1 / 45

Cloud Computing

Cloud Computing. Steven C. Markey , MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK Principal , nControl, LLC Adjunct Professor, Philadelphia University. Cloud Computing. Why should you care?. Cloud Computing Trends. Source: Open Group. Cloud Computing. Presentation Overview

Télécharger la présentation

Cloud Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. Cloud Computing Steven C. Markey, MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK Principal, nControl, LLC Adjunct Professor, Philadelphia University

  2. Cloud Computing Why should you care?

  3. Cloud Computing Trends Source: Open Group

  4. Cloud Computing • Presentation Overview • What is it? • Business Case • Cost Benefit Analysis (CBA) • Cloud Strategy/Roadmap • Risk & Cloud

  5. Cloud Computing • What is it? • Re-Branded IT Business Model • Application Service Provider (ASP) • IT Outsourcing (ITO) • Formal Characteristics • Resource Pooling • Rapid Elasticity • Confusion • Hosting • Virtualization • Service Provider

  6. Service Delivery Models Source: Swain Techs

  7. Responsibility Source: Matthew Gardiner, Computer Associates

  8. SaaS Providers

  9. PaaS Providers

  10. IaaS Providers

  11. Private Cloud • Dedicated Clouds • Usually Hosted Internally • Use Chargeback/Shared Services Model • External Private Clouds Exist • Technology is Discussed Later

  12. Private Cloud

  13. Hosting Providers

  14. Technical Feasibility • How is this possible? • Moore’s Law • Ubiquity of Bandwidth & Internet Connectivity • Commoditization of Computing • Virtualization

  15. Type I Hypervisor Source: Virtuatopia

  16. Type II Hypervisor Source: Virtuatopia

  17. Amazon Web Services (AWS) Hypervisor Build Source: Amazon

  18. Citrix Xen Source: VMware

  19. VMware ESX/i Source: VMware

  20. Microsoft Hyper-V Source: Microsoft

  21. IaaS/Private Cloud Outside World Compute Controller Storage/ Volume Controller Management Network (Using APIs) Management and Orchestration VM VM VM VM VM VM VM VM Management and Orchestration Hypervisor Hypervisor Hypervisor Hypervisor Compute Pool Storage Pool Source: Securosis

  22. Cloud Computing • Business Case • Time-to-Market • Operating Expense vs. Capital Expense • Allows for Focus on Core Competency • Elasticity

  23. Cloud Computing • Business Case • Time-to-Market • Global Presence • Focus on Core Competency • Elasticity

  24. Cloud Computing • Business Case • Time-to-Market • You can have brilliant ideas, but if you can not get them across, your ideas will not get you anywhere - Lee Iacocca • Enhanced Responsiveness to Market/Customers

  25. Cloud Computing • Business Case • Global Presence • Barriers to Entry - No More • Multiple Provider Data Centers – Appease Jurisdictions

  26. Cloud Computing • Business Case • Focus on Core Competency • Business Can Focus • Providers Can Focus

  27. Cloud Computing • Business Case • Elasticity

  28. Cloud Computing • CBA • Total Cost of Ownership (TCO) • Return on Investment (ROI) • Controlling Costs • Operating Expense vs. Capital Expense

  29. Cloud Computing • CBA • TCO • Traded for Control/Customization • SaaS Has Lowest TCO • IaaS Has Highest TCO

  30. Cloud Computing • CBA • ROI • Varies, Difficult to Quantify • Whatever the Board/CxO Wants

  31. Cloud Computing • CBA • Controlling Costs • Costs Become Variable versus Fixed • Usually Lower than Fixed • Difficult to Gauge at First

  32. Cloud Computing • CBA • Operating Expense versus Capital Expense • Reduced Up-Front Expenses • Computing Costs are Spread-Out

  33. Cloud Computing Cloud Strategy/Roadmap

  34. Risk & Cloud • The Cloud is Perceived as Risky Business • Lack of Control • Regulatory Compliance • Hacks, Outages, Disasters….Oh My! Source: Youtube

  35. Cloud Governance • The Cloud is Maturing • Security Guidance • CSA Guide v2.1 • ENISA Cloud Computing Risk Assessment • NIST SP 800-144 Guidelines Security/Privacy for a Public Cloud

  36. Cloud Security Alliance (CSA) Guide • CSA Guide v2.1 Domains • Governance & Enterprise Risk • Legal and Electronic Discovery • Information Lifecycle Management • Portability & Interoperability • Traditional Security, BCM/DR • Data Center Operations • Incident Response • Application Security • Encryption & Key Management • Identity and Access Management • Virtualization

  37. ENISA Risk Assessment • ENISA Information Assurance Requirements • Personnel Security • Supply-Chain Assurance • Operational Security • Identity and Access Management • Asset Management • Data and Service Portability • Business Continuity Management • Physical Security • Environmental Controls • Legal Requirements

  38. NIST SP 800-144 • NIST SP 800-144 Domains • Governance • Compliance • Trust • Architecture • Identity and Access Management • Software Isolation • Data Protection • Availability • Incident Response

  39. Vendors Are Getting It (Cont) • They Are Drinking the GRC/InfoSec • Security Practices • http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf • http://static.googleusercontent.com/external_content/untrusted_dlcp/www.google.com/en/us/a/help/intl/en/admins/pdf/ds_gsa_apps_whitepaper_0207.pdf • http://www.microsoft.com/windowsazure/whitepapers/

  40. Vendors Are Getting It (Cont) • They Are Drinking the GRC/InfoSec • Virtual Private Cloud (VPC) Source: Amazon

  41. AWS Firewall Source: Amazon

  42. Mapping Traditional Defenses to the Cloud No change Input Validation, Sanitization, Fuzzing Scoping Issues, Application-level DoS protection Subdomain scope, Application request throttling Authentication, Authorization, Audit ADFSv2, WLID, ACS, MDS Storage ACLs Shared-Access Signatures Certificate Services WACS via Azure Development Portal IPC Internal Endpoints Source: Microsoft

  43. Defenses Inherited by Azure Tenants Spoofing Tampering & Disclosure Denial of Service Elevation of Privilege VLANs Top of Rack Switches Custom packet filtering VM switch hardening Certificate Services Shared-Access Signatures HTTPS Sidechannel protections Load-balanced Infrastructure Network bandwidth throttling DDoS protection on Storage nodes Configurable scale-out Partial Trust Runtime Hypervisor custom sandboxing Virtual Service Accounts Repudiation Monitoring / Diagnostics Service Source: Microsoft

  44. Questions? • Contact • Email: markeys@philau.edu, steve@ncontrol-llc.com • Twitter: markes1

More Related