Keynote: Big Data and the Cloud – We Better Get it Right
Wow, what a great way to kick off the second day! I found that this presentation had so much useful information for enterprise architects who want to build cloud based solutions. It was less about telling the audience the specifics but rather teaching them how to fish.
For those that read my blog it may not be a big secret that Mary Ann and I share the same concerns when it comes to cloud risk management.
She talks about the notion of Security 2.0. Mary Ann described Security 2.0 as the evolution of security where it shifts from being a reactive infrastructure oriented response to a business oriented risk management based approach. I couldn’t agree more and I have evangelized this heavily in the Cloud Strategy and Planning Framework I built where the notion of Value and Risk is core to understand before making investments into the cloud (Understanding Which Investments Should go to the Cloud, Cloud Strategy Begins with Value and Balances Risk ).
“Information is the life blood of your organization”
This is a key quote that I think is often overlooked but it is so important. We also see similar principle statements of “data is a strategic asset” but do we really treat data that way? I think this session highlights that there is a lot more opportunity for us to address that aspect.
The session covered two high hitting areas:
- Current State of Security and Cloud
- Addressing Security and Cloud
Current State of Security and Cloud
The message here is that the climate is really changing. Mary Ann said that:
- The business is changing – There are a number of forces on the business that are driving security
- Explosion of data – The rate of data that is consumed has exploded
- Real-time decisions – Consumers and business customers are expecting decisions and data in real-time.
The two slides shown drive this point home.
The first slide talks about the market research that HP done with their customers and generated some really interesting statistics.
The second slide goes into the specific concerns that manifest from executives.
As a result of all this new data, increased access to it and the seemingly lose control over it there has been an increase of regulation and compliance. But since what we know as the traditional notion of a corporate fortress is no more, we have a somewhat different model with new methods we need to support.
Addressing Security and Cloud
The second major area of the presentation moved right into how to think about addressing security concerns in the cloud.
The key message here was that one security solution isn’t enough for cloud. There is a multifaceted approach. I agree with her on this. I often see architects and other roles try to address security by through infrastructure at the problem. However, with the cloud that all changes and we lose control of the things we could walk down the hall for.
Two slides I think will be useful to many architects are overlaying risk and security onto the NIST defined Cloud Service and Deployment Models:
Cloud Service Models & Security
Cloud Deployment Models & Security
While Mary Ann talked about their methodology at a high-level I don’t think she had to necessarily go into the details. The key point is that HP / Mary Ann gets the fact that having a repeatable and predictable method is a key part to the notion of Security 2.0.
Below is the HP ATOM methodology
Great job Mary Ann! I really enjoyed the presentation.