In this post I want to provide a brief top-down summary of reference architectures that are applicable to banks embarking on a cloud computing journey. I will provide links to other posts where my more detailed views can be found.
Starting at the top we find the IBM Cloud Computing Reference Architecture (CCRA). The CCRA includes the Cloud Computing Management Platform (CCMP), which includes Operational Support Systems (OSS) and Business Support Systems (BSS).
IBM Infrastructure as a Service (IaaS) patterns drill down on the IaaS block in the CCRA.
IBM Security Framework
The IBM Security Framework provides a business oriented point of view on IT security and can be applied to cloud computing, virtualized or traditional environments.
IBM Security Blueprint
The IBM Security Blueprint provides a technical view covering areas of the framework such as infrastructure.
Frameworks and standards are summarized:
- Industry information security and privacy standards profile model
- IBM Unified Method Framework
- Sherwood Applied Business Security Architecture (also see the Zachman framework)
- Control Objectives for Information and Related Technology
- ISO/IEC 27002:2005
- Payment Card Industry Data Security Standard
- Sarbanes-Oxley Act
- Open Enterprise Security Architecture (O-ESA).