In the context of the HPL Safe Cloud project, I have been working on an HP Labs R&D demonstrator, jointly with HP businesses, to illustrate:
• Next generation Business Operation Centers in Disaggregated IT scenarios, i.e. where an organisation relies on service providers (SaaS) and infrastructure providers (IaaS) in the Cloud to run their IT operation
• Information Sharing as a key requirement for the organisation to improve its (security, business, etc.) situational awareness, now that it has not anymore control over their IT operations- issues and trade-offs involving information sharing, involving the company and the other stakeholders, including SaaS and IaaS providers
• Next generation war rooms
• Our vision in the areas of Safe Cloud and controlled information sharing
We have achieved an important milestone: a full working implementation is available. Additional details and a few screenshots of the public, R&D version of the demonstrator are available online.
This demonstrator is now available and can be shown to HP customers and business partners. Below I attach, as an example, a screenshot:
We focus on a scenario involving a company that increasingly relies on SaaS and IaaS Cloud Providers to run their IT Operations. The demonstrator uses advanced visualisation and back-end processing techniques to show a futuristic, next generation Business Operation Center, supporting a company to monitor/manage their disaggregated IT.
The demonstrator provides an overview of the various company's SaaS providers along with the dependencies they have on IaaS Cloud providers and the high-level “health” status of their services.
We then use the demonstrator to illustrate the need that a company has for information sharing - to enable better situational awareness - now that the company has lost control on its IT Operations. We highlight the tension-points involved in information sharing, the trade-offs that are acceptable by the various stakeholders and the consequences of sharing data.
The demonstrator shows various view points, in terms of available information and what can be shared. For example it is possible to focus on a SaaS Provider and/or an IaaS Provider, show the locally available information and which information can actually be collected, processed and shared with the company - based on agreed policies. The demonstrator highlights some of the implications of sharing data, i.e. via live metrics, highlighting risk points and related alerts.
The demonstrator can also show the dependency on the IT infrastructure used in the Cloud and various types of metrics/information that can be exchanged with the company (right - as part of a mutual agreement). This include information on IT performance, security and incident management aspects.
A key capability of the demonstrator is to enable the audience to interactively play different roles, such as acting as the company or one of the SaaS providers. A player can interact with the system and the other players, decide which information to share (for example with other SaaS providers and/or the company) in order to accomplish common goals (e.g. dealing with an incident or an attack). We believe this creates further awareness about the importance of information sharing, the implications and tension-points in doing it, and the needs for information sharing controls.
In our HP Labs vision, HP could provide these capabilities (dashboards, controlled information sharing, analytics, etc.) as a (Security) Service to its customers, for example in the context of Managed Services and/or Next generation SOCs.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
1 comment:
Post a Comment