical Model
There is no specific reference architecture for Public Cloud, given that it’s a
service abstraction. All the major vendors do it differently at the physical
architecture level.
Public clouds offer dynamically provisioned resources on a self-service basis over the Internet
via web applications/web-services from an off-site service provider who shares resources and
charges on a fine-grained utility computing basis. In this model, service providers manage the
infrastructure and resource pools which can be paid for and used by any customer.

Private Cloud
• Quick startup and flexibility of resource allocation

• Requires capital investment
• On-premise data and systems
• Good choice when possible to leverage existing staff and
Attributes
investments
• Cost savings through leveraging virtualization and grid
technology
• Business units may share costs

• More efficient use of CapEx and corporate resources
• pay as you go versus costs up front, and only while
resources are needed
Benefits
• Expenses become part of business units operating
expenses (OpEx) rather than capital expenditure up front
(CapEx)

Private Cloud Logical Model
Enterprise Data Center Preconfigured Standard Operating
User Access Management – Intrusion Management

Templates Procedures
High Speed
Ethernet
Virtualized Servers Databases/Storage
Computing Resource Reference Depository

Manager
Firewall
Load Balancing Front-End Application
VPN
User Interface
Internet VPN
User Interface User Interface

User Interface
Private Cloud Computing

Logical Model
Hybrid Cloud
• More flexibility in providing IT services while at the same

time maintaining more control over business services and
data
• Quick startup
• Integration of cloud types adds complexity
• Allows ―best of both worlds‖ for control of data and reduction
Attributes of non-core focus
• Allows selection of scalable vendor infrastructure
• Allows internal control
• Allows fine-grained sourcing of most appropriate technology
and cost profiles
• Integration may constrain savings potential
• More control over security

Benefits • Advantages on cost savings from Public Cloud use

Hybrid Cloud Logical Model
Hybrid Cloud leverages the same logical model as the Private Cloud.
Enterprise Data Center Preconfigured Standard Operating

Templates Procedures
High Speed
Ethernet
Virtualized Servers Databases/Storage
Computing Resource Reference Depository

Manager
Firewall
Load Balancing Front-End Application
VPN
User Interface
Internet VPN
User Interface User Interface

User Interface
Private Cloud Computing

Logical Model
Cloud Services
Service type
Description of the different service categories
category
• A model of software deployment whereby a provider licenses an
application to customers for use as a service on demand
Software-as-a- • SaaS software vendors may host the application on their own web
Service (SaaS) servers or download the application to the consumer device, disabling it
after use or after the on-demand contract expires
• The delivery of a computing platform and solution stack as a service

• Facilitates the deployment of applications without the cost and complexity
Platform-as-a- of buying and managing the underlying hardware and software layers
Service (PaaS) • Provides all of the facilities required to build and deliver web applications
and services entirely from the Internet
• The delivery of computer infrastructure (typically a platform virtualization

environment) as a service
Infrastructure- • Rather than purchase servers, software, data center space ,or network
as-a-Service equipment directly, clients instead buy those resources as a fully
(IaaS) outsourced service
• Service is typically billed on a utility computing basis with the cost
reflecting the amount of resources consumed
Module 3: Typical Cloud Architecture
Learning Objectives
Identify the key characteristics and components of the

Cloud Computing architecture

Key Characteristics
• Data Center architecture and capacity:

‒ Reduces costs of purchasing servers, software, data center space, or network
equipment.
‒ Billing and how customers are billed is impacted. Cost reflects the level of
activity.
‒ Scalability
• Architecture transformation and evolution:

‒ Network-based access to, and management of, commercially based software
‒ Centralized feature updating
• Policy-based management of IT platforms

• Technology implications
• Managing operational risks—depending on the cloud solutions
operational activities that are managed from central provider locations

Basic Features of Cloud Computing
Architecture and Services
Provisioning of services begins immediately once an end-user defines and

Front-End Portal
submits their service choices, except those services that require IT
Application
administrator approval.
Service Options an End-User Could Define Within the Front-End Portal
include:
Service Options • Environment • Backup
• Virtual Server • Network
• Storage • Database
The Compute Resource Manager provides IT administrator’s deep visibility
and control into their virtual environments and underlying infrastructure,
while allowing for automatic IT service provisioning with little human
Compute interaction necessary. The four key functions of the Compute Resource
Resource Manager are:
Manager • Define infrastructure service templates workflows, and automation scripts
• Allocate and provision infrastructure services
• Monitor active infrastructure services
• Decommission and repurpose infrastructure services
Computing The servers, storage, and network resource pool
Resources
Load Balancing Used for maintaining and balancing loads on provisioned resources

Cloud Flow
Differences of • How does the user interact with the cloud: ordering, monitoring
the Private what you use, billing, releasing what you don’t use.
Cloud vs. • Location/use of firewall will distinguish private from public.
Public Cloud
• Owned by you and configured as a cloud services model, or is it
owned by cloud service providers and you are just renting them?
Effort to
• In the case of private clouds clients may have to build out the
Deploy, Run,
four pieces and parts. There is no standard path around building
and Manage
out these pieces. They can all evolve over time. Flow is relevant
Applications
when you define a new environment.

