Always backed by a bright IT service

Never invest in computer hardware again, always use the latest applications and only pay for what you need

Never invest in computer hardware again, always use the latest applications and only pay for what you need

There is one point that often makes interested enterprises hesitant about relocating their infrastructure and applications to the cloud: requirements on their data’s security and related compliance issues. Not all data and documents are business- critical per se. Although some are very much in that category, a company will have different requirements on information they want to share with business partners, and still others for generally available data. Because the requirements demanded of cloud services vary so greatly, Siemens IT Solutions and Services has developed a new cloud computing approach: “Siemens Bright IT Services”.

Online services for employees, on-demand archive management or a collaboration solution: The best-suited cloud depends on what service a company wants. The “Bright IT Services” approach takes into account these different requirements and offers the right solution for everyone – in the public, the private or the community cloud. Its focus is not on the technology itself, but rather the smartest way for a company to leverage the new opportunities offered by IT. The key question is: How can cloud services be integrated securely in the existing landscape so that they offer the best-possible support for business processes?

Many current cloud service providers are either too small, don’t have the necessary experience in the industry or, like Google or Amazon, offer pure commodity services such as storage space or computing power. In contrast, Siemens IT Solutions and Services focuses on a strategic consulting approach coupled with sector-specific know-how. It analyses security aspects and potentials, always from the specific perspective of the company’s requirements: What processes and data are highly sensitive? Are there applications that are less critical and so suitable for the public cloud? What data protection and legal aspects does the company have to consider? What infrastructure already exists and how can it be connected to cloud services?

Integrated IT clouds
More companies are already using cloud services than is generally known. It is often the case that even management or the people in charge of IT don’t know where data is located in the clouds within their own organisation. The reason for this: In many cases, the business departments are themselves buying in IT systems and applications that they need and which offer fast technological support for their own processes. The cloud is usually an obvious resort since budgets for smaller on-demand IT services can be approved quickly without signatures from bosses. However, the upshot is frequently a jumbled assortment of different technologies that creates more security gaps instead of plugging them.

It’s therefore advisable to consider an end-to-end, transparent concept sooner rather than later. After all, these diffuse security risks have to be curbed. But the departments still have to be provided with fast and flexible solutions for their day-to-day work. One of the main challenges is therefore to integrate existing IT systems and cloud services into a single overall concept. To name just one example: Email services can be implemented quickly and cheaply in the public cloud as a mass application with data that requires a normal level of security. But that may not apply to emails from the managing board or research department. Administrators would then have to manage some of the mailboxes internally and others externally – which involves additional time and effort. An integrated cloud approach from a provider like Siemens IT Solutions and Services means it will become easy to choose how many mailboxes are to be obtained from a public and how many from a private cloud. The user interface and configuration remain the same.

So that IT service providers can recommend the right mix for their customers, it is crucial for them to maintain multiple partnerships – for example what Siemens IT Solutions and Services does with Microsoft, VMware or Oracle. That means they are vendor-independent and can evaluate which solutions are best suited for which demands. The solutions can then be integrated simultaneously with both the relevant cloud models and the existing infrastructure.

A service that delivers a business advantage
Cloud computing is not just a means of cutting costs, but also opens up new business models and ways of cooperating with strategic partners. Community clouds are intended to facilitate such collaboration. The focus is on workflows – not just those of one company, but of several, or even an entire industry. The common goal is for the different organisations to be able to work together more agilely and flexibly.

For instance, Siemens IT Solutions and Services has developed such a community cloud for the media and entertainment industry, where work is typically split over several different locations. Media companies frequently outsource particular work steps to external service providers or use offshore capacities. At the same time, the various parties are integrated in the individual processes and must always be able to access up-to-date content promptly. Up to now, such activities were coordinated mainly by material being sent back and forth by tape and courier. Community cloud services now aim to simplify, speed up and improve the quality of specific production and broadcasting processes in the media business. They cut costs and make it easier to meet compliance requirements. Thanks to cloud computing, any authorised person can now access digitised media content quickly and easily from anywhere in the world using a Web browser and so speed up the approval process.

The cloud – yes please, as long as it’s secure
Before venturing into cloud computing, more than 80 percent of companies want guarantees that their data will be protected. These were the findings of a recent survey by analysts from Information Technology Intelligence Corporation (ITIC) among 300 companies with up to 100,000 employees worldwide. Compliance is also a question on managers’ minds: Where is my data stored and who can access it? How can user identities be controlled and protected and access verified in an auditable way?

A private cloud is suitable for especially security-critical company data and applications, since customers know precisely in which country – and even which data centre – their data is stored. It can also be encrypted and transferred or encoded and stored in secure databases. As a result, demarcated parts of the cloud can be specifically assigned to a customer and even managed by specially selected system administrators. The drawback: The higher the cloud service’s security level, the less flexible it is because it’s not possible for multiple resources to be used dynamically. In addition, at least some of the economies of scale, and so cost advantages, are lost.

Authorisation to access the clouds
So as to protect cloud services for its customers, Siemens IT Solutions and Services uses its own identity-based solutions for Identity and Access Management (IAM), such as its flagship DirX. It administers the roles and rights of employees and external partners and so protects resources and systems against unauthorised access. That is particularly important in community clouds, where a large number of people across different organisations use data from the cloud. Thanks to their authorisations, employees or business partners can also identify each other in the cloud and set up and collaborate in secure networks across departments and companies. Single sign-on means that users have to log on only once to gain access to all cloud services they are allowed to use. In this way, important compliance guidelines, such as EuroSOX or Basel 2, are easy to observe. That’s because it is always possible to track who accessed what data.

Siemens’ internal Computer Emergency Response Team (CERT) also ensures the necessary security in the Web by keeping all worldwide threats on the Web on its radar, analysing them and taking prompt and appropriate protective measures. Since a secure Internet connection is a vital part of cloud computing, repulsing such attacks is crucial. Data protection is also ensured by using certified data centres and, where necessary, anonymising information processing.

Further information: www.siemens.com