10/21/2013

The Future Paradigm Shifts of the Cloud and
Big Data: Security Impacts & New Strategies
We Must Consider
We ar...
10/21/2013

 Cyberspace will become orders of

magnitude more complex and confused very
quickly
 Overall this is a very ...
10/21/2013

Industry Trends Leading to Cloud
Computing
A “cloud” is an IT service delivered to users that has:
• A user in...
10/21/2013

Cloud Computing
'Platform as a service' (PaaS) Infrastructure as a Service (IaaS)
Software as a service (SaaS)...
10/21/2013

Users Wait Too Long For New
Servers
Requester

Submit
Request

Requester

Acquire
HW &
SW

Install &
Config.
H...
10/21/2013

Cloud Computing Delivery Models
Flexible Delivery Models

Public …

Private …

•Access by Service provider 
ow...
10/21/2013

Virtualization for Client Computing
Hosted Virtual Desktops
Architectural equivalent of
the blade PC
Full "thi...
10/21/2013

Big Data Numbers
How many data in the world?
– 800 Terabytes, 2000
– 160 Exabytes, 2006
– 500 Exabytes(Interne...
10/21/2013

Business, Knowledge, and Innovation
Landscape
• Typically 80% of the key knowledge (and value) is held
by 20% ...
10/21/2013

“Big Data” and it’s close
relatives “Cloud Computing”,
“Social Media” and "Mobile"
are the new frontier of
inn...
10/21/2013

Volume
Volume is increasing at incredible
rates. With more people using
high speed internet connections
than e...
10/21/2013

Velocity
The speed at which data enters organizations these
days is absolutely amazing. With mega internet
ban...
10/21/2013

But I Believe there are Four V4

Clouds and Crowds
Interactive Cloud

Analytic Cloud

People Cloud

Transactio...
10/21/2013

As the world gets smarter,
infrastructure demands will grow

Smart
traffic
systems

Smart
Smart oil
food
field...
10/21/2013

The Threat Landscape Has
Evolved…
CYBERCRIMINALS
FINANCIALLY
MOTIVATED
Ransom
& fraud

DDOS

Defacement

ATA/A...
10/21/2013

Why is Security Hard?
No system can be 100% secure
– Reality is risk mitigation, not risk avoidance

Difficult...
10/21/2013

Mobile Devices
Mobile computers:

– Mainly smartphones,
tablets
– Sensors: GPS, camera,
accelerometer, etc.
– ...
10/21/2013

Challenges in the 21st century
Safety &
Security

Information
Explosion

Knowledge
Economy
Globalization

Acce...
10/21/2013

Growth at the Edge of the Network
4,000

Petabytes/Day Global

3,500

• Mobile
• Device to Device
• Sensors
• ...
10/21/2013

Internet of Things
• a system . . . that would be able to
instantaneously identify any kind of object.
• netwo...
10/21/2013

Tomorrow’s ubiquitous world of
tags, sensors and smart systems

21
10/21/2013

Sensor Data Volume

How do we handle all this data?
“Rebalancing Collection & PED may be Necessary”

The “Fat ...
10/21/2013

Data

Desktop

AMP: Algorithms, Machines, People

Adaptive/Active
Machine Learning
and Analytics

Massive
and
...
10/21/2013

Characteristics of Agents
Agents dynamically adapt
to and learn about
their environment

Intelligent
Agents

A...
10/21/2013

Embeddedness

The Invisible Computer
EmbeddednessDigital convergence
technologies will “form the invisible te...
10/21/2013

Emerging Technology Sequence
Emerging
Technology
Vectors
Cellular
Array

Defect
Tolerant

Biologically
Inspire...
10/21/2013

Cyber Security is all about tradeoffs

Productivity

Security

Let’s build it
Cash out the benefits
Next gener...
10/21/2013

Top 5 Most Appreciated Technologies
Microwave Oven
Universal Remote Control
Garage Door Opener
Telephone Answe...
10/21/2013

Big Data
“85% of eBay’s analytic workload is new and
unknown. We are architected for the
unknown.”
Oliver Ratz...
10/21/2013

 Cyberspace will become orders of

magnitude more complex and confused very
quickly
 Overall this is a very ...
Upcoming SlideShare
Loading in...5
×

The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New Strategies We Must Consider

