cloud computing in bnaking(final) seminar-921015-v6 for...
TRANSCRIPT
1/7/2014
1
رایانش ابري در بانکداري
فرامرز خالقی
شرکت داده پردازي ایران
1/7/2014
2
NIST :The provision of computational resources on demand via a computer network
IT Resources and Services that are abstracted from the underlying infrastructure and provided “On Demand ” and “At Scale ” in elastic environment
Anywhere, Anyone, Any Service
1/7/2014
3
Why We Need Cloud Services ? Traditional IT
Modern IT
Because We Need Green IT
(Pay-as-you-Go)
1/7/2014
4
Gartner : Top 10 Strategic Technology Trends
2013
Mobile Device Battles
Mobile Applications
Personal Cloud
Enterprise App Stores
The Internet of Things
Hybrid Cloud Computing
Strategic Big Data
Actionable Analytics
in Memory Computing
Integrated Ecosystems
2014
Mobile Devices Diversity and Management (BYOD)
Mobile Applications
The Internet of Things
Hybrid Cloud and IT as Service Broker
Cloud/Client Architecture
The Era of Personal Cloud
Software Defined Anything
Web Scale IT
Smart Machines
3-D Printing
1/7/2014
5
Cloud Services’s MarketExplosive Growth
0
20
40
60
80
100
120
140
٢٠٠٨ ٢٠٠٩ ٢٠١٠ ٢٠١١ ٢٠١٢ ٢٠١٣ ٢٠١۴ ٢٠١۵ ٢٠١۶ ٢٠١٧ ٢٠١٨ ٢٠١٩ ٢٠٢٠
Source: IDC
$B
illi
on
s
>$50 Billion by 2014
-9-
Business Value
The Evolution of Cloud Computing Service Provider…(Dynamic IT)
ConsolidateConsolidate VirtualizedVirtualized AutomateAutomate OptimizeOptimize
> > >….requires an integrated and orchestrated approach.
= Reduced Cost Consolidation +Virtualization Automation+ Increased
Flexibility
Cloud Computing
1/7/2014
6
11
Consolidate
Virtualized
Standardize and automate
Reduce infrastructure complexity
Reduce staffing requirements
Manage fewer things better
Lower operational costs
Remove physical resource boundaries
Increase hardware utilization
Reduce hardware costs
Simplify deployments
Standardize services
Reduce deployment cycles
Enable scalability
Flexible delivery
Dynamic IT
SOA and SOI Next To Each Other
This is SOI & Cloud
Focus on Dynamic/Resilient Infrastructure
You can have each without the other, but they are better together!
This is SOA
Focus on Efficiency in Application Development and Reuse tied to Business Process
1/7/2014
7
13
Together, SOA and SOI (Cloud) Result in Truly Dynamic IT
Applications are:
Reused as appropriate
Decoupled
Easily composed
Conform to standards for interoperability
SOA Framework
SOI/Cloud Framework
The Cloud Infrastructure is:
Completely Virtualized
Continuously Optimized
Dynamically Responsive
Heterogeneous to Support Differing Workloads
Cloud Service Components:SaaSPaaSIaaS
14
With cloud computingWithout cloud computing
Virtualized resources
Automated service management
Standardized services
Location independent
Rapid scalability
Self-service
Software
Hardware
Storage
Networking
Software
Hardware
Storage
Networking
Software
Hardware
Storage
Networking
1/7/2014
8
Cloud Software as a Service (SaaS) (Ex: Microsoft Office 365 , Google Docs)Online Use provider’s applications over Cloud
Cloud Platform as a Service (PaaS) (Ex: Windows Azure, Google App Engine)Online environment for building software over Cloud
Cloud Infrastructure as a Service (IaaS) (Ex: Amazon (EC2 & S3))Online Rent processing, storage, network capacity, Security , …
Types of Cloud Services
Platform(PaaS)
Infrastructure(IaaS)
Software(SaaS)
Google Docs
Google App Engine
Amazon EC2 & S3
- .Net services
Salesforce.com e-Science Central
Amazon-Elastic Map Reduce-Simple DB-Simple Queue Service
Windows Azure- Sharepoint- SQL Services
Cloud Service Providers
IBM EC12 Cloud Base Mainframeworkloadsvirtualizedsimultaneously manage thousands of
IBM Smart Cloud Docs
1/7/2014
9
•1 Cloud Standards Customer Council •2 Distributed Management Task Force (DMTF)
•2.1 Open Virtualization Format (OVF) •2.2 Open Cloud Standards Incubator
