Scot-Cloud 2015

Welcome To

#scotcloud

Mark StephenBBC Scotland

#scotcloud

Andrew McLean & Neil Cattermull

Compare the Cloud#scotcloud

@neilcattermull

@mrandrewmclean

cloud, the universe and everything

Mark WilliamsMuon Consulting

#scotcloud

Matching Solutions with Requirements

Dr Mark I. Williams @drmiw

Managing DirectorMuon Consulting Ltd

@drmiw #ScotCloud

Cloud computing: As easy as SPI?

@drmiw #ScotCloud

Any/Everything as a service (XaaS)

Communications as a service (CaaS) orUnified Communications as a service (UCaaS)Desktop as a service (DaaS)Disaster Recovery as a service (DRaaS)Information as a Service (Info-aaS)Monitoring as a service (MaaS)Network as a service (NaaS)Storage as a service (SaaS or STaaS)

@drmiw #ScotCloud

5 steps to cloud success

InvestigationEvaluationDecisionImplementationIteration

@drmiw #ScotCloud

5 steps to cloud success

1. Investigation2. Evaluation3. Decision4. Implementation5. Iteration

I’ll only talk about steps 1 to 3 today…

@drmiw #ScotCloud

Step 1: Investigation

Business review – e.g. SMARTA objectives; employee utilisation; customer surveys; process documentation & analysisInformation governance, controls and riskIT systems – TCO; capabilities & limitationsEducate, engage and encourage staff to rethink what they do and consider cloudList potential problems/opportunities

@drmiw #ScotCloud

Step 1 continued: Problem selection

Positive impact criteria Score

Urgency of problem 1 – 5

Customer pain due to problem 0 – 5

Financial savings from cloud 0 – 5

Team interest and/or buy-in 0 – 5

Management interest/support 0 – 5

Total positive impact (P): 1 – 25

@drmiw #ScotCloud

Negative impact criteria Score

Difficulty of solving in cloud 1 – 5

Resources required 0 – 5

Effect on other systems 0 – 5

Time required to solve 0 – 5

Data sensitivity and/or risk 0 – 5

Total negative impact (N): 1 – 25

Impact criteria rating ( 1 – 25) = P / N

Step 2: Evaluation

Genuine business case?Business critical?Sensitive data involved?Gather detailed requirements for chosen problem with relevant staff and stakeholdersPrioritise functionality – e.g. MoSCoW methodDocument characteristics and get sign-offFind matching cloud solution/s that tick boxes

@drmiw #ScotCloud

Step 2: Technical choices

Off-the-shelf software → SaaS Look for web services interfaces to facilitate integration

Customizable software → PaaS Choose best match for in-house skills, beware vendor

lock-in, and look for ready-made plug-in applications

Complete control over application servers → IaaS Consider portability of virtual machines

Sensitive data → Private or hybrid cloud

@drmiw #ScotCloud

Step 2 continued: Solution selection

Will cloud service integrate well with other systems?Are SLA; security; expected system availability; client references; and measured QoS acceptable? Satisfactory answers to data protection questions?Following best practices for IT service management?Independently certified systems and processes?Easy to migrate to another provider’s cloud?Affordable service costs for max expected usage?

@drmiw #ScotCloud

Step 2 continued: Service costs

SaaS → Monthly application cost per user per month Minimum number of users? Different editions? Data storage costs?

PaaS → user numbers; app numbers; in/out bandwidth; compute time; database objects; storageIaaS → server spec; number of servers; compute hours; file storage; in/out bandwidth; IP addressesAdditional charges? E.g. software licenses; operating systems; third-party services; data

transfer on contract termination; taxes

@drmiw #ScotCloud

You want fries with that?

@drmiw #ScotCloud

£

Step 3: Decision

True cloud cost includes internal costs for evaluation, testing, documentation & trainingWill solution deliver ROI and fit present & future requirements?Will business users be more productive and less reliant on internal IT staff?Could you do it better and cheaper? Really?Are risks understood and acceptable?

@drmiw #ScotCloud

Step 3 continued: Risk calculator

@drmiw #ScotCloud

Concluding remarks

Three top tips:1. Always engage stakeholders and get sign-off2. Start small but think big, keeping future systems

integration, agility and IT strategy in mind3. Create an exit plan and make sure it works!

Remember: You are responsible for data protectionNeed help? Email [email protected]

@drmiw #ScotCloud

mailto:[email protected]

Stephen MacNaughtonEMC

#scotcloud

23© Copyright 2015 EMC Corporation. All rights reserved.