2,422

Published on

Presented at InnoTech Austin 2013. All rights reserved.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,422
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
17
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New Strategies We Must Consider

  1. 1. 10/21/2013 The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New Strategies We Must Consider We are living in an age where the velocity of information growth has reached new speeds, the volume of information that we keep and use is exploding, and the increasing variety of information sources is creating a new demand to expand our definition of security. No longer is it just security in our enterprise, but across an expanded infrastructure and an ever-expanding collection of devices. This talk will explore this changing universe, the emerging paradigms, the impacts on security and suggestions on how to manage the risk. Key Takeaways •A future view of where Cloud Computing and Bid Data are headed •How these futures and new paradigm will impact security •What we need to do to meet the new needs The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New Strategies We Must Consider David Smith President dsmith@socialcare.com linkedin.com/in/davidsmithaustin 1
  2. 2. 10/21/2013  Cyberspace will become orders of magnitude more complex and confused very quickly  Overall this is a very positive development and will enrich human society  It will be messy but need not be chaotic!  Cyber security research and practice are loosing ground  VOLUME / VELOCITY / VARIETY Change everything  The Internet of Things will Change it all 3 Origin of the term “Cloud Computing” • “Comes from the early days of the Internet where we drew the network as a cloud… we didn’t care where the messages went… the cloud hid it from us” – Kevin Marks, Google • First cloud around networking (TCP/IP abstraction) • Second cloud around documents (WWW data abstraction) • The emerging cloud abstracts infrastructure complexities of servers, applications, data, and heterogeneous platforms – (“muck” as Amazon’s CEO Jeff Bezos calls it) 2
  3. 3. 10/21/2013 Industry Trends Leading to Cloud Computing A “cloud” is an IT service delivered to users that has: • A user interface that makes the infrastructure underlying the service transparent to the user • Near-zero incremental management costs when additional IT resources are added • A service management platform 2010 2000 Cloud Computing 1998 Software as a Service 1990 • Next-Generation Utility Computing Internet computing • Network-based Grid Computing subscriptions to • Offering computing • Next-Generation applications • Solving large resources as a Data Centers problems with metered service • Gained momentum parallel computing in 2001 • Introduced in late • Made mainstream by 1990s Globus Alliance Even as clouds take hold, the IT landscape is changing rapidly… Technology is rapidly being commoditized Businesses are more willing and able to shop for IT services In-house IT infrastructure is increasingly seen as complex and rigid Unstructured data is the new gold © Harvard Business Review 3
  4. 4. 10/21/2013 Cloud Computing 'Platform as a service' (PaaS) Infrastructure as a Service (IaaS) Software as a service (SaaS)  Public Clouds  Application-centric cloud platforms  Public clouds reduce corporate IT jobs and spend. CIOs lead the charge. Private clouds become THE strategic decision for enterprise IT  Private Clouds  enterprise owned or leased  Hybrid cloud  composition of two or more clouds  Community cloud  shared infrastructure for specific community Copyright, 2010 © HBMG, Inc A Crisis of Complexity. The Need for Progress is Clear. 1.5x Explosion of information driving 54% growth in storage shipments every year. 70¢ per $1 70% on average is spent on maintaining current IT infrastructures versus adding new capabilities. 85% idle In distributed computing environments, up to 85% of computing capacity sits idle. 70%+ Never recover Howard Levenson, IBM Of business never recover from a major data disaster. 4
  5. 5. 10/21/2013 Users Wait Too Long For New Servers Requester Submit Request Requester Acquire HW & SW Install & Config. HW Install & Config SW Deploy Server Three to six months to provision a new server! Howard Levenson, IBM From http://geekandpoke.typepad.com 5