Module 4: Security & Risk
Learning Objectives
Describe the security, risk and compliance issues that

need to be considered and provides a risk-based
approach to addressing them

Cloud Concerns
Concerns over integrity and information security continues to slow

the adoption of cloud services.
• Security, risk, and compliance concerns are top reasons cited for delaying cloud
adoption.
• On the other hand, cloud solutions can potentially provide better security
protection, risk management, and compliance.

New Security Risks
New risks have been introduced to Cloud Computing that include:
• Identity and access management

• Vulnerability management
• Network, system, and application security
• Encryption
• Privacy and data protection
• Monitoring
• Incident management

Risks to Consider When Implementing Cloud
There are many other risks that one has to consider when
implementing cloud. These include:
• Business continuity, disaster recovery, and availability
• Asset management
• Human risks (e.g. malicious insider at cloud provider)
• Electronic discovery
• Financial controls
• Vendor management
• Vendor lock-in

Compliance Within Cloud
The platform for compliance is under continuous change and

requires detailed attention.
• Complexity in complying with multi-jurisdictional data laws because of lack of

knowledge of data location
• Lack of transparency impediment to monitoring compliance
• Evolving cloud standards, regulations, and compliance enforcement landscape

Benefits of a Risk-based Approach
There are many benefits of a risk-based approach to address

security, risk, and compliance which includes:
• Risk assessment
• Risk management system/solution
• Implementation of specific controls or remediation
• Internal audits and external assurance
• Ongoing monitoring and improvement

Module 5: Compliance
Learning Objectives
Identify compliance regulations and data governance

requirements to Deloitte service offerings
Duration: 5 minutes

Legal Compliance
There are many legal requirements for providing cloud services that
include:
• Overview regulations and data governance requirements
• Internal compliance requirements
• Privacy laws
• Compliance with local laws and regulations

Data Governance
Data protection is critical to the viability of cloud services. It provides

the following for cloud services:
• Protecting data against theft, loss and misuse
• Tax implications
• Auditing and monitoring
• Data integration hub
• Master data management strategy

Module 6: Governance
Learning Objectives
Describe IT Governance and the need for standardized

processes
Duration: 5 minutes

IT Governance and Controls
The primary objective of IT Governance and Controls is to ensure the

investments an organization makes in Cloud Computing create business
value, mitigate related risk, and align with the organization’s overall IT
and business strategy.

Things to Consider
When implementing Cloud Computing there are some key questions

to consider in relation to security and risk.
• What is Cloud Computing governance?
• Why is it important?
(You have to think about this differently and re-define the governance structure
as it applies to IT structure and services.)
• Does the Cloud Computing model continue to align with existing IT governance
and business objectives?
• Should you take a traditional approach and change it to account for on-demand
service provision and chargeback?
• What tools need to be monitored?
(These will need to be put in place and this is where the investment comes in.)
• Is the governance defined for the cloud computing model as well as the
organizational structure?

Module 7: Why Deloitte?
Learning Objectives
Distinguish between the different services Deloitte

offered to support cloud computing and why clients
should choose Deloitte
Duration: 5 minutes

Our Value Proposition
Unmatched global capabilities across technology and business

consulting, financial advisory services, and tax and risk management:
‒ Vendors only look at niche market and their vertical Deloitte looks at a solution
holistically. Deloitte provides an unbiased opinion, based on our exposure to
market capabilities.
‒ Deloitte is an integrator—can model solutions to the size of business and
required business solution. Vendors are just ―one note.‖
‒ Deloitte can create a test pathway of implementation and prevent obstacles by
testing.
‒ Avoid vendor locking, not vendor specific.
‒ Synthesizing cloud computing trends. Cut through the fluff. Get the real story.
‒ Can leverage Deloitte collaboration with industry standards.
‒ Deloitte actually has its own cloud—so, we walk the walk.

