More and more I’m hearing that it is no longer a matter of ‘if’ clients will use cloud computing in some way but a matter of ‘how’ and ‘when’. Security is often listed as the number one concern regarding cloud adoption in surveys of EMC and VMware customers, and an informal poll at VMWorld reflected that as well. Why the need for a Trusted Cloud? Well by now people have figured out the benefits of cloud computing outside just the evangelist ranks and are looking to use it within their enterprises, authorized or not. The “consumers” within the enterprise really want the provisioning, management and reporting promised by the cloud and they are willing to go around IT to get it in some instances. So if “consumers” are already using cloud, and more and more of them want to be, we need to figure out a way to inject security and compliance into those services. VMware’s been doing their part with the launch of the vShield security portfolio last week, but that is only part of the equation. So what is the Trusted Cloud? It’s a cloud that assures that the right people have access to the right services, applications and information via a secured infrastructure.
I’ll be hosting an EMC Live! webcast tomorrow on the topic and some best practices for beginning the implementation of the Trusted Cloud. You’ve got to start with an analysis and rationalization of your application portfolio in order to understand how and where trust needs to be incorporated in your transformed environment. The rationalized application portfolio feeds into your service portfolio analysis: what are the appropriate application or service architectural models for your environment? This is the basis for your cloud strategy and cloud sourcing model: what are the services that I need to provide my customers and where can they be sourced from? From here you define your services, policies and controls via ITIL or whatever framework you prefer, document them in your Service Catalog, and then publish them via a Service Portal. The goal is to provide an end-to-end unified look and feel across the different delivery models with the trust attributes integrated into the environment.
Building the Trusted Cloud
If you’re interested in learning more please join me on September 9th at 11:00am EST for the EMC Live! webcast:
As cloud computing becomes more pervasive, one of the most important business questions concerns governance, risk, and compliance (GRC).
How can you achieve business agility and lower costs, while still ensuring that security and compliance issues are resolved?
Attend this webcast and you will:
Understand how to incorporate GRC considerations into the IT services provided by private cloud
Learn best practices from recent private cloud customer deployments by EMC Consulting
See how you can take advantage of private cloud initiatives to meet future requirements for GRC
Find out how defining IT services can help you incorporate public cloud capabilities into your private cloud without compromising security and compliance