Cloud ComputingMickey Chadha

Facts!

‣ The Zettabyte Era Officially started in 2012 (How Much is That?)

‣ One Zettabyte = One Billion Terabytes or One Trillion Gigabytes

‣ When will global Internet traffic reach an annual run rate of one Zettabyte? Well, that

day happened in 2016

‣ Market reports suggest that there will be 175 zettabytes of digital data by 2025

compared with 40 zettabytes today

‣ Microsoft believes that organizations will need real-time Quantum computing capabilities

to process this data

‣ Providers investing in Cloud-based Quantum computing

Major Players in Cloud Computing

‣ Amazon Web Services

‣ Microsoft Azure

‣ Goggle Cloud

‣ Alibaba

‣ Salesforce.com

‣ IBM (Red Hat)

‣ Oracle

‣ SAP

‣ And Many more…

Cloud Computing – Global Spend

Cloud Computing?

‣ Cloud computing is one of the hottest buzzwords in technology.

‣ What is “The Cloud Computing”?

• Delivery/Renting of resources and services including servers, storage, databases, networking, software, analytics and intelligence over the internet (“the cloud”)

• Simple way to describe – storing and accessing data and programs from any device that can access the internet. Classic examples of cloud computing: emails, watch TV or movies, listen to music, play games, store picture and other files

Why use Cloud Computing?

‣ Utility-based subscription – No upfront investment; pay the provider as a utility based subscription just like paying your electricity bill; based on resource consumptions: CPU hours used, volumes of data moved or gigabytes of data stored etc..

‣ Reliability – provider commits to uptimes of their services (High Availability), data backup, disaster recovery, and business continuity

‣ Scalable/Flexible – Increase or decrease the resources when necessary (Auto Scaling) Cloud providers maintain sufficient capacity to meet customer demands.

‣ On-demand – always available when you need them. Companies wanting to try a new product or service don’t need to invest in equipment or software. Instead, they pay as much or as little for infrastructure as required.

‣ It’s Global – Redundant datacenters located in various regions all over the glob.

‣ It’s Secure – Cloud providers offer a broad set of policies, technologies, controls, and expert technical skills that can provide better security than most organizations can otherwise achieve. The result is strengthened security, which helps to protect data, apps, and infrastructure from potential threats

Life without Cloud Computing

‣ Traditional business applications are becoming complicated and expensive

‣ Variety of Hardware and Software required to run them are daunting

‣ Expert resources required to maintain, run, secure and update them

‣ Keep on building IT infrastructure with reduced focus on business projects

Deployment Models of Clouds - Public Cloud

‣ Owned by third party e.g. AWS, Google, Microsoft

‣ Software & HW owned and managed by cloud provider

‣ Access via web browser

‣ Some Pros & Cons of Public Clouds:

• Pros:

• High scalability/agility –Provider buy a new servers in order to scale

• Pay-as-you-go pricing – you pay only for what you use

• Provider is responsible for maintenance or updates of the hardware

• Minimal technical knowledge to set up and use - Leverage the skills and expertise of the cloud provider to ensure workloads are secure, safe, and highly available

• Cons:

• You may have specific security requirements that cannot be met by using public cloud

• Government policies or legal requirements

• Meet some Legacy applications requirements

Deployment Models of Clouds - Private Cloud

‣ Owned by single business entity or organization

‣ Physically located on company’s on-site/off-site datacenter

‣ Services and infrastructure are maintained on a private network

‣ You hire the workforce to support, you own the complete ownership of maintenance of software and hardware

‣ Some Pros & Cons of Private Clouds:

• Pros:

• You ensure all your businesses requirements and any legacy applications demands are met

• Your are responsible for all security controls

• You make sure all government and legal requirements are satisfied

• Cons:

• Initial capital investments required to procure hardware, software & maintenance

• Time required to scale – buy and setup new hardware

• On-going challenges to hire and retain skilled and expert

Deployment Models of Clouds - Hybrid Cloud

‣ Hybrid

• Combine public and private clouds, shared data and applications between them

• Greater flexibility, more deployment options and optimize your existing infrastructure.

‣ Some Pros & Cons of Hybrid Clouds:

• Pros:

• Control and manage all legacy and out-of-date hardware and software

• Flexibility of keeping what you want to keep in house and which resources you want to move to public cloud to leverage economies of scale from the public cloud providers

• Satisfy security, compliance or legacy applications requirements of legacy applications and controlling its migration schedule

• Cons:

• Complexity to manage

• Expensive to setup

Types of Cloud Services

‣ Infrastructure as a service (IaaS)

• Rent IT infrastructure – servers and virtual machines (VMs), storage, networks, operating systems

• Pay-as-you-go basis

‣ Platform as a service (PaaS)

• On-demand software application development, testing and management environments

• Easier for developers to quickly create web or mobile apps without worrying to setup or manage the

underlying infrastructure

‣ Software as service (SaaS)

• Software applications on-demand and typically on a subscription basis

• Provider host and manage the software application. Maintains and supports and all the underlying

infrastructure. CRM Online, Microsoft Office 365 are examples of SaaS

Regulatory Standards?

