Forecast 2014: SaaS Data Exchange
-
Upload
open-data-center-alliance -
Category
Technology
-
view
142 -
download
2
description
Transcript of Forecast 2014: SaaS Data Exchange
![Page 1: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/1.jpg)
SAAS DATA EXCHANGE
Vijay Ranjan MungaraODCA Data Services TeamIntel Corporation
![Page 2: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/2.jpg)
AGENDA Purpose Audience Scope Challenges & Solutions
• Regulatory Requirements & Standards• Data Management• SaaS Provider Code Releases• Data Security
Summary of Industry Actions Required
2
![Page 3: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/3.jpg)
OBJECTIVE Best Practices, challenges for SaaS Data Exchange that
organizations can use for planning and implementation• Best Practices for data management applies• Additional Challenges with SaaS is the focus of this presentation
Challenges include integration, security & interoperability between SaaS providers and Consumers
3
![Page 4: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/4.jpg)
DEFINITION
4
![Page 5: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/5.jpg)
REGULATORY REQUIREMENTS & STANDARDS Compliance with local regulatory (Privacy, Storage, Mandates, Legal,
Country Laws, Audit Laws) requirementsOutsourcing standard and/or policies Business continuity management standards and/or policies Risk management standards and/or policiesGuidance, standards, and policies to manage and govern data and
security risks
5
![Page 6: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/6.jpg)
CHALLENGES
6
![Page 7: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/7.jpg)
CHALLENGES DATA OWNERSHIP / LOCATION Data Ownership
• Irrespective of jurisdiction, data storage across multiple cloud service providers could lead to data fragmentation and cause data ownership problems when cloud services are terminated.
• Contractual Agreements between Provider/Consumer needs to consider ownership of Intellectual Property & Integrity
Data Location• Data fragmentation or distribution across cloud service providers• Applicable regulatory and legal framework of the jurisdiction• Location of information storage and contractual controls• Regulatory obligations compliance
7
![Page 8: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/8.jpg)
SOLUTIONS
8
![Page 9: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/9.jpg)
DATA GOVERNANCEDefines policies around
• Retention and disposition of corporate information• Identifies people who govern these activities. • Examples:
• APRA standards and guidelines, PCI DSS, ISACA’s CoBIT /COSO frameworks, the Commonwealth’s Privacy Act, along with international legislation such as Sarbanes-Oxley, HIPAA, AML, and sanctions screening are increasingly driving regulators’ focus on the data management process and associated controls.
9
![Page 10: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/10.jpg)
DATA CONTROLS
Identify•Data stores,•business owners• locations•suppliers•Relevant regulatory, legislative
Classify and perform a
valuation of data assets
Determine enterprise risk drivers and risk
tolerance
Implement an appropriate data
control framework (examples include CoBIT, COSO, and
ISO 27001/2)
Ensure regular monitoring,
auditing, and reporting activities
10
![Page 11: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/11.jpg)
DATA MANAGEMENT
11
![Page 12: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/12.jpg)
DATA MANAGEMENT
12
Lack of Data Documentation• Infer data model from API documentation
Extending Data• Weigh configuration vs. customization
Data Exchange• Select best solution based on data usage requirement
Data Validation• Use standard data management techniques
![Page 13: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/13.jpg)
CHALLENGE: LACK OF DATA DOCUMENTATION
13
Use traditional data management techniques to infer the data model and structure from API documentation• Steps
• Referencing the documentation to identify entities • RESTful APIs typically have end points that represent entities • Look for collections within the end points, since they can represent entities
• Build a conceptual entity model from the identified entities • Build out relationships based on description
• Layer in the attributes from the documentation• Review and refine• Create the semantic mapping to the business’ canonical model
• Example overview• Example documentation from a RESTful API to a customer record
![Page 14: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/14.jpg)
CHALLENGE: LACK OF DATA DOCUMENTATION - EXAMPLE
14
Attribute DescriptioncutomerGuid Unique identifier (GUID) assigned when created
alternateId Alternate key identified from another system
firstName The customer’s first name
middleName The customer's middle name or middle initial
lastName The customer's last name
email The email address for the account
dateOfBirth The birthdate of the user of the account, ISO 8601 (YYYY-MM-DD)
gender The gender of the customer. Format is ISO 5218
addresses A collection for address information
addressGuid The unique identifier for the address
type The location/purpose for an address.
line1..3 The first, second, and third lines of the customer's address
city The city associated with the address
stateProvince The state or province, ISO 3166-2. Maximum is three characters.
postalCode The ZIP code or postal code.
country The region/country, ISO 3166. Maximum is two characters.
preferred Default ""false"". At most one address may be preferred
phones A collection for phone information.
phoneGuid The unique identifier for the phone number
type The purpose or type of phone number.
number The actual phone number
internationalPrefix The international calling code for the phone number.
