Cloud computing model has created a greater challenge for IT Security professionals

Cloud computing model has created a greater challenge for IT Security professionals. In this article I am exploring various aspects of today’s security solution. When considering security solution we cannot separate IT Security from Business resiliency. How we can make IT environment secured resilient in cloud computing environment? Business resilience has moved us from the sense of reacting and then recovering from an event to becoming impervious to the event. Business continuity focus upon a defensive resilience posture, it consist of three building blocks – Recovery, Hardening and Redundancy – these are widely recognized as vital components  for successful business continuity plans. A defensive posture is useful in protecting the organization and its revenue streams but it does not directly help the bottom line.

An offensive resilience posture also consists of three building blocks, which are focused upon improving the organization’s competitive position – Accessibility, Diversification and Autonomic computing. In cloud computing environment these three components are become more critical, as we need to add security. In practice these building blocks can be used all together or in various combinations depending upon need. For example diversifying operations might allow hardening to be limited other than at sites where critical applications and data reside. Business resilience encompass business as well as IT Operations and it can be thought of as spanning six discrete layers: Strategy, Organization, Process, data/application, technology and facilities/security. We need to consider all six services layers.

Developing a security system model is the first step of architecting security solution. Common Criteria are considered to be the description of the complete function of the security system model. Common Criteria provide a taxonomy for evaluating security functionality through a set of functional and assurance requirements. The Common Criteria include 11 functional classes of requirements:

1.     Security audit

2.     Communication

3.     Cryptographic support

4.     User data protection

5.     Identification and authentication

6.     Management of security functions

7.     Privacy

8.     Protection of security functions

9.     Resource utilization

10.  Component access

11.  Trusted path or channel

These 11 functional classes are further divided into 66 families, each containing a number of component criteria. There are approximately 130 component criteria currently documented, with the recognition that designers may add additional component criteria to a specific design. There is a formal process for adopting component criteria through the Common Criteria administrative body, which can be found at: http://csrc.nist.gov/cc/

The Common Criteria functional criteria are re-aggregated by adopting multiple steps that include removing the class and family structures. An analysis of the 130 component-level requirements in relation to their function within an NIS solution suggests a partitioning into five operational categories or security sub system:

Security audit subsystem:

Solution Integrity Subsystem

Access control subsystem:

Information flow control subsystem:

Identity or credential subsystem

To design this complex security systems need a robust method and security and business continuity group need to work together to architect the secure solution that can sustain today’s cloud computing environment.

Taking infrastructure optimization and virtual world of computing to the next level.

Computing is no longer for the computers, more than half of the world Chips are used by the consumer electronics gear. Object-to-object connectivity has increased tremendously and will grow more.  Number of object and devices connected to internet will grow astronomically.  Primarily shrinking (nanotechnology), thinking (smart technology), tagging (Radio frequency), and feeling (sensors) will lead the IT World to the new world of innovation. The way we Manage information, work with the information, and delivering/capturing information is rapidly changing. We see financial sectors are transforming their information delivery model to a new dimension, competing to capture more customers by delivering superior quality customer satisfaction.  Enterprises are delivering information through multiple channels like Branch, Call center, Electronics, Self-service, and through multiple devices. Multichannel delivery solution module creating opportunity to transform existing architecture into SOA based Architecture and enjoying SOA’s benefit.

Enterprises are changing their work environment to become more productive, utilizing in-house skills and talents more effectively.  Delivery channel is now encompasses rich collaborative capabilities, flexible and open programmability platform, and integrated users’ experience. Most companies have at least 15 different collaborative capabilities. The scope of architecting delivery channel module has expanded and become more challenging. Responsibility of Enterprise Architect has increased they need to map delivery channel module appropriately with the TOGAF framework (assuming TOGAF as a standard frame work), need to enhance governance model, need to integrate multi channel delivery, need Information integration, and hardware/software solution evaluation and adoption.

Optimize delivery channel and delivering consistent information is the biggest challenge. Enterprise Information Integration and channel infrastructure integration will play a big role in optimization outside data center or infrastructure domain. If we take a look into capital market business model, they have typically sell side, buy side and trading exchange. We see primarily six patterns in all the three hubs. Access Integration, Application Integration, and Collaboration, so on and so forth. Optimizing each of these patterns can help to save tremendous amount of cost.  Contact me for detail about optimization and its implementation.  

Banking Industry - Channel integration is the answer to the high quality customers’ experience

World’s leading banks are competing to deliver top quality customer experiences. They are striving to deliver their products faster, low cost, and with higher quality of customer experiences. Cloud computing and SOA infrastructure are adding more value to the transformation of client experiences. New paradigm shift will have many positive impacts on channel infrastructure and delivery model design. Delivery channels in Banking industry have Self service, Branch, Electronics, and Call Center in one end and products like Deposits, withdraw, loan, etc on the product side. Of course there are multiple sub-channels under each major channel. Unfortunately lack of integration across channels is causing tremendous frustration and bad quality of experience to the customers.  Customers are experiencing many touch points with the Bank for a single business process thread that are creating lots of opportunity for integration. If we create a use case model of customer interaction we will see the amount of time, money both bank and customers are spending are significant. It will reveal un-integrated line of business creating fragmented customer interaction. Vendors are coming up with many products to improve customer satisfaction. We need products but products come after completing the required operational model. Multichannel Architecture, Transformation to SOA, and information Integration are the major challenges to the IT. For total solution with road map to accomplish target objectives and vision with new computing model and technology require for this transformation. For the techniques paper on this topic please contact me.

