Pogled sa zemlje na Cloud poslovni model

Pogled sa zemlje na
Cloud poslovni model
Krešimir Pešice
Business Solution Architect
Information Management & Analitics
5-6-2014
Cloud je „samo” poslovni model
▶ Cloud pruža mnoge do sada nedovoljno
istražene mogućnosti.
▶ Europska unija je definirala Cloud kao
jedno od ključnih područja za
unapređenje konkurentnosti.
▶ Zrelost Cloud tržišta ubrzano raste.
▶ Cijene usluga padaju
▶ Cloud strategija je preduvjet za odluku
▶ Svijest o rizicima
2
| Cloud Academy
Let the Clouds make your life easier
3
| Cloud Academy
A Cloud Technology Reference Model
Your Application
Governance
Your
Problem
Architectural Views
Life Cycle
(Birth, Growth, Failure, Recovery, Death)
Testing,
Monitoring,
Diagnostics
and Verification
Web of Metadata
Categories, Capabilities, Configuration and Dependencies
Their
Problem
Facilities &
Logistics
Element
Management
(Split Responsibility)
Resource
Management
Software & Hardware Infrastructure
4
| Cloud Academy
Basic
Monitoring
Kontrola, sigurnost, rizici
▶ Povjerljivost:
– Kriptografija
– Brisanje podataka
– Pristup aplikacijama
▶ Integritet
▶ Pristupačnost (Availability)
– Smetnje u radu usluge (Service disruptions)
– Portabilnost podataka
– Portabilnost aplikacija
– Interoperabilnost
▶ Kontrola i fleksibilnost u praksi:
– Vrlo često dolazi do različitih tumačenja
odgovornosti obzirom na poslovne modele
(PaaS, SaaS, IaaS)
5
| Cloud Academy
Kontrola u praksi
▶ Passive provision of resources:
– Većina trenutnih zakona(1) se odnosi na
tradicionalne outsourcing modele
▶ Razlike Cloud modela u odnosu na outsoarcing.
Ključni pojmovi za razmatanje zakonskih odredbi.
– Proaktivna usluga vs. pasivni resursi
za samoposluživanje.
– Smjerovi eskalacije i procedure rješavanja.
– Standardizirana, dijeljena infrastruktura i okruženja.
– Razina znanja
– Razina kontrole
▶ Osiguranje kao alat za upravljanje rizicima
(1) Cloud Security Allinace: Cloud controls matrix
6
| Cloud Academy
Zakonska regulativa i razvoj tehnologije
7
| Cloud Academy
Standardni ugovori za Cloud Services
▶ Sastavni dio svakog standardnog ugovora su:
– Terms of Service (ToS) – Dokument u kojem su opisani odnosi između
kupca i pružatelja usluge (Komercijalni uvjeti, pravne klauzule, primjenjivi
zakoni, i ograničenja od odgovornosti)
– Service Level Agreement (SLA) – Dokument koji opisuje nivo pružanja
usluge i kompenzacije ukoliko dođe do prekoračenja u dogovorenom nivou
pružanja usluge.
– Acceptable use Policy (UAP) – Dokument koji opisuje dozvoljeni i
nedozvoljeni način korištenja usluge.
– Privacy policy – Dokument koji opisuje koji način pružatelj usluge koristi i
štiti osobne podatke. Ovaj termin se obično koriti i u smislu zaštite podataka.
8
| Cloud Academy
Standardni ugovori za Cloud usluge
▶ Ugovorna forma i primijenjen pravni okvir:
– zakoni, jurisdikcija, arbitraža
– prihvatljivo korištenje usluge
– izmjene ugovornih odredbi ToS-a
▶ Upravljanje podatcima:
– Integritet podataka, Očuvanje podataka
– Objavljivanje podataka
– Lokacija podataka/transfer
– Prava intelektualnog vlasništva
– Monitoring by provider
▶ Ograničenja i odgovornosti:
– Garancija
– Indirektna odgovornost
– Ograničena odgovornost
– Obeštećenje
9
| Cloud Academy
Zakoni koji se primjenjuju
10
| Cloud Academy
Pregovorni ugovori za pružanje
Cloud usluga
▶ Odgovornost: isključenje od odgovornosti,
ograničenja i obeštećenja
▶ Otpornost, dostupnost, performanse i razina usluge
▶ Regulatorna pitanja (Lokacija podataka
i export, data procesori, osobni podatci)
▶ Tajnost i prava na praćenje/pristup/otkrivanje/korištenje
podataka o klijentima
▶ Sigurnosni zahtjevi, revizija prava, proboj sigurnosti
ili incident, način odgovora na incident.
