In this post I want to provide a brief top-down summary of reference architectures that are applicable to banks embarking on a cloud computing journey.  I will provide links to other posts where my more detailed views can be found.

IBM CCRA

Starting at the top we find the IBM Cloud Computing Reference Architecture (CCRA).  The CCRA includes the Cloud Computing Management Platform (CCMP), which includes Operational Support Systems (OSS) and Business Support Systems (BSS).

IBM PaaS

IBM IaaS

IBM Infrastructure as a Service (IaaS) patterns drill down on the IaaS block in the CCRA.

IBM Security Framework

The IBM Security Framework provides a business oriented point of view on IT security and can be applied to cloud computing, virtualized or traditional environments.

IBM Security Blueprint

The IBM Security Blueprint provides a technical view covering areas of the framework such as infrastructure.

Frameworks and standards are summarized:

• Industry information security and privacy standards profile model
• TOGAF
• IBM Unified Method Framework
• Sherwood Applied Business Security Architecture (also see the Zachman framework)
• Control Objectives for Information and Related Technology
• ISO/IEC 27002:2005
• Payment Card Industry Data Security Standard
• Sarbanes-Oxley Act
• Open Enterprise Security Architecture (O-ESA).

Also see:  Federal Financial Institution Examination Council (FFIEC).

O-ESA

O-ESA delves into the process and substance of details such as the development of security domains.  An example is provided in an IBM red book.