  6. 6. 10/21/2013 Cloud Computing Delivery Models Flexible Delivery Models Public … Private … •Access by Service provider  owned and managed. •subscription. •Delivers select set of  standardized business process,  application and/or  infrastructure services on a  flexible price per use basis. .…Standardization, capital  preservation, flexibility and  time to  deploy   ORGANIZATION •Privately owned and  managed. •Access limited to client  and its partner network. •Drives efficiency,  standardization and best  practices while retaining  greater customization and  control Cloud Services  Cloud Computing  Model Hybrid … •Access to client, partner  network, and third party  resources CULTURE .… Customization, efficiency,  availability, resiliency, security  and privacy  GOVERNANCE ...service sourcing and service value Growth of Data 6
  7. 7. 10/21/2013 Virtualization for Client Computing Hosted Virtual Desktops Architectural equivalent of the blade PC Full "thick-client" image, thin-client delivery model Application Application Application PC OS PC OS PC OS VMM Server Hardware Portable Personalities • Carry the bubble, not the hardware • Portable media, stored on the network • Bubbles of various sizes: some with OS, some without . Source: Matthew Gardiner, Computer Associates 7
  8. 8. 10/21/2013 Big Data Numbers How many data in the world? – 800 Terabytes, 2000 – 160 Exabytes, 2006 – 500 Exabytes(Internet), 2009 – 2.7 Zettabytes, 2012 – 35 Zettabytes by 2020 How many data generated ONE day? – 7 TB, Twitter Big data: The next frontier for innovation, competition, and productivity McKinsey Global Institute 2011 – 10 TB, Facebook Tapping into the Data • • • • Data Storage Reporting Analytics Advanced Analytics – Computing with big datasets is a fundamentally different challenge than doing “big compute” over a small dataset Utilized data Unutilized data that can be available to business 8
  9. 9. 10/21/2013 Business, Knowledge, and Innovation Landscape • Typically 80% of the key knowledge (and value) is held by 20% of the people – we need to get it to the right people • Only 20% of the knowledge in an organization is typically used (the rest being undiscovered or underutilized) • 80-90% of the products and services today will be obsolete in 10 years – companies need to innovate & invent faster Copyright 2012@ HBMG Inc. Computer generated data  Application server logs (web sites, games)  Sensor data (weather, water, smart grids)  Images/videos (traffic, security cameras) Human generated data  Twitter “Firehose” (50 mil tweets/day 1,400% growth per year)  Blogs/Reviews/Emails/Pictures Social graphs  Facebook, linked-in, contacts Device generated data – ………….. 9
  10. 10. 10/21/2013 “Big Data” and it’s close relatives “Cloud Computing”, “Social Media” and "Mobile" are the new frontier of innovation. Driven by Advance Analytics Big Data and It’s Brothers Volume Variety Velocity ……….. 10
  11. 11. 10/21/2013 Volume Volume is increasing at incredible rates. With more people using high speed internet connections than ever, plus these people becoming more proficient at creating content and just more people in general contributing information are combined forces that are causing this tremendous increase in Volume. Variety Next in breaking down Big Data into easily digestible bite-size chunks is the concept of Variety. Take your personal experience and think about how much information you create and contribute in your daily routine. Your voicemails, your e-mails, your file shares, your TV viewing habits, your Facebook updates, your LinkedIn activity, your credit card transactions, etc. Whether you consciously think about it or not the Variety of information you personally create on a daily basis which is being collected and analyzed is simply overwhelming. 11
  12. 12. 10/21/2013 Velocity The speed at which data enters organizations these days is absolutely amazing. With mega internet bandwidth nearly being common place anymore in conjunction with the proliferation of mobile devices, this simply gives people more opportunity than ever to contribute content to storage systems. VELOCITY Worldwide digital content will double in 18 months, and every 18 months thereafter. IDC Mobile Inventory Emails Planning GPS CRM Data Demand The Economist Speed Opportunities Things Service Calls In 2005, humankind created 150 exabytes of information. In 2011, over 1,200 exabytes was created. Velocity Customer Transactions Sales Orders Instant Messages Tweets VOLUME VARIETY 80% of enterprise data will be unstructured, spanning traditional and non traditional sources. Gartner 12
  13. 13. 10/21/2013 But I Believe there are Four V4 Clouds and Crowds Interactive Cloud Analytic Cloud People Cloud Transactional systems Data entry … + Sensors (physical & software) … + Web 2.0 Get and Put Map Reduce Parallel DBMS Stream Processing … + Collaborative Structures (e.g., Mechanical Turk, Intelligence Markets) Data Model Records Numbers, Media … + Text, Media, Natural Language Response Time Seconds Hours/Days … +Continuous Data Acquisition Computation The Future Cloud will be a Hybrid of These. . 13