What’s holding you back



32%73%

19%45%

IDCGartner

The Economist451

















EasyReliableSafe

Questions & Discussion#scotcloud

Exhibition & RefreshmentsCheck badge for Breakouts

#scotcloud

30th September 2015

www.iotscotland.com

Welcome Back

#scotcloud

#scotcloud

Prof. Bill BuchananEdinburgh Napier

University

#scotcloud

Vladimir JirasekCloud Security

Alliance

@CSAUKResearch

Cloud Security Alliance, UK chapter https://cloudsecurityalliance.org.uk

Sensible controls to protect Cloud deployments

Scott Cloud 2015, 18 June 2015Vladimir Jirasek, CSA UK Research

@CSAUKResearch


Case study

@CSAUKResearch


Your organisation stakeholders and Cloud

Customers Business managers

, CEO/CFO

CIO Legal Security

Is my data safe and available?Happiness 😀

Customer satisfaction, ROI, EBITDA

ROI, System architecture,Migrations

Legality of data processing and locations, Privacy

Security architecture, Cyber threats, Monitoring

@CSAUKResearch


Does you organisation have Cloud policy?

Generic requirements

• Requirement 1: Discover Cloud services being used in organisation

• Requirement 2: Alignment of organisation enterprise and security architectures with the Cloud

Before a Cloud service procurement

• Requirement 3: Comply with organisation data classification requirements

• Requirement 4: Encrypt all sensitive data processed in the Cloud

• Requirement 5: Link the Cloud service into the organisation Identity and Access architecture and monitoring of activities of users

During a Cloud service procurement

• Requirement 6: Perform due diligence activities before the contract is signed

• Requirement 7: Require “Right to audit” clause in the contract

• Requirement 8: Know locations of personal identifiable information in the cloud

• Requirement 9: Assess the availability of the Cloud services

• Requirement 10: Assess the cloud provider’s security arrangements

• Requirement 11: Assess the Cloud provider’s ability to comply with the organisation forensic investigations

Running a Cloud service

• Requirement 12: Limit the use of live data for testing and development purposes

• Requirement 13: Monitor Cloud providers security arrangements

Decommissioning a Cloud service

• Requirement 14: Destroy sensitive information when not required

@CSAUKResearch


Cloud Security Alliance offers multiple tools

https://cloudsecurityalliance.org/star/

http://www.nist.gov/itl/cloud/

@CSAUKResearch


Get involved! Share knowledge and push towards transparency and standards

Call for contributors for a new version of CSA Cloud Guidance, opened on Monday, June 8, for 6 weekshttps://cloudsecurityalliance.org/media/news/call-for-volunteers-security-guidance-for-critical-areas-of-focus-in-cloud-computing/ Call for contributors for a new CSA UK Small business Cloud Guidance, opening July. Planned delivery Dec 2015

More info on CSA UK website, LinkedIn and Twitter @csaukresearch from next week

https://cloudsecurityalliance.org/media/news/call-for-volunteers-security-guidance-for-critical-areas-of-focus-in-cloud-computing/



#scotcloud

David IrvineMaidSafe

30th September 2015

www.iotscotland.com

Richard [email protected]

7 Critical Cloud Strategy Considerations

The brightsolid cloud philosophy

mailto:[email protected]

48Information Classification: Restricted

The next 30 minutes

brightsolid today

Cloud philosophy

7 critical cloud considerations

Hybrid cloud– why is this future?

Hybrid cloud in practice


brightsolid todayTechnical Innovation Personal Service

Private cloud provider with Azure capabilities, who own and operate our own data centres and national network

Working with Public Sector, Oil & Gas, and Enterprise

First Scottish partner on the Microsoft Cloud OS Network

Approved Scottish Government Framework Supplier

Investing 5 million into Scotland’s digital economy with our next Tier III data centre…



Cloud philosophy Cool clouds

We care about and make good use of the geographical location of our clouds

Changing political landscape of data protection and privacy Is Scotland the new Mecca for Data Centres? Importance of Regional centres to the future


brightsolid AberdeenOur next 400 rack facility

Surpassing expectations Thinking outside the cube Sharing knowledge brightsolid family


Custom cloudsCloud philosophy

Not all clouds are created equal

“We deploy and make use of all of our products and services internally, continuously learning and improving them to deliver a truly refined service to our customers” – Kenny Lowe, Head of Emerging Technologies

Personal cloud service that is proactive rather than reactive Kenny Lowe,

Head of Emerging Technologies


Security at the heart of what we doCloud philosophy

brightsolid Security is strong and simple

Derek RoyData Centre Manager

ISO 27001:2013 ISO 22301:2012


brightsolid National NetworkOur investment in resilience

10Gbps Core networkDiverse routesMultiple telco suppliers3x UK egress pointsHybrid ProtectionMonitored 24/7


Representing valueCloud philosophy

Case Study:

“Migration from traditionalenvironment to brightsolid private cloud”

“The solution is now hosted in a private cloud for less than half the price that IS were

previously paying.”


IaaS

Embracing commodity cloud where appropriate

It’s not ‘cheap’ but represents greater economic benefit

Cloud philosophy

Utility

Private

Hybrid

Commodity cloud

SaaSPaaS

?