•2.2.1 Interoperable Clouds White Paper •2.2.2 Architecture for Managing Clouds White Paper •2.2.3 Use Cases and Interactions for Managing Clouds White Paper
•2.3 Cloud Management Working Group (CMWG) •2.3.1 Cloud Infrastructure Management Interface (CIMI) •2.3.2 Cloud Infrastructure Management Interface (CIMI) Primer •2.3.3 Cloud Infrastructure Management Interface – XML Schema •2.3.4 Cloud Infrastructure Management Interface – CIM (CIMI-CIM)
•2.4 Cloud Auditing Data Federation Working Group (CADF) •3 The European Telecommunications Standards Institute (ETSI)
•3.1 TC CLOUD •3.2 Cloud Standards Coordination (CSC)
•3.2.1 ETSI Terms and Diagrams •4 Global Inter-Cloud Technology Forum (GICTF) •5 ISO/IEC JTC 1
•5.1 SC38 Distributed Application Platforms and Services (DAPS) •6 International Telecommunications Union (ITU)
•6.1 ITU-T SG13: Future networks including cloud computing, mobile and next-generation networks •6.2 Joint Coordination Activity on Cloud Computing (JCA-Cloud)
Cloud Standards :
•7 National Institute of Standards and Technology (NIST) •7.1 NIST Working Definition of Cloud Computing •7.2 Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC)
•7.2.1 Cloud Computing Use Cases •8 Open Grid Forum (OGF)
•8.1 Open Cloud Computing Interface (OCCI) Working Group •8.1.1 Open Cloud Computing Interface Core Specification •8.1.2 Open Cloud Computing Interface Infrastructure Specification •8.1.3 Open Cloud Computing Interface HTTP Rendering Specification •8.1.4 Other OCCI-related Documents
•9 Object Management Group (OMG) •10 Open Cloud Consortium (OCC) •11 Organization for the Advancement of Structured Information Standards (OASIS)
•11.1 OASIS Cloud-Specific or Extended Technical Committees (TC) •11.1.1 OASIS Cloud Application Management for Platforms (CAMP) TC •11.1.2 OASIS Identity in the Cloud (IDCloud) TC •11.1.3 OASIS Symptoms Automation Framework (SAF) TC •11.1.4 OASIS Topology and Orchestration Specification for Cloud Applications (TOSCA) TC •11.1.5 OASIS Cloud Authorization (CloudAuthZ) TC •11.1.6 OASIS Public Administration Cloud Requirements (PACR) TC
•12 Storage Networking Industry Association (SNIA) •12.1 SNIA Cloud Data Management Interface (CDMI)
•13 The Open Group •13.1 Cloud Work Group
•13.1.1 Cloud Computing Business Scenario •13.1.2 Building Return on Investment from Cloud Computing
Cloud Standards…
1/7/2014
10
NIST Cloud Computing Conceptual Reference ModelSpecial Publication 500-292
NIST Cloud Computing Connectivity Reference ModelSpecial Publication 500-292
1/7/2014
11
Separation of Responsibilities
Cloud Delivery ModelsHybrid Cloud
1/7/2014
12
Ex: VCE Company (Vmware,Cisco,EMC)Solution: VblockEx: Cisco Company Solution: UCS (Unified Computing Systems)
Cloud benefits are compelling
• Rapid transformation of business processes (Business agility)
• Environmentally friendly
• Minimal administration
• Scalable and flexible
• Disaster recovery
of business managers believe cloud computing will
transform their business85%Cloud concern: unauthorized
access to or leaks of sensitive information - InformationWeek
#1
Cloud risks are real
• Loss of control of sensitive information
• Maintaining privacy and compliance
• Reliance on cloud provider security
• Array of data privacy and disclosure laws
-6-
1/7/2014
13
Benefits of Cloud Computing Security
Scalability
Availability
Performance
Cost-effective
Acquire resources on demand
Release resources when no longer needed
Pay for what you use
Turn fixed cost into variable cost
26
Benefits of Cloud Computing
Test provisioning Weeks Minutes
Change management Months Days/hours
Release management Weeks Minutes
Service access Administered Self-service
Standardization Complex Reuse/share
Metering/billing Fixed cost Variable cost
Server/storage utilization 10–20% 70–90%
Payback period Years Months
SOURCE: Based on IBM and client experience.
