Presentation is loading. Please wait.

Presentation is loading. Please wait.

WHAT IS CLOUD COMPUTING REALLY?

Published byBrian Hunter Modified over 10 years ago

Similar presentations

Presentation on theme: "WHAT IS CLOUD COMPUTING REALLY?"— Presentation transcript:

1 WHAT IS CLOUD COMPUTING REALLY?
Scott Clark Chicago Chapter President Cloud Security Alliance

2 The Blind Men and the Cloud
It was six men of Info Tech To learning much inclined, Who went to see the Cloud (Though all of them were blind), That each by observation Might satisfy his mind

3 The Blind Men and the Cloud
The First approached the Cloud, So sure that he was boasting “I know exactly what this is… This Cloud is simply Hosting.”

4 The Blind Men and the Cloud
The Second grasped within the Cloud, Saying, “No it’s obvious to me, This Cloud is grid computing… Servers working together in harmony!”

5 The Blind Men and the Cloud
The Third, in need of an answer, Cried, "Ho! I know its source of power It’s a utility computing solution Which charges by the hour.”

6 The Blind Men and the Cloud
The Fourth reached out to touch it, It was there, but it was not “Virtualization,” said he. “That’s precisely what we’ve got!”

7 The Blind Men and the Cloud
The Fifth, so sure the rest were wrong Declared “It’s SaaS you fools, Applications with no installation It’s breaking all the rules!"

8 The Blind Men and the Cloud
The Sixth (whose name was Benioff), Felt the future he did know, He made haste in boldly stating, “This *IS* Web 3.0.”

9 The Blind Men and the Cloud
And so these men of Info Tech Disputed loud and long, Each in his own opinion Exceeding stiff and strong, Though each was partly in the right, And all were partly wrong! Sam Charrington & Noreen Barczweski © 2009, Appistry, Inc

10 Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources

11 “This Cloud is simply Hosting”

12

13 Evolution of “Hosting”
CUSTOM “Co-Location” COMMODITY “Cloud Service Providers”

14 Evolution of Data Centers
Closest to power plants Google Data Center State of Oregon Columbia River 103 Mega Watt Data Center on 30 acres Near 1.8 GW Hydropower Station

15 Data Center is the new “Server”

16 POD Computing

17

18 Google’s low cost commodity server

19 Is This New?? Berkeley credited Cluster of Servers Started in 1994

20

21

22

23

24 Broadband Network Access

25

26 Rapid Elasticity

27

28 Risk of over-provisioning: underutilization
Measured Service Risk of over-provisioning: underutilization Demand Capacity Time Resources Unused resources Static data center

29 Heavy penalty for under-provisioning
Measured Service Heavy penalty for under-provisioning Resources Demand Capacity Time (days) 1 2 3 Resources Demand Capacity Time (days) 1 2 3 Lost revenue Resources Demand Capacity Time (days) 1 2 3 Lost users

30 Data center in the cloud
Measured Service Pay by use instead of provisioning for peak Demand Capacity Time Resources Demand Capacity Time Resources Unused resources Static data center Data center in the cloud

31

32 Resource Pooling =Virtualization
Hardware OS App Hypervisor Virtualized Stack Hardware Operating System App Traditional Stack

33 Server Virtualization

34 Storage Virtualization

35 SuperioNetwork Virtualization
Platform-Independent Razor-Thin CapEx Application ToR Switch ToR Switch Application VMs High CapEx Low Utilization High Complexity Change-Resistant Colors on projector Deploy anywhere Elastic scalability Interfaces with provisioning & orchestration systems Evolves with rapidly changing network architectures Utility licensing model

36

37 Case Study Created 10,000 Core- Cluster Leveraged Amazon’s EC2
Genentech needed a super computer to examine how proteins bind together Using Genentech’s resources would have taken weeks or months to gain access & run program

38 Completed in 8 Hours! Genentech’s Cost = $8,480!
Infrastructure: 1250 instances with 8- core / 7-GB RAM Cluster Size: 10,000 cores, 8.75 TB RAM, 2 PB of disk space total Scale: Comparable to #114 of Top Supercomputer list Security: Engineered with HTTPS & 128/256-bit AES encryption User Effort: Single click to start the cluster Start-up Time: Thousands of cores in minutes, full cluster in 45-minutes Up-front Capital Investment/Licensing Fees: $0 Total CycleCloud and Infrastructure Cost: $1,060/hour

39

40 Utility computing (IaaS)
Delivery Models “Why do it yourself if you can pay someone to do it for you?” Utility computing (IaaS) Why buy machines when you can rent cycles? Examples: Amazon’s EC2, GoGrid, AppNexus Platform as a Service (PaaS) Give me nice API and take care of the implementation Example: Google App Engine, Force.com Software as a Service (SaaS) Just run it for me! Example: Gmail, Salesforce.com and NetSuite

41

42 Forrester: Cloud Market To Reach $241 Billion By 2020

43 Case Study – Hybrid Cloud
June 25, 2009 1 Million visits in 24/hrs Twitter stood still Ticket Master crawled Yahoo! 16.4 million site visitors in 24 hours more that Election Day of 15.1 Sony.com couldn’t sell music – 200 sites down

44 Private to Public Burst

45

46 What About Service Oriented Architecture???

47 BREAK

48

49 What is Different in the Cloud?
Many concepts “in the cloud” are similar to concepts in standard outsourcing There are at least four themes which require a different mindset when working on security for cloud services: Role clarity for security controls Legal / jurisdictional / cross-border data movement Virtualization concentration risk Virtualization network security control parity.