Revolution not Evolution Cloud philosophy

Control to the customer

Secure burst capabilities

Development in Azure app layer

Karrie Fyffe, Head of Delivery

Katie Armstrong, Marketing Manager


7 critical cloud considerations

1. Continuous service availability

2. Measure and optimise resource usage

3. Platform enhancements to fit individual needs

4. Architect holistically

5. Automation is king

6. Security at the heart of everything

7. Hybrid is the future

The brightsolid strategy document


Hybrid solutionsPhilosophy and strategy in practice

Customer Site

brightsolidCloud

Public Clouds

ConsistentPlatform

1. There is no one best location for all customer data – on premises, private clouds, and public clouds all have their place

2. Management and usage of clouds should be a unified and consistent experience

3. The customer always owns and has full control of their data

4. Hybrid enables the future by creating new development and deployment opportunities


Backup as a Service (BaaS)A Backup Solution for any Scenario

Veeam Cloud Connect

For customers who already use Veeam on premises

brightsolid appear as a new backup location in existing Veeam console

Enables Veeam’s 3-2-1 rule: Three copies, two separate media, one offsite backup.

Customer managed from on premises#

"I have been very impressed with Veeam Cloud Connect, the simplicity of the product hides what is a complete VM backup tool, whether it be a single file or a full VM restore, with the knowledge that the backups are securely held off site.“ - DC Thomson IT Operations


Backup as a Service (BaaS)A Backup Solution for any Scenario

Asigra Backup

Supports VMware, Hyper-V, XenServer, and Physical servers

Agentless backup means no laborious deployment or update processes

Compression, deduplication and encryption as standard reduce data sent across the wire to minimal levels while maintaining high security standards

Application aware backups available as standard, not as add on

Enables Hybrid backup scenarios – e.g. On-Premises, Azure, AWS, and Office 365 all supported

Competitive pricing enabled by our deep knowledge of storage technologies


Disaster Recovery as a Service (DRaaS)

Disaster Recovery planning does not begin with technology, it starts with an understanding of business needs

brightsolid operate a DR portfolio which simplifies deployment and management of DR end to end

Tools utilised include Veeam, InMage, and Azure Site Recovery

Self-service and fully managed invocation models available

Understanding your needs to deliver a service of real business value


Our Clouds todayFocus on Doing Innovation

Infrastructure Clouds that are architected for operation, security and reliability


Windows Azure PackEnabling Cloud Consistency

1. Windows Azure Pack delivers a web portal for VM management in an Azure consistent manner.

2. Allows self management and provisioning of Virtual Machines and Virtual Networks

3. Enables MySQL and MSSQL as a service features


The Conclusions…

Cloud is exciting – it is going to drive efficiency

The evolutionary phase continues and the revolutionary phase has begun

Opportunity to step in and augment existing services or transform them.

Risks remain and that is why we stepped back to really consider our philosophy (PPP)


Questions & thoughts?


PS - What is Innovation?

“trying something new every week. It drives innovation through our business

and to our customers.”

Skyscanner and the CloudPeter Sturrock – Director, Engineering.

skyscanner - intro

independent travel search site in the world

million visits per month

countries with over 50,000 visitors each

downstream flights booked in last 12 months

languages in which skyscanner is available

million mobile app installs

sessions sourced from repeat users

No.1

62

45

$7bn

40

35

56%

74.6 billion quotes from our partners per month

1.6 billion API calls to our partners

300 million user searches per month

2100 user events per second

400 GB of archive flights data per day

Miami

Edinburgh & Glasgow

Singapore

BeijingBarcelona

Shenzhen

BudapestSofia

what we focus on

availability

performance

scaled agile product development

continuous delivery

a - b testing

skyscanner - hosting

Miami

Edinburgh & Glasgow

Singapore

SofiaWest London

Docklands

Amsterdam

Hong Kong

Singapore

hosting overview

Global Traffic Management

Content Delivery Network

UK1Data CentreWest London

Skyscanner for Business APIs

UK2Data CentreDocklands

NL1Data CentreAmsterdam

SG1Data CentreSingapore

HK1Data CentreHong Kong

APAC VisitorsRest of World Visitors

Web

B2B

Apps

Backbone Network

skyscanner – cloud ?

Founded pre - public cloud

Founded post public cloud

>5%

3 months£££

65%

Capacity Agility

Squad Agilityenables

experimentation

enables rapid deployment to live

reduces dependency

facilitated booking – via skyscanner

Four months

china – tianxun.com

questions ?

EdinburghQuartermile One15 Lauriston PlaceEdinburgh EH3 9EN

Glasgow5th floor, 151-155 St Vincent St, Glasgow G2 5NW

SingaporeNo. 08-01&04 & 09-048th floor, Robinson Point, 39 Robinson Rd, Singapore

BeijingLevel 19, Tower E2, Oriental Plaza, No. 1 East Chang An Avenue, Dong Cheng District, Beijing 100738

Miami1395 Brickell Ave, Suite 900, Miami, Florida 33131

BarcelonaC/Esteve Terradas, 21, Bajos 3a - 08023 Barcelona, España

thank you

Technology

Scot-Cloud 2015