Service Offerings
Deloitte provides various best-in-class service offerings, including:

• Cloud strategy, integration, and migration
• Data governance
• Security, risk, and compliance
• Tax strategies

Module 8: Summary
Cloud Computing Resources
Module 8: Summary
Other Cloud Computing courses in this series:

• Introduction to Cloud Computing (e-Learning)
• Public Cloud Computing (Virtual Classroom)
• Private Cloud Computing (Virtual Classroom)
• Security, Risk, and Compliance in the Cloud (Virtual Classroom)
• Cloud Computing Governance (Virtual Classroom)
• Selling Cloud Services (Virtual Classroom)
For additional information, please contact:

DeWayne Holmes Chris Weitz Erik Marvik
deholmes@deloitte.com cweitz@deloitte.com emarvik@deloitte.com
+1 916 712 0258 +1 408 315 6289 +1 415 713 2505

Lessons Learned
Module 8: Summary
Lessons learned from this session include:
• Cloud Computing is Internet-based shared

computing paradigm, meaning shared software,
platform, and infrastructure resources are made
available on demand.
• The major types of Clouds are Public, Private, and
Hybrid.
• The three cloud service type categories are
Software-as-a-Service (SaaS), Platform-as-a-Service
(PaaS), and Infrastructure-as-a-Service (IaaS).
• Security, risk, and compliance concerns are top
reasons cited for delaying cloud adoption.
• IT Governance and Controls provides the means to
carefully limit risks and maintain a controlled
environment.
• Deloitte provides unmatched Cloud Computing global
capabilities across technology and business
consulting, financial advisory services, and tax and
risk management:

Questions
Module 8: Summary

48 © 2010 Deloitte Development LLC

VCS Cloud Computing Overview 120910

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

VCS Cloud Computing Overview 120910

Uploaded by

Copyright:

Available Formats

An Overview to

Module / Lesson Objectives

2 Copyright © 2010 Deloitte Development LLC. All rights reserved.

Upon completing this module, you will be able to:

Describe Cloud Computing is the associated features

4 Copyright © 2010 Deloitte Development LLC. All rights reserved.

• In the simplest of terms, Cloud Computing is an Internet-based

• Cloud Computing… this is the future of computing, it is cutting

5 Copyright © 2010 Deloitte Development LLC. All rights reserved.

Standardized Standardized IT services configurations are

6 Copyright © 2010 Deloitte Development LLC. All rights reserved.

7 Copyright © 2010 Deloitte Development LLC. All rights reserved.

1998-2002 Application Service Providers: Today • Network and hardware

8 Copyright © 2010 Deloitte Development LLC. All rights reserved.

2008-Onwards Cloud Commercialization:

9 Copyright © 2010 Deloitte Development LLC. All rights reserved.

Upon completing this module, you will be able to:

Identify Cloud Types and Cloud Services

11 Copyright © 2010 Deloitte Development LLC. All rights reserved.

Public Cloud Cloud computing services from vendors that can be

12 Copyright © 2010 Deloitte Development LLC. All rights reserved.

• Quick startup time

• On-demand access to a shared pool of resources,

13 Copyright © 2010 Deloitte Development LLC. All rights reserved.

14 Copyright © 2010 Deloitte Development LLC. All rights reserved.

• Quick startup and flexibility of resource allocation

• Business units may share costs

15 Copyright © 2010 Deloitte Development LLC. All rights reserved.

Enterprise Data Center Preconfigured Standard Operating

User Access Management – Intrusion Management

Computing Resource Reference Depository

Load Balancing Front-End Application

User Access Management – Intrusion Management

User Interface User Interface

Private Cloud Computing

• More flexibility in providing IT services while at the same

• More control over security

17 Copyright © 2010 Deloitte Development LLC. All rights reserved.

User Access Management – Intrusion Management

Computing Resource Reference Depository

Load Balancing Front-End Application

User Access Management – Intrusion Management

User Interface User Interface

Private Cloud Computing

• The delivery of a computing platform and solution stack as a service

• The delivery of computer infrastructure (typically a platform virtualization

Upon completing this module, you will be able to:

Identify the key characteristics and components of the

21 Copyright © 2010 Deloitte Development LLC. All rights reserved.

• Data Center architecture and capacity:

• Architecture transformation and evolution:

• Policy-based management of IT platforms

22 Copyright © 2010 Deloitte Development LLC. All rights reserved.

Provisioning of services begins immediately once an end-user defines and

23 Copyright © 2010 Deloitte Development LLC. All rights reserved.

24 Copyright © 2010 Deloitte Development LLC. All rights reserved.

Upon completing this module, you will be able to:

Describe the security, risk and compliance issues that

26 Copyright © 2010 Deloitte Development LLC. All rights reserved.

Concerns over integrity and information security continues to slow

27 Copyright © 2010 Deloitte Development LLC. All rights reserved.

New risks have been introduced to Cloud Computing that include:

• Identity and access management