IT services – on demand, pay per service, internet delivery, etc
For IaaS model. Consumer must be in complete control of the geographic location of infrastructure and what runs on the server
From “ Characterizing Intrusion Detection Sensors” by Shaikh, A. S., Chivers, H., Nobles. P., & Clark. A.J. 2008, Network Security p.10 Copyright 2008
Customer have higher degree of control and transparency, comply with security standards, regulatory compliance Customer of public cloud has a low degree of degree, since security management are done by vendors Hybrid cloud combination of two or more type of clouds
-Scalability, as in flexible business model according to the size of the organization -Pay for use model. -less maintenance as in patches and updates, in this virtualized environment. Increased automation also saves cost. Flexibility and the ownership /operation of hardware all getting outsourced. . If you’ve ever used MySpace, Facebook, LinkedIn, Picasa, Flickr, Hotmail, or Gmail, then you’ve used cloud computing
concern is to trust that a company's or an individual's information is both secure and private Unplanned outages - Understanding the cloud provider’s disaster recovery and business continuity measures, negotiating strong service level agreements and disaster recovery commitments, A major concern with cloud computing is the difficulty of determining where data will be stored, and, thus, what courts have jurisdiction and what law governs the use and treatment of such data (i.e., local, state, federal, foreign, etc.). For the location of data you wouldn’t know where it is located too
Jericho Forum and CSA joined forces to push for technology to allow business , to collaborate securely in the cloud.
- Categorize data for private and public cloud – basic usage of data and requirement.
Cloud Computing & Security Concerns
Cloud Computing Services & Security Concerns for Data Storage
AGENDA <ul><li>What is Cloud Computing? </li></ul><ul><li>Cloud Services and Deployment Models </li></ul><ul><li>Why all the hype?? </li></ul><ul><li>Security risks </li></ul><ul><li>Future of the Cloud Computing </li></ul><ul><li>Summary </li></ul>
What is Cloud Computing <ul><li>According to NIST </li></ul><ul><li>‘ Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.’ </li></ul><ul><li>According to Gartner </li></ul><ul><li>‘ Gartner defines cloud computing as a style of computing in which massively scalable IT-related capabilities are provided "as a service" using Internet technologies to multiple external customers’ </li></ul>
Cloud Service Models <ul><li>The Cloud Service models are </li></ul><ul><ul><li>Cloud Software as a Service (SaaS) – no purchase of software, rent it and pay per use model </li></ul></ul><ul><ul><li>Cloud Platform as a Service (PaaS) – development platform is offered as service </li></ul></ul><ul><ul><li>Cloud Infrastructure as a Service (IaaS) – provides entire infrastructure, storage, networking, backup. </li></ul></ul><ul><li>Other type of models according to Juniper Networks </li></ul><ul><ul><li>Cloud Data as a Service (Daas) </li></ul></ul><ul><ul><li>Identity and Policy Management as a Service (IPMaas) </li></ul></ul><ul><ul><li>Cloud Network as a Service (Naas) </li></ul></ul>
Cloud Deployment Models <ul><li>Private Cloud </li></ul><ul><ul><li>Internal cloud solely dedicated to single Organization. Security management managed by internal IT </li></ul></ul><ul><li>Public Cloud </li></ul><ul><ul><li>Owned by vendor, available to the public. Offered to multiple customers from common infrastructure </li></ul></ul><ul><li>Hybrid Cloud </li></ul><ul><ul><li>Runs non-core application in public cloud and sensitive data in private cloud </li></ul></ul>
Why all the hype? <ul><li>Cloud Computing is internet based, real-time service and can access solution regardless of location </li></ul><ul><li>It is massively scalable with flexible business model </li></ul><ul><li>Provides a flexible pricing model, with a low upfront cost for both infrastructure and software </li></ul><ul><li>End up being less maintenance, promoting energy efficiency (Green IT) and cost benefits. </li></ul>A recent survey conducted by Pew Internet showed that 69% of all Americans use cloud-based software to store pictures, videos, emails, calendars and other various data online http://www.pewinternet.org
Security Risks <ul><li>Security, timely availability and reliability of the data on cloud computing is the main concern </li></ul><ul><li>Unplanned outages (Amazon S3 cloud service went down, 2008) </li></ul><ul><ul><li>Data recovery refer SLA’s / Cloud provider </li></ul></ul><ul><ul><li>Google’s Apps users faced slow service, April 2009 </li></ul></ul><ul><li>Data location and Storage, there are jurisdictions involved </li></ul><ul><ul><li>Is it secured properly all the private and confidential information. </li></ul></ul><ul><ul><li>Located in different geographic location, what are the ramification of laws for foreign entity. </li></ul></ul>
Security Risk Management <ul><li>According to Mather, Kumaraswamy & Latif, 2009, research some of the standards to be used for Security Management in Cloud Computing Services: </li></ul><ul><ul><li>ITIL </li></ul></ul><ul><ul><li>ISO/IEC 27001 and 27002. </li></ul></ul><ul><li>Cloud Services secure areas covered are: </li></ul><ul><ul><li>Availability management, Vulnerability Management, Access Control, Patch management, Configuration management, Incident response & System use and access monitoring </li></ul></ul>
<ul><li>According to Gartner 25 Percent of new business Software will be delivered as Software as a Service (Saas) by 2011. http://www.gartner.com/it/page.jsp?id=496886 </li></ul><ul><li>Cloud Security Alliance is a not-for-profit organization providing security assurance for Cloud Service. </li></ul><ul><li>Jericho Forum working on getting secure collaboration for cloud computing for individual business needs. </li></ul><ul><li>Federal CIO is a huge cloud Proponent. Many Cloud pilot programs with in the govt.Washington DC uses Google apps, twitter, you tube </li></ul>
Summary <ul><li>Cloud Computing is going to be around, accept it! </li></ul><ul><li>Always understand the Service level agreements (SLAs) of Cloud Service providers, to understand the uptime and downtime </li></ul><ul><li>Cloud Service is in IT security department and be due diligent. </li></ul><ul><li>Users should consider what type of data to be used for cloud storage </li></ul><ul><li>Cost savings can be huge, but be aware of security and governance issues </li></ul>
References <ul><li>Issues related to Cloud Computing arrangements http://www.seyfarth.com/index.cfm/fuseaction/publications.publications_detail/object_id/9275a22b-3998-494c-84d8-7d234e503d82/IssuesRelatedToCloudComputingArrangements.cfm </li></ul><ul><li>Proposed 2010 Budget, Section 9 http://www.whitehouse.gov/omb/budget/fy2010/assets/crosscutting.pdf </li></ul><ul><li>Security Guidance for Critical areas of focus in Cloud Computing, Cloud Security Alliance, April 2009 http://www.cloudsecurityalliance.org/guidance/csaguide.pdf </li></ul><ul><li>Gartner Newsroom, Stamford, Conn., September 29, 2008 http://www.gartner.com/it/page.jsp?id=766215 </li></ul><ul><li>Waxer, C. (2009). Can you trust the Cloud? Computer World. May 25/June1, 2009, 23-26 </li></ul><ul><li>Lamb, J. (2009). The Greening of IT: How Companies Can Make a Difference for the Environment, IBM Press, April 2009 </li></ul><ul><li>Mather, T., Kumaraswamy, S., and Latif, S. (2009) Cloud Security and Privacy, 1st Edition. 1005 Gravenstein Highway North, Sebastopol, CA 95472: O'Reilly Media, Inc., </li></ul>
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.