Marco Casassa Mont - Web Page - HP Labs
Cloud & Security Lab
SAaaS Demonstrator: Situational Awareness-as-a-Service
In the context of the Safe Cloud project, I have been working on an HP Labs R&D demonstrator, jointly with HP businesses, to illustrate:
Next generation Business Operation Centers in Disaggregated IT scenarios, i.e. where an organisation relies on service providers (SaaS) and infrastructure providers (IaaS) in the Cloud to run their IT operation
Information Sharing as a key requirement for the organisation to improve its (security, business, etc.) situational awareness, now that it has not anymore control over their IT operations- issues and trade-offs involving information sharing, involving the company and the other stakeholders, including SaaS and IaaS providers
Next generation war rooms
Our vision in the areas of Safe Cloud and controlled information sharing
We focus on a scenario involving a company that increasingly relies on SaaS and IaaS Cloud Providers to run their IT Operations. The demonstrator uses advanced visualisation and back-end processing techniques to show a futuristic, next generation Business Operation Center, supporting a company to monitor/manage their disaggregated IT.
We use the demonstrator to illustrate the need that a company has for information sharing - to enable better situational awareness - now that the company has lost control on its IT Operations. We highlight the tension-points involved in information sharing, the trade-offs that are acceptable by the various stakeholders and the consequences of sharing data.
The following picture shows the company’s Business Operation Centre as portrayed by the demosntrator. The demonstrator provides an overview of the various company's SaaS providers along with the dependencies they have on IaaS Cloud providers and the high-level “health” status of their services.
The demonstrator can then be used to illustrate various
view points, in terms of available information and what can be
shared. For example it is possible to focus on a SaaS
Provider and/or an IaaS Provider, show the locally
available information and which information can actually
be collected, processed and shared with the company - . The demonstrator highlights
some of the implications of sharing data, i.e. via live metrics,
highlighting risk points and related alerts.
The demonstrator can then be used to illustrate various view points, in terms of available information and what can be shared. For example it is possible to focus on a SaaS Provider and/or an IaaS Provider, show the locally available information and which information can actually be collected, processed and shared with the company -based on agreed policies
. The demonstrator highlights some of the implications of sharing data, i.e. via live metrics, highlighting risk points and related alerts.
In the following picture we show what happens by drilling down on a Service Provider (e.g. providing Business Intelligence Services/Analytics) and the IaaS provider that runs the services on behalf of the company:
The demonstrator shows the dependency on the IT infrastructure used the Cloud (left) and various types of metrics/information that can be exchanged with the company (right - as part of a mutual agreement). This include information on IT performance, security and incident management aspects.
The following screenshot shows a comparative analysis that the company can now carry out against similar information provided by another of its service provider (e.g. the one that provides Retail Services). This enables benchmarking and better situational awareness.
A key capability of the demonstrator is to enable the audience to interactively play different roles, such as acting as the company or one of the SaaS providers. A player can interact with the system and the other players, decide which information to share (for example with other SaaS providers and/or the company) in order to accomplish common goals (e.g. dealing with an incident or an attack). We believe this creates further awareness about the importance of information sharing, the implications and tension-points in doing it, and the needs for information sharing controls.
In our HP Labs
vision, HP could provide these capabilities (dashboards,
controlled information sharing, analytics, etc.) as a (Security)
Service to its customers, for example in the context of Managed
Services and/or Next generation SOCs.
This demonstrator is now available and can be shown to HP customers and business partners. I have been the technical lead of this demonstrator in collaboration with a team of colleagues.
Marco Casassa Mont
Cloud & Security Lab
Long Down Avenue
Bristol, BS34 8QZ, UK