Five New Technologies That Will Change Enterprise Computing

Five New Technologies That Will Change Enterprise Computing

Enterprise Architecture - Delivering values and ROA

Enterprise Architecture should not be measured by ROI, rather be measured by Return on Assets (ROA). I think all of us will agree on the Gartner Analyst’s comment. Now the question is how will you measure the return on assets? We should not consider only hardware and software assets. We need to consider the information and intellectual Capitals too. How efficiently we are utilizing our server, storage, network, software, and communication engineering systems? How much the fusion of business and IT helping the enterprise to meet the ever changing demands and supporting growth? Is the IT department is flexible enough to support the business needs within a short time? Enterprise Architecture and its creators add values by delivering key work products like IT Strategy, Roadmap, enablers to achieve superior competitive capabilities, and creating solutions for those questions. These values are difficult to measure. To find out the value of ROA in a measureable unit, we need to adopt well defined value matrix for each EA work products.

Return on assets (ROA) can be measured by calculating values for the work products by allocating appropriate waightage to the each Architecture design work product, and asking the questions about purpose of each work product and if not available scenarios. Various sub-products come out from the primary work of EA effort like: impact analysis of the various components of the systems, these add to the overall value chain of EA. The decision of what architecture work products require will not be the same for all enterprises. Selecting right architecture work products is a key to the success of overall EA program and establishing its value chain.

Using right tools and right templates for creating Architecture design work is equally important. Industry standard tools like TOGAF Architecture Framework, Templates, and Architecture Development Method will help in creating right enterprise architecture that improve your ROA. The picture at the top of this article depicts a conceptual view of an EA framework and deliverables using TOGAF, COBIT, and ITIL. If you like to have a technique paper on Delivering EA values please contact me.

IT strategy to deliver cloud computing values

In my earlier article “IT Strategy to deliver cloud computing values” (http://nandiamit.blogspot.com/2009_04_01_archive.html), I mentioned I will discuss about approach of implementing cloud computing at enterprise level. Here I would like to discuss about potential stapes or approach to implement the cloud computing. According to IDC in 2010 about 14.4% of Enterprise’s IT budget allocated for private and/or public cloud computing. So enterprises are already started working on or planning to transform their IT infrastructure into cloud computing model. National Institute of Standards and Technology, Information Technology Laboratory has already defined Cloud computing as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

Business challenges and IT priorities are the two major factors that will set the direction of the cloud computing initiative for most enterprises. Mapping enterprise’s characteristics like competing on time to market and quality, with business challenges like must keep space with rapid change in market place, and with IT priorities like non functional requirements are the best place to start. Cloud computing from architecture perspective has five distinct layers: Infrastructure Services, Platform Services, Application Services, Business Services, and People Services or Standard Internet Services. Most enterprises do not have any distinct layer definition or supporting structure. Now the question is do we need to work on this area to adopt Cloud computing model. I will say you do not have to but keep the big picture in mind and create a tactical plan for immediate steps that will help cloud computing implementation.

Therefore, we should first complete the mapping of business challenges and IT priorities. Create all architecture documents as a next step. Challenge comes when you have to make decision about application migration to cloud computing model. Output of Analytic Hierarchy Process of all potential applications can help to make decision about application identification and migration strategy. Please contact me for how to develop IT Strategy, road map, and identifying projects for transforming your enterprise into cloud computing model.

Products selection comes after completing SOA design work

Choosing right SOA vendor/products is very challenging and difficult task. Implementing SOA products is not implementing SOA, because you cannot buy SOA. As we all know that SOA is an approach and style of architecture design. Enterprise needs to separate architecture design from the implementation. We need to remember architecture is product agnostic. Productivity, agility, responsiveness, software reuse, and easy to support business growth are among the benefits that an enterprise gains through successful adoption of SOA at enterprise level. Enterprises set its business objectives and technology objectives. SOA helps to achieve the objectives through its service orientation approach. As mentioned above the principles of the service oriented architecture design style or characteristics are modularity, loose coupling, separation of concerns, encapsulation, and single implementation. These characteristics make the IT Environment agile, increase responsiveness, and focused. Therefore, IT environment can sustain change and dynamic nature of today’s business world. The SOA style of design provides several benefits to an enterprise that include both IT and Business community.

Implementation of SOA at enterprise level should be done in small steps. Implementing at single LOB at a time may be easy and less complication. Think about big picture and execute at smallest level.

Primarily SOA should be implemented in an organization adopting an approach that most appropriate for the organization. This can be achieved by creating an Enterprise Architecture framework using TOGAF, FEA, FSAM, and existing EA or any other framework. Creating Governance module upfront can make the process easy. Using COBIT, ITIL, and existing Governance module may be the right approach for most organization to create a new Governance module that support SOA.

Selection of the right software, and hardware should be done after creating a operational module. Selecting products or using existing products are the real challenge in this step. Most vendors try to sell their SOA supported products in very early stage of Architecture Design Cycle. Enterprise needs to go through product selection process carefully and select the right one for their enterprise as specified in the Architecture document. At this step they need to map the products with their physical operational model.

In summary do not select the products before designing the architecture. You design a SOA and then map products to the operational model. If you have any questions please call me.