Increasing speed and flexibility
Reducing costs
1/7/2014
14
Ready for cloud
Evaluate: May . . .or may not. . . be ready for Cloud based on their attributes
Sensitive Data
Complex processes & transactions
Regulation sensitive
Not yet virtualized 3rd party SW
Highly customized
Analytics
Collaboration
Development & Test
Workplace, Mobile, Desktop & Devices
Infrastructure Storage
Infrastructure Compute
Business Processes
Banking & Financial Markets Solutions
Disaster Recovery
Not all workloads may be suited for Cloud
1/7/2014
15
(Cloud changes all the rules in banking)
1- Cost Savings and Usage-based Billing (pay-as-you-go)
2- Business Continuity (higher level of data protection, fault tolerance, disaster recover , high level of redundancy and back-up at lower price than traditional managed)
3- Business Agility and Flexibility (supports a faster and more efficient response to the needs of banking customers)
4- Green IT (reduces the energy consumption with more efficient utilization ofcomputing power and less idle time)
Why Cloud Computing for Banks?
Not all Banking Activities Will Move onto the Cloud in the Next five years
Banks should use a road map to best manage cloud services delivery programs. Bankscan start small with less critical applications (horizontal and backoffice process) such as CRM,
email, office/workforce productivity, internal collaboration, knowledge-sharing , HR , … and then move on to core business applications.
For banks, those enterprise processes that are best suited to public cloud include procurement
Metro Bank in the UK , SofolTepeyac in Mexico and Some leading US banks are using core banking system that runs in the cloud.
(Cloud changes all the rules in banking)
1/7/2014
16
Which Areas Are Best Suited for the Cloud in Banking Solutions?
Estimated Spending on Private Cloud by Financial Services Companies Worldwide
1/7/2014
17
The future of cloud computing in banking
CompetitionCollaborationconvergence
Cloud computing will have impact on the Banking Industry (PRODUCTS, SERVICES and TECHNOLOGIES)
in the following ways
Customer relationships will be redefined.Cloud computing will steadily progress at all levels the stack.Non-banking cloud-based competitors will keep up the pressure.Emerging market banks will lead cloud-based innovation.Collaborative cloud-based shared services will emerge between banks.Cloud-enabled collaborative bundling will expand across and beyond
financial services.Payments in the cloud will be a key focus.
1/7/2014
18
Cloud’s Impact of Banking Industry?
