Sales Foundation Windows Azure Objection Handling

advertisement
Myth or Reality? – The most Common
Objections to Cloud Computing
Peter van der Zouwe
Windows Azure Partner Lead
Microsoft Canada
petervdz@microsoft.com
Twitter: @ petervdz
March 2012
Agenda
•
•
Context – The Windows Azure Platform
How to Target Cloud Computing – People and
Business
•
Common Objections to Cloud Computing
-
Patriot Act (contact Microsoft Directly)
Security
Critical Data
Availability
Multi-Tenancy
Compliance
Performance
Microsoft Confidential - Signed NDA
Required
CDN
caching
compute
messaging
storage
database
VMs
business analytics
identity
networking
commerce
automated
managed resources
elastic
usage based
Global Physical Infrastructure
servers/network/datacenters
North Central US, S. Central US, N. Europe, W. Europe, E. Asia, S.E. Asia + 24 Edge CDN Locations
Microsoft Confidential - Signed NDA
Required
Cloud Services
Microsoft Confidential - Signed NDA
Required
Azure Usage Scenarios
Scenario
Example
Marketing Portals
Rapid Launch of Innovative Marketing
Campaigns, e-Commerce
Public Facing Website
Product Launch
Application Development/Migration
Customer urgently needs infrastructure for
new Applications
Development and Test
Outsource Infrastructure needed for
Applications Development and Test
Bursting
Need additional capacity for short periods of
time
Application Extension
Run Applications on premise & in the Cloud
Departmental Applications
Building new Tier 2 Applications
Storage/Archiving/Back-up
Store large amounts of non-critical data in
back-up scenario
High Performance Computing
Manage Peak loads for analytics applications
Open Government
Allow Citizens to access Open Data
Video Streaming
Capture, Store, Stream & Analyze Video
Microsoft Confidential - Signed NDA
Required
How to Target Cloud Computing Solutions
People
Business Risk
• Target Business and Technology
Visionaries
• Target Lower Business Impact (LBI)
Application to start.
• Cloud Computing more of a business
Value Proposition than pure IT
• Customers willing to accept more risk
on SaaS Solutions (SLA)
• Easier for SaaS Cloud Vendors to get
to the Business Decision Makers
• For some customers Cloud is a long
term journey (Federal Government)
• If you are going to target IT – talk to
CIO or Application Development
• “Hybrid” Solutions – alternative to pure
Cloud plays
• Agility – ability to do things quickly (more quickly
than competitors
• No up-front costs for massively scalable computing
infrastructure
• Pay for what you use, when you use it
• Eliminate utilization concerns
• Add compute power as business grows or
demand spikes
• No ongoing depreciation and maintenance costs
• Lower risk (scale or fail quickly)
• Opex vs Capex
Common Objections – Security
Microsoft Confidential - Signed NDA
Required
“How can you guarantee that our data is secure?”
•
•
•
•
•
This is a very Complex Area and requires and expertise to address all the needs of security
experts in Enterprises (e.g. Financial Services)
For Cloud Platforms - Need to consider Platform (Cloud Service Provider), Architecture
(Customer and /or IT Partner) and Code (Customer and /or IT Partner). Need to design using
good security practices (SDLC).
Most Cloud Providers take Security VERY Seriously and invest heavily in this area (e.g.
MSFT hired 3 X Top Tier Penetration testing teams to test Azure – over 7 weeks not one
successful attack)
Examples of Cloud Security measures; Intrusion Detection Methods, Video Surveillance,
Biometrics, Access Control, Background checks on all Data-Centre Personnel, Use of
Standards like SSL/HTTPS, Data Encryption, Auto Updating of Security patches, Threat &
Vulnerability Management, Anti-Malware, Edge Routers.
For Serious/Large customers have them take a Data Centre Tour.
Microsoft Confidential - Signed NDA
Required
Common Objections – Critical Data & Availability
“I do not want to (or legally cannot) put critical Customer Data in the Cloud”
•
•
•
Discuss Hybrid Solutions (Keep Critical Data on Premise)
What do you do outside of Canada now? E.g. Who does your payroll?
Discuss what data is used for? There is typically something that can be put in the Cloud.
“Can you gaurantee that your Cloud Solution will be available when (& where) I need it?”
•
•
•
SLA’s (Most Cloud Service Providers offer at least 99.9% and many offer a Financial Guarantee if
it falls below this service level)
Cloud Services are not perfect and there is always the risk of downtime (as there is in an OnPremise Environment).
As with normal SW Development “Design for faults”. Back-up. Redundancy.
Microsoft Confidential - Signed NDA
Required
Common Objections – Multi-Tenancy & Performance
“I do not like the fact that there are Multiple customers on the same server, what if someone else can see
my data?”
•
•
•
•
Typically with Cloud you are in a Multi-Tenant Environment
Azure has NW Level protections in place to stop cross-Tenant intrusions & Communications
Need to encrypt data to ensure secure communications between Services
For Cloud Storage you can encrypt data and it is secured as standard using randomly generated
storage “keys”
“How well does your solution perform? I need to know that it is not going to be slow because there
are multiple customers accessing the US based Cloud Solution”
•
•
•
•
Do a Proof of Concept/Test the Solution.
Cloud providers manage Load Balancing, Performance etc
Cloud Providers Typically have huge Bandwidth in and out of the Data Centre
Still a dependence on Architecture, Applications and Design.
Microsoft Confidential - Signed NDA
Required
Common Objections – Compliance
“What about Compliance? I need to ensure that your solution complies with internationally
recognized standards”
•
•
•
•
•
Ask Customer where the Compliance Concern is coming from? E.g. Legal, Industry Standard etc. Need
to understand issue to address the concern.
Common Standards that customers will ask for: ISO-27001 (Broad International Information Security
Standard), SAS70/SSAE 16 (US Accounting Audit Standard), PCI DSS (Credit Card Information).
Be careful when discussing Standards with Customers. While your Cloud Data Centre may conform to a
standard. You need to ensure that all the services that sit on top of the platform are also compliant.
There are some standards that are VERY difficult to meet e.g. PCI DSS. Typically Partners will solve this
by outsourcing credit card payment to a specific PCI DSS Compliant Vendor.
For Canada look at PIPEDA (can be covered off via online Privacy Policy)
Cloud Round Table
Microsoft Confidential - Signed NDA
Required
“With proper privacy protections designed into the system from the very beginning of its lifecycle, and
integrated at every system layer, businesses can gain the huge financial and competitive advantages of
cloud and ensure security,” Dr. Ann Cavoukian, Ontario Privacy Commissioner
The conversation also covered one of the biggest current concerns about cloud privacy, The U.S. Patriot
Act. Cavoukian argued that companies shouldn’t fear it, because it’s not that big a deal. Michael Power, a
privacy lawyer at Michael Power Barrister & Solicitor, agreed. “There are a lot of things you should ask
your cloud provider ... but location shouldn’t be the sole focus,” he said. “You’ll find that a lot of the similar
kinds of provisions that are found in the Patriot Act already exist in Canada.”
Download