Keynote: Big Data and the Cloud – We Better Get it Right
Wow, what a great way to kick off the second day! I found that this presentation had so much
useful information for enterprise architects who want to build cloud based
solutions. It was less about telling the audience the specifics but rather
teaching them how to fish.
For those that read my blog it may not be a big secret that Mary
Ann and I share the same concerns when it comes to cloud risk management.
She talks about the notion of Security 2.0. Mary Ann
described Security 2.0 as the evolution of security where it shifts from being
a reactive infrastructure oriented response to a business oriented risk management
based approach. I couldn’t agree more and I have evangelized this heavily in the
Cloud Strategy and Planning Framework I built where the notion of Value and
Risk is core to understand before making investments into the cloud (Understanding
Which Investments Should go to the Cloud, Cloud
Strategy Begins with Value and Balances Risk ).
“Information is the
life blood of your organization”
This is a key quote that I think is often overlooked but it
is so important. We also see similar principle statements of “data is a
strategic asset” but do we really treat data that way? I think this session highlights
that there is a lot more opportunity for us to address that aspect.
The session covered two high hitting areas:
- Current State of Security and Cloud
- Addressing Security and Cloud
Current State of
Security and Cloud
The message here is that the climate is really changing. Mary
Ann said that:
- The business is changing – There are a number of
forces on the business that are driving security
- Explosion of data – The rate of data that is
consumed has exploded
- Real-time decisions – Consumers and business
customers are expecting decisions and data in real-time.
The two slides shown drive this point home.
The first slide talks about the market research that HP done
with their customers and generated some really interesting statistics.
The second slide goes into the specific concerns that
manifest from executives.
As a result of all this new data, increased access to it and
the seemingly lose control over it there has been an increase of regulation and
compliance. But since what we know as the traditional notion of a corporate fortress
is no more, we have a somewhat different model with new methods we need to
The second major area of the presentation moved right into
how to think about addressing security concerns in the cloud.
The key message here was that one security solution isn’t
enough for cloud. There is a multifaceted approach. I agree with her on this. I
often see architects and other roles try to address security by through
infrastructure at the problem. However, with the cloud that all changes and we lose
control of the things we could walk down the hall for.
Two slides I think will be useful to many architects are
overlaying risk and security onto the NIST defined Cloud Service and Deployment
Cloud Service Models
Cloud Deployment Models
While Mary Ann talked about their methodology at a
high-level I don’t think she had to necessarily go into the details. The key
point is that HP / Mary Ann gets the fact that having a repeatable and
predictable method is a key part to the notion of Security 2.0.
Below is the HP ATOM methodology
Great job Mary Ann! I really enjoyed the presentation.