‣ To understand how the provider comply with Regulatory standards and requirements, Ask:

• How compliant the provider is when handling sensitive data?

• How compliant are the services offered?

• How can I deploy my own cloud-based solutions that have compliance requirements?

• What terms are part of the privacy statement for the provider?

Examples of Compliance Standards adopted by Cloud Service Providers

‣ Cloud Security Alliance (CSA) STAR Certification: Cloud providers have obtain STAR certification, which is involves a rigorous independent third-party assessment of a cloud provider’s security posture.

‣ General Data Protection Regulation (GDPR): As of May 25, 2018, a European privacy law — GDPR — is in effect. GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.

‣ International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 27018: The cloud provider should adopt the ISO/IEC 27018 code of practice, covering the processing of personal information by cloud service providers.

‣ National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF): NIST CSF is a voluntary Framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risks. Cloud services have undergone independent, third-party Federal Risk and Authorization Management Program (FedRAMP) Moderate and High Baseline audits, and are certified according to the FedRAMP standards. Additionally, through a validated assessment performed by the Health Information Trust Alliance (HITRUST), a leading security and privacy standards development and accreditation organization

Economies of Scale

‣ Cloud providers such as Amazon, Microsoft, Google and IBM are large businesses leveraging the

benefits of economies of scale. These providers can then pass the savings on to their customers.

‣ Savings apparent to end users:

• Procure hardware at a lower cost.

• Cloud providers can also make deals with local governments and utilities to get tax savings,

lowering the price of power, cooling, and high-speed network connectivity between sites.

• Cloud providers pass on these benefits to end users in the form of lower prices than what you

could achieve on your own.

Example of Cloud Services – Microsoft’s Azure

Key Components of Cloud Computing

‣ Compute – range of options for hosting applications and services

‣ Storage – Accommodate massive amounts of both structured and unstructured data

‣ Databases – Provide both relational and NoSQL choices

‣ Networking – Linking compute resources and providing access to applications. Range of options to connect the outside world to services and features in the global datacenters.

‣ Mobile – Enables developers to create mobile backend services for iOS, Android, and Windows apps quickly and easily.

‣ Big Data – Broad range of technologies and services to provide big data and analytic solutions.

‣ Web – Build and host web apps and HTTP-based web services.

‣ Internet of Things (IoT) – Number of services available to build end-to-end solutions for IoT

‣ Artificial Intelligence + Machine Learning – services can analyze data, text, images, comprehend speech, and make predictions using data — changing the world of agriculture, healthcare, and much more.

‣ DevOps (Development and Operations) – Brings together people, processes, and technology, automating software delivery to provide continuous value to your clients.

‣ And Many More!

Responsibilities Model of Cloud Computing

‣ Example of Customer & Cloud Provider Shared Responsibilities

In a Nutshell – Cloud Computing & its benefits

‣ Cloud Computing consists in using remote servers to store and process data traditionally

located on local servers or on the user's terminal;

‣ Enables on-demand and self-service network access to virtualized and pooled computing

resources typically charged for on a pay-per-use model;

‣ Three types of services are offered (IaaS – Infrastructure as a Service, PaaS – Platform

as a Service, SaaS – Software as a Service), deployed according to four models (internal

private cloud, external private cloud or community cloud, public cloud, hybrid cloud).

‣ Expected Benefits - More flexible solutions with faster access to cutting-edge technology at a reduced IT costs,

Cloud Adoption rate in various Industries

Challenges/Risks

‣ Security

‣ Privacy

‣ Lack of standards

‣ Vendor dependency

‣ Continuously Evolving

‣ Compliance Concerns

‣ Migration

Data Privacy Risks

‣ The protection of sensitive and personal data, as well as compliance with banking secrecy, are particularly difficult within the pooled infrastructure that can be accessed by the local regulator body

‣ Lack of visibility in terms of the location of data and number of stakeholders

‣ Ensuring effective destruction when the service is terminated, including backups in sites that may be geographically dispersed.

‣ One large international group even sees a sovereign risk in this (if the data and data processing of French companies were no longer located in France).

‣ Difficulty controlling data security throughout the supply chain, given the number of stakeholders likely to be involved in the provision of the service.