  14. 14. 10/21/2013 As the world gets smarter, infrastructure demands will grow Smart traffic systems Smart Smart oil food field technologies systems Smart water management Smart supply chains Smart healthcare Smart retail Smart weather Smart countries Smart energy grids Smart regions Smart cities . 14
  15. 15. 10/21/2013 The Threat Landscape Has Evolved… CYBERCRIMINALS FINANCIALLY MOTIVATED Ransom & fraud DDOS Defacement ATA/APT GRADE BAD DATA STUFF IN THEFT GOOD STUFF MALWARE OUT HACKTIVISTS POLITICALLY MOTIVATED NATIONALISTICALLY MOTIVATED Public data leakage STATESPONSORED ATTACKERS Gov’t, enterprise & infrastructure targets 29 The Malware Problem – Overwhelming Odds 1/3 85% of malware is customized (no signature available at time of exploit) of breaches took weeks or more to discover (+6%) of organizations believe exploits bypassing their IDS and AV systems (VzB, 2012) (VzB, 2012) (Ponemon) 91% 30 15
  16. 16. 10/21/2013 Why is Security Hard? No system can be 100% secure – Reality is risk mitigation, not risk avoidance Difficult to prove good security – Bad security gets proven for us! Good security and no security can look the same – How does one know how secure they are? Many things to secure – People, equipment, OS, network, Application Servers, applications, phones, and databases Balancing the Business Usability Add Devices and Thing to Things and it gets very BAD x Security Performance 16
  17. 17. 10/21/2013 Mobile Devices Mobile computers: – Mainly smartphones, tablets – Sensors: GPS, camera, accelerometer, etc. – Computation: powerful CPUs (≥ 1 GHz, multicore) – Communication: cellular/4G, Wi-Fi, near field communication (NFC), etc. Many connect to cellular networks: billing system Cisco: 7 billion mobile devices will have been sold by 2012 Organization Data Mining as a Threat to Security Data mining gives us “facts” that are not obvious to human analysts of the data Enables inspection and analysis of huge amounts of data Possible threats: – Predict information about classified work from correlation with unclassified work (e.g. budgets, staffing) – Detect “hidden” information based on “conspicuous” lack of information – Mining “Open Source” data to determine predictive events (e.g., Pizza deliveries to the Pentagon) It isn’t the data we want to protect, but correlations among data items Published in Chris Clifton and Don Marks, “Security and Privacy Implications of Data Mining”, Proceedings of the ACM SIGMOD Workshop on Research Issues in Data Mining and Knowledge Discovery 17
  18. 18. 10/21/2013 Challenges in the 21st century Safety & Security Information Explosion Knowledge Economy Globalization Accelerating Change International Partnerships Complex Technologies Finite Resources Diverse Workforce Life-Long Learning Citizen Engagement Sustainable Development Mega Trends to Consider… • Digitization of all content (listening = getting!) • Distribution is the default (just having a network won’t be enough) • Virtualization (location matters less and less) • Niche-ization of content & lifestyles • Mass-Personalization of media will become standard • Democratization of creation, & peer production • Amateurization of the entire value chain (but NOT to the detriment of experts) • “Godzilla-zation” of users/consumers 18
  19. 19. 10/21/2013 Growth at the Edge of the Network 4,000 Petabytes/Day Global 3,500 • Mobile • Device to Device • Sensors • Entertainment • Smart Home • Distributed Industrial • Autos/Trucks • Smart Toys 3,000 2,500 2,000 1,500 Converged Content 1,000 500 Traditional Computation 0 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 Year 19
  20. 20. 10/21/2013 Internet of Things • a system . . . that would be able to instantaneously identify any kind of object. • network of objects . . • one major next step in this development of the Internet, which is is to progressively evolve from a network of interconnected computers to a network of interconnected objects … • from communicating people (Internet) ... to communicating items … • from human triggered communication … • ... to event triggered communication 20
  21. 21. 10/21/2013 Tomorrow’s ubiquitous world of tags, sensors and smart systems 21
  22. 22. 10/21/2013 Sensor Data Volume How do we handle all this data? “Rebalancing Collection & PED may be Necessary” The “Fat Pipe” 22