1. Disruptors create radically different value propositions
2. Innovators significantly extend
customer value proposition
3. Optimizers use the cloud to improve organizational efficiency. Ex : ROI
Impro
veTra
nsf
orm
Cre
ate
Enhance Extend Invent
Valu
e C
hain
Customer Value Proposition
Optimizers
Disruptors
Innovators
Cloud Computing Banking & Financial Markets Solutions:
• Cloud & Payments• Cloud & Retail Banking• Cloud & Financial Markets• Cloud & Mobile Banking• Cloud & Risk Management (Basel III, Solvency II)• …
Bank’s expectations from Cloud solutions:
Dynamic and flexible technology model
Highly optimized and virtualized Infrastructure enabling scale and cost Efficiency
Fully Automated Service Provision, Monitoring and Management
Shared Services delivered across trusted domains delivering security ofdata,transaction& operations
Internet or Intranet based access model using high capacity bandwidth
Rapid innovation in services, features and operating models
1/7/2014
19
Future directions for cloud computing in financial services:
Mobile Banking: Banks are now offering mobile applications to online banking customers and partners
New service R&D:Financial services organizations are also increasingly leveraging the computing power that cloud services offer for research and development and testing of new services prior to any attempt at going into production
Micro banking:Another trend emerging is the adoption in developing countries of cloud whereby micro banking are running their entire business on cloud computing
“Cloud is a journey and not a destination”
The important thing for banks to remember is that cloud computing is a journey, not a destination,
and that it alone does not render sustainable competitive advantage
1/7/2014
20
1- Risk Management (Basel III, Solvency II , ISO27005)o Risk Analysis o Risk Assessments o Vulnerability Assessments o Incident Reporting and Response
2- Business Continuity (ISO/IEC 24762:2008, BS25999)o Disaster recovery plans o Restoration plan incorporating and quantifying the Recovery Point Objective (RPO) and
Recovery Time Objective (RTO) for services
3- Physical Security (CIA Triangle) o Physical and Logical Security Policyo Contingency Plan o Emergency Response Plan o Security of Infrastructure o Human Resourceso Environmental Security
Cloud Computing Security in Banking Solutions
1/7/2014
21
NIST Cloud Computing Security Conceptual Reference ModelSpecial Publication 500-299:2013
Cloud Computing Service Provider Physical Security
Identity Management (AAA,SSO)
Secure Access Control
Data Encryption
Web Security
Email Security
UTM (Unified threat Management)
SIEM
Endpoint Security (Server Side)
Cloud Computing ConsumerPhysical Security
Web Security (Browser , SSL)
Endpoint Security (Client side)
Cloud Computing Physical Security
1/7/2014
22
Collaboration
Email Custom Apps
CRM
Cloud Information Protection Gateways
Other Clouds
• Real-time encryption• Near-zero latency• Malware detection• Data loss prevention
Encryption keys never leave the enterprise
IBM Cloud Solution
“Rethink IT”• Rapidly deliver services
• Integrate services across cloud environments• Increase efficiency
SmartCloud is the IBM vision for cloud computing.
Accelerate business transformation with capabilities from IBM cloud offerings:
•Architecture for private and hybrid cloud (IBM SmartCloud Foundation)
•Cloud computing as a service for IT (IBM SmartCloud Services)
•Software as a service (SaaS) business solutions (IBM SmartCloud Solutions)
1/7/2014
23
IBM zEnterprise EC12 (Enterprise Class),BC12 (Business Class)
IBM zEnterprise is designed to create a centrally managed and controlled set of IT resources that provide an ideal private secure enterprise cloud for the rapid and flexible delivery of high value services.
1/7/2014
24
IBM Smarter City Solutions on Cloud
References :1- http://www.ibm.com/services/cloud 2- http://www.cisco.com/en/US/products/sw/netmgtsw/products.html3- http://www.idc.com/prodserv/FourPillars/Cloud/index.jsp4- http://www.networkworld.com/topics/cloud-computing.html5- http://www.gartner.com/newsroom/id/26036236- http://www.nist.gov/itl/csd/cloud-061113.cfm- 23k- 2013-06-117- http://www.nist.gov/itl/csd/cloud-110111.cfm- 25k- 2011-12-058- Recommendation ITU-T X.1600 “Security framework for cloud computing”9- http://www.accenture.com/cloudstrategy10- http://www.capgemini.com/financialservices11- http://www.mjcpa.com12- http://www.deloitte.com/us/cfs
1/7/2014
25
همواره در پس ابرها ! نورانی باشید
1/7/2014
26