50 What is Different in the Cloud?
Role Clarity Security ~ THEM Security ~ YOU IaaS Infrastructure as a Service PaaS Platform as a Service SaaS Software as a Service

51 What is Different in the Cloud?
Legal / Jurisdictional Issues Amplified “Cloud” Provider Datacenter in London, U.K. “Cloud” Provider Datacenter in Sao Paolo, Brazil Your Corporate Data? “Cloud” Provider Datacenter in Geneva, Switzerland “Cloud” Provider Datacenter in Tokyo, Japan “Cloud” Provider Datacenter in San Francisco, USA

52 What is Different in the Cloud?
Virtualization Concentration Risks “Old Way – Hack a System” “New Way – Hack a Datacenter” Hypervisor

53 What is Different in the Cloud?
Virtualized N-Tier Control Equivalence “Current Way” “New Way” How do we ensure control parity? Internet Hypervisor Users FW WAF NIDS / IPS Presentation Layer FW WAF NIDS / IPS Internet Data Layer Users

54 Key Cloud Security Problems
From CSA Top Threats Research: Trust: Lack of Provider transparency, impacts Governance, Risk Management, Compliance Data: Leakage, Loss or Storage in unfriendly geography Insecure Cloud software Malicious use of Cloud services Account/Service Hijacking Malicious Insiders Cloud-specific attacks 54

55 Cloud Security Alliance Guidance

56 Cloud Security Alliance Guidance
Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Cloud Architecture Operating in the Cloud Governing the Cloud Available at 56

57 Defining Cloud On demand provisioning Elasticity Multi-tenancy
Key types Infrastructure as a Service (IaaS): basic O/S & storage Platform as a Service (PaaS): IaaS + rapid dev Software as a Service (SaaS): complete application Public, Private, Community & Hybrid Cloud deployments 57

58 Governance and Enterprise Risk Management
Due Diligence of providers governance structure and process in addition to security controls. SLA’s Risk Assessment approaches between provider and user should be consistent. Consistency in Impact Analysis and definition of likelihood Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Cloud Architecture Operating in the Cloud Governing the Cloud . 58

59 Legal and Electronic Discovery
Mutual understanding of roles related to litigation, discovery searches and expert testimony Data in custody of provider must receive equivalent guardianship as original owner Unified process for responding to subpoenas and service of process, etc Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Cloud Architecture Operating in the Cloud Governing the Cloud 59

60 Analyze Impact or Regulations on data security
Compliance and Audit Right to Audit Clause Analyze Impact or Regulations on data security Prepare evidence of how each requirement is being met Auditor qualification and selection Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Cloud Architecture Operating in the Cloud Governing the Cloud 60

61 Information Lifecycle Management
How is Integrity maintained? If compromised how its detected and reported? Identify all controls used during date lifecycle Know where you data is! Understand provider’s data search capabilities and limitations Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Cloud Architecture Operating in the Cloud Governing the Cloud 61

62 Portability and Interoperability
IaaS - Understand VM capture and porting to new provider especially if different technologies used. PaaS – Understand how logging, monitoring and audit transfers to another provider SaaS – perform regular backups into useable form without SaaS. Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Cloud Architecture Operating in the Cloud Governing the Cloud 62

63 Security, Business Continuity and Disaster Recovery
Conduct an onsite inspection whenever possible Inspect cloud providers disaster recovery and business continuity plans Ask for documentation of external and internal security controls – adherence to industry standards? Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Cloud Architecture Operating in the Cloud Governing the Cloud 63

64 Data Center Operations
Demonstration of Compartmentalization of systems, networks, management, provisioning and personnel Understanding of providers patch management policies and procedures – should be reflected in the contract! Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Cloud Architecture Operating in the Cloud Governing the Cloud 64

65 Incident Response, Notification and Remediation
May have limited involvement in Incident Response, understand prearranged communicated path to providers incident response team What incident detection and analysis tools used? Will proprietary tools make joint investigations difficult? Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Cloud Architecture Operating in the Cloud Governing the Cloud 65

66 Application Security S-P-I creates different trust boundaries in SDLC – account for in dev, test and production Obtain contractual permission before performing remote vulnerability and application assessments provider inability to distinguish testing from an actual attack Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Cloud Architecture Operating in the Cloud Governing the Cloud 66