–Audit prije potpisivanja govora
–Certificiranje: Cloud specific, PCI/DSS, ISO 27001,
–penetracijsko testiranje prije ugovora
–prava auditora
▶ Lock-in i izlazna strategija
–zadržavanje podataka/brisanje i portabilnost podat.
▶ Uvjeti prekida usluge i način
11
| Cloud Academy
What are the main concerns of clients
with regard to Cloud computing?
▶ 58% of surveyed companies (study realized by Forrester) revealed they were
hesitating to go for Cloud – WHY?
These concerns are all data protection related.
12
| Cloud Academy
Software as a Service
Application
Application
Server
Middleware
Database
Your
Problem
Operating System
Their
Problem
Hypervisor
CPU
Networking
Storage
Backup
Datacenter (Power, Cooling, Physical Security)
13
| Cloud Academy
Software as a Service
Application
Application
Server
Middleware
Database
Your
Problem
Operating System
Their
Problem
Hypervisor
CPU
Networking
Storage
YOUR
DATA
Backup
Datacenter (Power, Cooling, Physical Security)
14
| Cloud Academy
Platform as a Service
Application
Application
Server
Middleware
Database
Your
Problem
Operating System
Their
Problem
Hypervisor
CPU
Networking
Storage
Backup
Datacenter (Power, Cooling, Physical Security)
15
| Cloud Academy
Platform as a Service
Your Application
Application
Server
Middleware
Database
Your
Problem
Operating System
Their
Problem
Hypervisor
CPU
Networking
Storage
Backup
Datacenter (Power, Cooling, Physical Security)
16
| Cloud Academy
Infrastructure as a Service
Application
Application
Server
Middleware
Database
Your
Problem
Operating System
Their
Problem
Hypervisor
CPU
Networking
Storage
Backup
Datacenter (Power, Cooling, Physical Security)
17
| Cloud Academy
Infrastructure as a Service
Your Application
Your Application
Server
Your Middleware
Your Database
Your
Problem
Your Operating System
Their
Problem
Hypervisor
CPU
Networking
Storage
Backup
Datacenter (Power, Cooling, Physical Security)
18
| Cloud Academy
Novi Cloud poslovni modeli
19
| Cloud Academy
Odaberite model
Legacy
Infrastructure
Single Tenant
Private cloud
Multi Tenant Private Cloud
LAN
Legacy
Internal Private Cloud
External Private Cloud
End to End Solution on Hybrid Cloud
20
| Cloud Academy
Public Cloud
Umjesto zaključka
▶
▶
▶
▶
▶
▶
▶
Nova paradigma nove vještine
Razvijete svoju Cloud strategiju
Napravite dobar Due Diligence
Procijenite rizike i dobiti.
Moja, vaša ili naša odgovornost.
Sigurnost počinje u kući.
Razvijajte kulturu odgovornosti za
podatke u vašoj tvrtci.
▶ Razmotrite prednosti upravljanja
rizicima u Cloudu.
„Resistance is futile”
21
| Cloud Academy
Hvala na pažnji!
Pitanja?
Atos, the Atos logo, Atos Consulting, Atos Sphere, Atos Cloud and
Atos Worldgrid, Worldline, blueKiwi are registered trademarks of Atos
Group. November 2013
© 2013 Atos. Confidential information owned by Atos, to be used by
the recipient only. This document, or any part of it,
may not be reproduced, copied, circulated and/or distributed nor
quoted without prior written approval from Atos.
04-06-2014