Many organizations struggle with the two major initiatives of today’s IT, which are Cloud Computing and Information Security. The reason for that is simple: The way we are doing IT and thus the structure of today’s IT Organizations isn’t ready for today’s challenges and the new opportunities of Cloud Computing.
The KuppingerCole IT Model provides the guideline for organizations to move their IT Organization and IT Infrastructure to the next level and to make it future-proof. It helps in fulfilling the major business requirements:
- Provide the services that business really needs – agile and in-time, cost-effective, and in the way business really needs them;
- Enforce Information Security and protect the sensitive business information and intellectual properties of the organization;
- Mitigate your IT risks, stay compliant, and enforce an enterprise-wide Governance approach.
It helps IT Organizations in re-gaining leadership and making their on-premise IT production state-of-the-art again. The KuppingerCole IT Model consists of three layers – plus the Governance infrastructure.
Business Service Delivery focuses on providing exactly the services business neads, in the way business needs them, and in time. It is about interfacing Business and IT. This is where Business/IT alignment moves from a buzzword towards reality.
IT Service & Security Management is what we also could name “Core IT”. This is where services are managed and where IT services are transformed into business services. And this is where Information Security is enforced.
IT Service Production is about producing services and providing them to the business. This layer supports all types of production environments, from on-premise to any type of clouds. These production units have to provide services in a standardized way. Best of all, they are themselves organized according to that three-layered structure, by understanding the output they provide as the business services for their customers, e.g. the IT itself.
The fourth part in the KuppingerCole IT Model is about Governance. The model fully covers IT Governance, with Information Governance as the link between Business and IT Services & Security Management and Service Governance as the link from there to IT Production. KuppingerCole strongly recommends moving away from system- and at best service-centric approaches towards a combination of Information and Service Governance. The business cares about information first.
Besides the IT Governance, there is Business Governance. Both of them together form Enterprise Governance. The KuppingerCole IT Model provides full support in defining your way to real Enterprise Governance, which focuses on all aspects, instead of only a small portion of them like most vendors in that space do today.
IT Risks are always Enterprise Risks. The only reason to look at them is that they are tied to strategic risks, operational risks, and reputational risks – the latter typically have strategic and operational impacts.
Following that approach, IT can focus on what is really important. IT can streamline the process from service production and procurement to business service delivery. IT enforces the IT Governance and supports Enterprise Governance. And IT can structure itself according to this model, by building a central, focused organization for IT Service & Security Management on top of the production unit(s). It appears to be a simple model, but it is in fact the foundation for the future of your IT organization and infrastructure, based on the KuppingerCole research and advisory.
And here are selected EIC Sessions related to this topic:
The Business Value of IT
April 18, 2012, 10:30 – 11:30
Presentation & Discussion
Increase Value to the Business: The KuppingerCole IT Model
KuppingerCole recently has unveiled its view on the IT: The KuppingerCole IT Model. This model focuses on fulfilling the business needs: Providing the services business really needs – and ensuring that corporate information is adequately protected. Based on these targets, the model segments IT in three layers and allows mapping virtually anything. It supports in increasing the agility of IT in terms of quickly fulfilling business service requests. It explains on how to build your IT infrastructure as well as the Governance framework. It is the answer on how to best deal with the hybrid environments organizations have today, mixing different cloud environments with the existing on-premise IT. Thus it provides the logical answer for the strategic use of the Cloud. And it provides the cornerstones for building efficient on-premise environments. The model is a lean concept on which you can base your future-proof, business-driven IT.
How IAM can Catalyze the Secure Enterprise
IAM (Identity & Access Management) is one of the cornerstones of Information Security. Thinking in identities and putting the security of information and the access to information in the center of attention is the foundation for improving information security. Moving away from device-centric and network-centric security to information-centric security allows to better understand information risks and the required actions to mitigate these risks and better secure your enterprise. Leading industry experts, all with an analyst background, and KuppingerCole analysts discuss the role IAM plays for information security and the future of IT Security in general in this panel.
 |
 |
 |
 |
Craig Burton
KuppingerCole |
Gerry Gebel
Axiomatics |
Martin Kuppinger
KuppingerCole |
Mike Neuenschwander
Oracle |
More information
The Future IT Organization
April 18, 2012, 11:30 – 12:30
Presentation & Discussion
Winds of Change in your IT Organization: Get ready for the Future
IT Organizations are on the move. The Cloud requires new skills in procurement, service orchestration and service management. An increasing number of CEOs nowadays aren’t IT veterans anymore but young managers which understand the CIO role as an important career step. And the demand for more Business/IT alignment drives the change of IT organizations as well. In this session, you will learn of how to fundamentally restructuring your IT, following the KuppingerCole IT Model. This results in an IT organization which is business-driven and focused. This also supports efficiency gains in IT production. It is about an agile organization, ready for the future.