67 Encryption and Key Management
Separate key management from provider hosting the data creating a chain of separation Understand provider’s key management lifecycle: how keys are generated, used, stored, backed up, rotated and deleted Ensure encryption adheres to industry and government standards when stipulated in the contract Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Cloud Architecture Operating in the Cloud Governing the Cloud 67

68 Identity and Access Management
IAM is a big challenge today in secure cloud computing Identity – avoid providers proprietary solutions unique to cloud provider Local authentication service offered by provider should be OATH compliant Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Cloud Architecture Operating in the Cloud Governing the Cloud 68

69 Virtualization Understand internal security controls to VM other than built in Hypervisor isolation – IDS, AV, vulnerability scanning etc. Understand external security controls to protect administrative interfaces exposed (Web-based, API’s) Reporting mechanisms that provides evidence of isolation and raises alerts if a breach of isolation occurs. Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Bus. Cont,, and Disaster Recovery Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization Cloud Architecture Operating in the Cloud Governing the Cloud 69

70 Additional Cloud Security Alliance Resources

71 Cloud Security Alliance Initiatives
GRC Stack Security Guidance for Critical Areas of Focus in Cloud Computing Cloud Controls Matrix (CCM) Consensus Assessments Initiative Cloud Metrics Trusted Cloud Initiative Top Threats to Cloud Computing CloudAudit Common Assurance Maturity Model CloudSIRT Security as a Service

72 Cloud Controls Matrix Tool
Controls derived from guidance Rated as applicable to S-P-I Customer vs Provider role Mapped to COBIT, HIPAA, ISO/IEC , NIST SP and PCI DSS Help bridge the gap for IT & IT auditors

73 Help us secure cloud computing www.cloudsecurityalliance.org
Contact Help us secure cloud computing Cloud Security Alliance, Chicago Chapter LinkedIn: Do visit the website Do join the LinkedIn Groups – you will receive regular updates 73

74 Questions?

Download ppt "WHAT IS CLOUD COMPUTING REALLY?"

Similar presentations

Symantec 2010 Windows 7 Migration EMEA Results. Methodology Applied Research performed survey 1,360 enterprises worldwide SMBs and enterprises Cross-industry.

Symantec 2010 Windows 7 Migration EMEA Results. Methodology Applied Research performed survey 1,360 enterprises worldwide SMBs and enterprises Cross-industry.
Symantec 2010 Windows 7 Migration Global Results.

Symantec 2010 Windows 7 Migration Global Results.
Mitesh Soni. Not an Expert Session… Only an Overview Please Ask Questions Stop me if I am throwing Bouncers Language Preference?

Mitesh Soni. Not an Expert Session… Only an Overview Please Ask Questions Stop me if I am throwing Bouncers Language Preference?
1/17/20141 Leveraging Cloudbursting To Drive Down IT Costs Eric Burgener Senior Vice President, Product Marketing March 9, 2010.

1/17/20141 Leveraging Cloudbursting To Drive Down IT Costs Eric Burgener Senior Vice President, Product Marketing March 9, 2010.
1

1
Distributed Systems Architectures

Distributed Systems Architectures
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.
Processes and Operating Systems

Processes and Operating Systems
1 Mixing Public and private clouds a Practical Perspective Maarten Koopmans Nordunet Conference 2009 Maarten Koopmans Nordunet Conference 2009.

1 Mixing Public and private clouds a Practical Perspective Maarten Koopmans Nordunet Conference 2009 Maarten Koopmans Nordunet Conference 2009.
18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.

18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.
Public B2B Exchanges and Support Services

Public B2B Exchanges and Support Services
Cloud Resource Broker for Scientific Community By: Shahzad Nizamani Supervisor: Peter Dew Co Supervisor: Karim Djemame Mo Haji.

Cloud Resource Broker for Scientific Community By: Shahzad Nizamani Supervisor: Peter Dew Co Supervisor: Karim Djemame Mo Haji.
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.

1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
© SafeNet Confidential and Proprietary Administering SafeNet StorageSecure Smart Card Module 3: Lesson 5 SafeNet StorageSecure Storage Security Course.

© SafeNet Confidential and Proprietary Administering SafeNet StorageSecure Smart Card Module 3: Lesson 5 SafeNet StorageSecure Storage Security Course.
Grow your business with your head in the cloud. What is Cloud Computing ? Internet-based computing, whereby shared resources, software and information.

Grow your business with your head in the cloud. What is Cloud Computing ? Internet-based computing, whereby shared resources, software and information.
ACT User Meeting June 2011. Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.

ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
PP Test Review Sections 6-1 to 6-6

PP Test Review Sections 6-1 to 6-6
Hi – 5 Marcus Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi Security of Cloud Computing.

Hi – 5 Marcus Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi Security of Cloud Computing.

Similar presentations

Ads by Google