Customer API JSON response
![Page 15: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/15.jpg)
CHALLENGE: LACK OF DATA DOCUMENTATION - EXAMPLE
15
Canonical Internal System 1 SaaS Service 1Customer Interface
Entity Attribute Entity Attribute AttributeCustomer Customer Identifier customer customer_id alternateIdExternal Customer Mapping
External Customer Identifier
customer_account_map ext_customer_id customerGuid
Customer First Name customer first_name firstNameCustomer Middle Name customer middle_name middleNameCustomer … … … …Customer Address Address Type customer_address address_type addresses.typeCustomer Address Address Line 1 customer_address address_line_1 addresses.line1Customer Address … … … …Customer Phone Phone Type customer_phone phone_type phones.typeCustomer Phone Phone Number customer_phone phone_number phones.numberCustomer Phone … … … …… … … … …
Semantic mapping
![Page 16: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/16.jpg)
CHALLENGE: EXTENDING DATA
16
Configuration is a better option than customization Configuration Customization
Supported out of the box Requires custom coding
Vendor should support functionality between versions
Requires testing with each vendor upgrade
Limited to what the vendor offers in terms of configuration
Build anything that is required
![Page 17: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/17.jpg)
RELEASE UPGRADE PLANS
17
![Page 18: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/18.jpg)
SAAS PROVIDER CODE RELEASESChallenges
• Frequent Provider Releases can cause• Inconsistencies• Mismatch in the version of Data• Breakage in data exchange process• Errors in Code, Runtime, Interface & data• Service consumers can’t always upgrade at the same time• Changes in data content, context and format• Appropriate release times needs to be co-ordinated so as to
minimally impact organizations’ IT systems.
18
![Page 19: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/19.jpg)
SOLUTIONS
19
![Page 20: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/20.jpg)
RELEASE PLAN (PROVIDER) AND UPGRADE PLAN (CONSUMER) Providers should make a detailed release plan for service
consumers, this plan should identify • Important milestones • New technical specification • When (and how) the service consumers can execute beta testing if
necessary, when the new version of code will be officially available, and when the old version of code will no longer be available
Based on the provider’s release plan, service consumers should • Create their own upgrade plan to decide when they
• Should identify the impact scope, • Need to complete the code revision and testing, • To upgrade their IT systems that are influenced by this provider code
release. 20
![Page 21: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/21.jpg)
RELEASE PLAN ESSENTIALS
Non-production Test Environment.
Phased Upgrade Deployment Strategy.
Announcement and Reminding Mechanism.
Upgrade Timing Choice.
Partial-to-All Approach.
21
![Page 22: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/22.jpg)
DATA SECURITY
22
![Page 23: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/23.jpg)
DATA SECURITY Controls that can provide the appropriate level of data protection. Existing threats of tampering or theft of data in transit implies that
most sensitive information is already encrypted in transit. • However, recent data theft has occurred while data is at rest—
underscoring the need for cloud-based data security. The ODCA Data Security Framework and the Security usage model
discuss in detail data security and define requirements associated with increasing data security in the cloud. In particular, the Data Security Framework documents the following data security controls: References
• http://www.opendatacenteralliance.org/docs/Data_Security_Framework_Rev1.0.pdf• http://www.opendatacenteralliance.org/docs/Data_Security_Rev1.0.pdf
23
![Page 24: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/24.jpg)
SUMMARY OF INDUSTRY ACTIONS The following actions are required by the combined solution
provider and consumer communities: • Solution providers need to build better data management tooling into
cloud services.• Solution providers should provide clear documentation about what data is
managed by their SaaS solution. This documentation ideally includes the following:• Conceptual data model of the solution • Data dictionary of the data managed by their solution • Mapping of the conceptual model to the APIs and interface elements
The industry needs to continue to develop and adopt standards for accessing data, specifically in the areas of querying and reading data.
24
![Page 25: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/25.jpg)
THANK YOU
![Page 26: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/26.jpg)
26
![Page 27: Forecast 2014: SaaS Data Exchange](https://reader033.fdocuments.in/reader033/viewer/2022060117/558505b1d8b42ae71b8b52b5/html5/thumbnails/27.jpg)
© 2 0 1 4 O p e n D a t a C e n t e r A l l i a n c e , I n c . A L L R I G H T S R E S E R V E D .