The Future of Identity & Access Management: Embrace, Extend – and don’t Replace?
Most organizations have done quite some investment into IAM and Access Governance. But they need much more. They need to integrate, they need to extend what they have done, and they need to leverage developments like geographically dispersed infrastructures, mobile computing and cloud. Thus good solutions should add value to what these organizations have instead of putting most effort in redoing things which did cost a lot of money. In this panel, we will discuss strategies for IAM and Access Governance which focuses on adding value, enhancing what customers have and filling the gaps they might have, without ending in vendor clashes.
 |
 |
 |
 |
 |
Hassan Maad
Evidian |
Alberto Ocello
CrossIdeas |
Darran Rolls
Sailpoint |
Jonathan Sander
Quest |
Jim Taylor
NetIQ |
More information
Cloud Information Security
April 18, 2012, 14:00 – 15:00
Presentation & Discussion
The Cornerstones of Information Security in the Cloud
Information Security in the Cloud – that’s in fact moving towards a location-independent and provider-independent approach for information security. In the days of on-premise only IT (plus maybe an outsourcer), the focus could be on securing the network and the device. In these days where IT services are a mix of on-premise, private and public cloud services – i.e. in days where things become hybrid – we can’t rely on network or system security. We don’t really know where our data remains and where services are run. The cloud sprawl, with chains of providers like your SaaS provider relying for example on Amazon Web Services, leads to a situation where we have to re-think the approach in Information Security.
The most important cornerstone is to move from system, network, device security towards information-centric security, which we might name “real Information Security”. Another one is understanding Information Security as an initiative which isn’t focused on technologies first of all, but on understanding risks, contracts and other aspects. Another important cornerstone is, without any doubt, the identity. We have to deal with more identities and with persons using different identities. Identity and Access Management is a key element in Information Security in, for, and with the Cloud.
There are many other aspects. In this session, we will provide our view on the future of Information Security – an approach that works seamless for the hybrid world of today and tomorrow, from classical on-premise IT to the public Clouds.
Extending your Identity & Access Management into the Cloud
Identity management across multiple SaaS (software-as-a-Service) applications as well as on-premise systems is a challenge to most enterprises. Challenges in Identity Management in the cloud, simply goes beyond how we do authentication, authorization and auditing right. Cross domain authentication, provisioning, interoperability, multi-tenancy, delegation and security are few challenges to name. The best way to preserve interoperability is to adhere to open standards. Lots of proprietary standards came a long way, but at the time they felt a larger audience is needed and interactions with other systems, those became open standards. SAML2 Web SSO, OpenID, OAuth are some popular open standards, widely used across many cloud providers for authenticating users while facilitating identity portability. WS-Trust, WS-Federation used to cater the same aspect while dealing with systems. XACML is another open standard, which is considered to be the de-facto standard for authorization. It facilitates fine-grained authorization in a policy driven manner. Provisioning is also an important aspect in a cloud identity management system. SPML failed to be the de-facto standard for provisioning due to its heavyweight nature and being bias to SOAP. The latest emerging standard for provisioning is SCIM, which is still in progress at the specification level, but looks promising.
|
 |
 |
 |
Gerry Gebel
Axiomatics |
Dr. Barbara Mandl
Daimler AG |
Prabath Siriwardena
WSO2 |
Mike Small
KuppingerCole |
More information
Leave a Reply
February 20th, 2012 at 06:40
[...] Cole: Move your IT to the Next Level: The KuppingerCole IT Model http://www.id-conf.com/blog/2012/02/20/kuppingercole-it-model/ https://plus.google.com/113340044616880088383/posts/W9XjSHDDVFp http://bit.ly/OracleIdM Share [...]