API Security With CA Layer 7 and CA SiteMinder
Content
SaaS Versus On-Premise…Deployment Reality
David S. Linthicum
1
Abstract
Some of the issues that need analysis when making a cloud/nocloud decision include analysis of the costs, understanding the
use cases, looking at security and governance, and the value of
time-to-market and agility. The idea is to weigh the positives
and the negatives, understand the core metrics, and then make
a decision based upon the best available information.
We’ll explore how to understand the deployment realities when
considering an on-premises versus SaaS solution. We’ll
suggest a decision model and step-by-step process to define
the core metrics for the decision, and provide some helpful
experiences from the trenches from those who have made
these critical calls in the last several years.
2
Agenda
• Step 1: Comparing Costs
• Step 2: Understanding Use Cases
• Step 3: Considering Security
• Step 4: Considering Time-to-Market and Agility
• Step 5: Pulling the Trigger
• Step 6: Considering Operations
3
Not an Easy Decision
4
Step 1: Comparing Costs
5
Many Moving Parts
6
Source: TechNet
Cost Advantages of On-Premise
• Organizations that have pre-invested in a large amount of
hardware and software, without any way to recover that
capital.
• Organizations under regulations that require that information
reside on private and tightly controlled hardware and
software.
• Organizations where the cost of SaaS services for
comparable on-premise systems are exorbitant.
• Organizations that do not have a culture that will readily
accept the use of software systems not owned and controlled
by the company.
7
Cost Advantages of SaaS
• The ability to operate at
a lower cost of
production.
• The ability to reduce
risk.
• The ability to shift
around technology
changes.
• Time-to-market.
• Business agility.
8
Example: Cumulative Total Cost Comparison for SaaS and On-Premise Mid-market with 100 Users
Source: “The TCO Advantages of SaaS-Based Budgeting, Forecasting & Reporting,
” Hurwitz & Associates, 2010, Aggarwall and McCabe.
9
Step 2: Understanding Use Cases
10
SaaS Use Cases
•
Utility services are services that perform specific
tasks related to the management of computer
functions, resources, or files, memory
management, virus protection, file compression,
etc., and these utility software services can be
delivered using a SaaS model.
•
Management services are SaaS services that
focus on managing software systems, either
those that exist on public or private clouds, or
traditional systems that exist on-premise.
Middleware services are software services that
are built specifically to facilitate communications
with one or more on-premise or cloud-based
systems or data stores.
•
Business services are true applications that are
delivered as a service. This is what most people
think of when they consider SaaS-based
providers.
•
Security services are services such as
encryption and identity management that allow
you to manage access to the SaaS-based
system.
11
Step 3: Considering Security
12
Understanding the Basics
13
The Process
• Understanding your security
requirements for a specific
system and/or data store.
• Understanding that
controlled access is much
more important than the
location of the data.
• Vulnerability testing is an
absolute necessity.
14
Control does not Mean Security
• According to Alert Logic's Fall 2012 State of Cloud Security Report:
– Variations in threat activity are not as important as where the
infrastructure is located.
– Anything that can be possibly accessed from outside -- whether
enterprise or cloud -- has equal chances of being attacked, because
attacks are opportunistic in nature.
15
Step 4: Considering Time-to-Market and Agility
16
The Value of Agility
17
The Value of Time-To-Market
18
Step 5: Pulling the Trigger
19
“It’s all about the execution…”
• Understand your business case.
• Understand your requirements.
• Understand your user.
• Understand the technology.
• Understand the migration
strategy.
• Understand the risks.
• Understand what success
means.
20
Path to the clouds
Path to clouds: start
with the requirements
Understand:
• Mission drivers
• Information under
management
• Existing services under
management
• Core business
processes
21
Step 6: Considering Operations
22
Cloud Operations? It’s Not What You Think
Source: Rackspace
23
24
David S. Linthicum
1
Abstract
Some of the issues that need analysis when making a cloud/nocloud decision include analysis of the costs, understanding the
use cases, looking at security and governance, and the value of
time-to-market and agility. The idea is to weigh the positives
and the negatives, understand the core metrics, and then make
a decision based upon the best available information.
We’ll explore how to understand the deployment realities when
considering an on-premises versus SaaS solution. We’ll
suggest a decision model and step-by-step process to define
the core metrics for the decision, and provide some helpful
experiences from the trenches from those who have made
these critical calls in the last several years.
2
Agenda
• Step 1: Comparing Costs
• Step 2: Understanding Use Cases
• Step 3: Considering Security
• Step 4: Considering Time-to-Market and Agility
• Step 5: Pulling the Trigger
• Step 6: Considering Operations
3
Not an Easy Decision
4
Step 1: Comparing Costs
5
Many Moving Parts
6
Source: TechNet
Cost Advantages of On-Premise
• Organizations that have pre-invested in a large amount of
hardware and software, without any way to recover that
capital.
• Organizations under regulations that require that information
reside on private and tightly controlled hardware and
software.
• Organizations where the cost of SaaS services for
comparable on-premise systems are exorbitant.
• Organizations that do not have a culture that will readily
accept the use of software systems not owned and controlled
by the company.
7
Cost Advantages of SaaS
• The ability to operate at
a lower cost of
production.
• The ability to reduce
risk.
• The ability to shift
around technology
changes.
• Time-to-market.
• Business agility.
8
Example: Cumulative Total Cost Comparison for SaaS and On-Premise Mid-market with 100 Users
Source: “The TCO Advantages of SaaS-Based Budgeting, Forecasting & Reporting,
” Hurwitz & Associates, 2010, Aggarwall and McCabe.
9
Step 2: Understanding Use Cases
10
SaaS Use Cases
•
Utility services are services that perform specific
tasks related to the management of computer
functions, resources, or files, memory
management, virus protection, file compression,
etc., and these utility software services can be
delivered using a SaaS model.
•
Management services are SaaS services that
focus on managing software systems, either
those that exist on public or private clouds, or
traditional systems that exist on-premise.
Middleware services are software services that
are built specifically to facilitate communications
with one or more on-premise or cloud-based
systems or data stores.
•
Business services are true applications that are
delivered as a service. This is what most people
think of when they consider SaaS-based
providers.
•
Security services are services such as
encryption and identity management that allow
you to manage access to the SaaS-based
system.
11
Step 3: Considering Security
12
Understanding the Basics
13
The Process
• Understanding your security
requirements for a specific
system and/or data store.
• Understanding that
controlled access is much
more important than the
location of the data.
• Vulnerability testing is an
absolute necessity.
14
Control does not Mean Security
• According to Alert Logic's Fall 2012 State of Cloud Security Report:
– Variations in threat activity are not as important as where the
infrastructure is located.
– Anything that can be possibly accessed from outside -- whether
enterprise or cloud -- has equal chances of being attacked, because
attacks are opportunistic in nature.
15
Step 4: Considering Time-to-Market and Agility
16
The Value of Agility
17
The Value of Time-To-Market
18
Step 5: Pulling the Trigger
19
“It’s all about the execution…”
• Understand your business case.
• Understand your requirements.
• Understand your user.
• Understand the technology.
• Understand the migration
strategy.
• Understand the risks.
• Understand what success
means.
20
Path to the clouds
Path to clouds: start
with the requirements
Understand:
• Mission drivers
• Information under
management
• Existing services under
management
• Core business
processes
21
Step 6: Considering Operations
22
Cloud Operations? It’s Not What You Think
Source: Rackspace
23
24