  23. 23. 10/21/2013 Data Desktop AMP: Algorithms, Machines, People Adaptive/Active Machine Learning and Analytics Massive and Diverse Data CrowdSourcing Cloud Computing 23
  24. 24. 10/21/2013 Characteristics of Agents Agents dynamically adapt to and learn about their environment Intelligent Agents Adaptive Autonomous Agents are goal directed and act on their own performing tasks on your behalf Agents coordinate and negotiate to achieve common goals Cooperative Mobile Agents move to where they are needed Social Personality Information Agents Interoperate Agents interoperate with humans, other, legacy systems, and information sources . 24
  25. 25. 10/21/2013 Embeddedness The Invisible Computer EmbeddednessDigital convergence technologies will “form the invisible technical infrastructure for human actionanalogous to the visible infrastructure provided by buildings and cities.” Embeddedness is driven by cost-effective computing, Moore’s Law, miniaturization, ubiquitous communication, and advanced materials and sensing devices. In 2000, 98% of computing devices sold are embedded in products and are not apparent to the product’s user. SOA Reference Architecture Channel Web Applications Portals / Websites ASP JSP HTML CSS Voice/XML User Interface User Interactions Business Process Messaging Service Mediation, Routing, Logging, Auditing Management Identity Policy Enforcement “Service Registry” Network Voice IVR IPhone Service Transformations “Enterprise Service Bus” Platform Browsers Cell Phone Orchestrated Web Services Service Discovery Service Management Web Services PDA Authentication Single Sign-On Atomic Composite Data Access Federated Mainframe UNIX Windows .NET Java J2EE COBOL CICS Firewalls Routers XML Accelerators Proxy Servers TCP/IP Business Logic/Rules System Administration Network Administration Security, Operations, & Governance Access Points PC Policy, Process, Monitoring, Reporting, Usage Tracking Users 50 25
  26. 26. 10/21/2013 Emerging Technology Sequence Emerging Technology Vectors Cellular Array Defect Tolerant Biologically Inspired 1-D Structures Resonant Tunneling Floating Body DRAM Nano FG UTB Single Gate FET Source/Drain Engineered FET SET Quantum Computing Molecular Insulator SET Resistance Change QCA Molecular UTB Multiple Gate FET Biological Based Architecture Spin Transistor Logic Quantum Quasi Ballistic FET DNA Memory Hybrid Non-Classical CMOS Risk Source: Technology Futures, Inc. Risk Management And Needed Security Unacceptable Risk Impact to business Business defines impact High Low Risk management drives risk to an acceptable level Acceptable Risk Probability of exploit High Security engineering defines probability 26
  27. 27. 10/21/2013 Cyber Security is all about tradeoffs Productivity Security Let’s build it Cash out the benefits Next generation can secure it Let’s not build it Let’s bake in super-security to make it unusable/unaffordable Let’s sell unproven solutions There is a middle ground We don’t know how to predictably find it 53 Exposures 1. Increased Dependency on Complex Technologies and Business Processes 2. Steep Decline of Barriers to Trade 3. Speed of Transactions 4. The Death of Distance 5. The Adoption of Advanced Communications 6. Consolidation/Transformation of Traditional Industries 7. The Internet and the Abundance of Information 8. Infrastructure 9. Overcommitted Agencies 10. Changing Social Constructs 11. The Device to Device Computing Growth 27
  28. 28. 10/21/2013 Top 5 Most Appreciated Technologies Microwave Oven Universal Remote Control Garage Door Opener Telephone Answering Machine (For Home) Ear Thermometer 77.3% 66.6% 64.6% 61.7% 59.5% 28
  29. 29. 10/21/2013 Big Data “85% of eBay’s analytic workload is new and unknown. We are architected for the unknown.” Oliver Ratzesberger, eBay Data exploration – data as the new oil     The exploration for data, rather than the exploration of data Uncovering pockets of untapped data Processing the whole data set, without sampling eBay’s Singularity platform combines transactional data with behavioral data, enabled identification of top sellers, driving increased revenue from those sellers 57 29
  30. 30. 10/21/2013  Cyberspace will become orders of magnitude more complex and confused very quickly  Overall this is a very positive development and will enrich human society  It will be messy but need not be chaotic!  Cyber security research and practice are loosing ground  VOLUME / VELOCITY / VARIETY Change everything  The Internet of Things will Change it all 59 In Parting: Be Paranoid “Sooner or later, something fundamental in your business world will change.”  Andrew S. Grove, Founder, Intel “Only the Paranoid Survive” 30

×