‣ Difficulty ensuring that the service provider cannot read confidential data through its systems' event logs.

‣ Difficulties of integration with the company's information system and the risk of proliferation of clouds interfaced with the information system;

‣ One bank even considers that the interconnection between its own information system and that of the cloud computing service provider may create a security breach.

Regulators has begun examining Cloud Service Providers

Supervisory Expectations

‣ Contracts

‣ Controls

‣ Cybersecurity

‣ Disaster Recovery

‣ Additional guidance: Sound practices – Financial comply with FFIEC guidance, National

Institute of Standard and Technology (NIST) and the Cloud Security Alliance (CSA)

Federal Government PMO

‣ The Federal Risk and Authorization Management Program (FedRAMP) is a government-

wide program that provides a standardized approach to security assessment,

authorization, and continuous monitoring for cloud products and services.

‣ FedRAMP’s Goals

‣ Accelerate the adoption of secure cloud solutions through reuse of assessments and

authorizations

‣ Improve confidence in the security of cloud solutions and security assessments

‣ Achieve consistent security authorizations using a baseline set of agreed-upon standards

for cloud product approval in or outside of FedRAMP

‣ Ensure consistent application of existing security practices

‣ Increase automation and near real-time data for continuous monitoring

Some Regulatory Guidance

Suitable risk management measures in the following aspects:

‣ Technical: by encrypting data during transport and storage (in the absence of anonymization);

‣ Continuity of the service: by ensuring that the expectations of the client company can be formalized in service contracts;

‣ Reversibility of the service: by defining the conditions of reversibility when subscribing to the service;

‣ Integration and architecture of information systems: by adapting the organization and governance of information systems to the use of cloud computing.

‣ Legal: by enforcing a mandatory contractual framework for cloud computing services;

‣ Supervision of the service provider: by ensuring audit capability and the right for both regulatory and companies to conduct regular audits;

Risk Management in Banking using Public Cloud

‣ Risk measures such as value-at-risk (VaR) and valuation adjustments (such as CVA and xVA) measuring credit risk, running stress testing, risk simulations, and portfolio construction algorithms are computationally intensive and requires large amount of on-demand compute capacity.

‣ Good risk management requires a lot of data – Data heavy.

‣ Machine Learning to manage risk require vast quantities of data and compute capacity

‣ Large financial institutions are investing to migrate parts of their risk infrastructure to public cloud to leverage:

• Scalable and Unlimited Computing power (IaaS)

• Adopt emerging Data Management Capabilities (PaaS)

• Data Aggregation and Visualization (SaaS)

• Machine Learning in a Box (SaaS)

Why use Cloud-Based Storage?

‣ Automated backup and recovery: mitigates the risk of losing your data if there is any unforeseen failure or interruption.

‣ Replication across the globe: copies your data to protect it against any planned or unplanned events, such as scheduled maintenance or hardware failures. You can choose to replicate your data at multiple locations across the globe.

‣ Support for data analytics: supports performing analytics on your data consumption.

‣ Encryption capabilities: data is encrypted to make it highly secure; you have tight control over who can access the data.

‣ Multiple data types: Store almost any type of data you need - video files, text files, and even large binary files. Or chose options for relational and NoSQL data.

‣ Data storage in virtual disks: This capability is significant when you're storing heavy data such as videos and simulations.

‣ Storage tiers: storage tiers to prioritize access to data based on frequently used versus rarely used information.

Artificial Intelligence + Machine Learning

‣ Artificial Intelligence, in the context of cloud computing, is based around a broad range

of services, the core of which is Machine Learning.

‣ Machine Learning is a data science technique that allows computers to use existing data

to forecast future behaviors, outcomes, and trends.

‣ Forecasts or predictions from machine learning can make apps and devices smarter. For

example, when you shop online, machine learning helps recommend other products you

might like based on what you've purchased.

‣ Cloud-based environment you can use to develop, train, test, deploy, manage, and track

machine learning models. It can auto-generate a model and auto-tune it for you.

‣ Cognitive Services are available as an API you can use leverage it in your applications to

solve complex problems.

Machine Learning Services

‣ Vision - Image-processing algorithms to smartly identify, caption, index, and moderate

your pictures and videos.

‣ Speech - Convert spoken audio into text, use voice for verification, or add speaker

recognition to your app.

‣ Natural Language processing (NLP) - Allow your apps to process natural language with

pre-built scripts, evaluate sentiment and learn how to recognize what users want.

‣ Search – Integrate Search APIs to your apps and harness the ability to comb billions of

webpages, images, videos, and news with a single API call.

Q&A