Cloud Security - GSFC Presentation, Sept 23 2009


Published on

Published in: Technology
1 Comment
No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Two kinds of hybrid, emphasize the right one
  • Is typically built using virtualization
  • Terramark does not meet all of the aspects of cloud computing
  • Much broader market (100s, not dozens) Currently more consumer focused, less mature on the enterprise side
  • Cloud Security - GSFC Presentation, Sept 23 2009

    1. 4. <ul><li>Google's CEO Eric Schmidt has called such computing &quot;transformative. It is the new model of computer architectures.” </li></ul><ul><li>IBM's Vayghan adds: &quot;This is not something coming 20 years from now. There already are many products.” </li></ul><ul><li>“ This is about the IT industry’s new model for the next 20 years.” - Vernon Turner, IDC </li></ul><ul><li>&quot;By 2011, early technology adopters will forgo capital expenditures and instead purchase 40 percent of their IT infrastructure as a service.” - Gartner </li></ul>
    2. 5. <ul><li>“ The Federal technology environment requires a fundamental re-examination of investments in technology infrastructure… Pilot projects will be implemented to offer an opportunity to utilize more fully and broadly departmental and Agency architectures to identify enterprise-wide common services and solutions, with a new emphasis on cloud-computing.” </li></ul>
    3. 7. <ul><li>“ Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” - NIST </li></ul>
    4. 10. <ul><li>“ The canonical cloud architecture that has evolved revolves around dynamically scalable CPUs consuming asynchronous, persistently queued events.” </li></ul><ul><li> </li></ul>
    5. 11. <ul><li>(Excerpts from Gartner’s “Five Attributes of Cloud Computing”) </li></ul>
    6. 12. <ul><li>Abstracted from the implementation </li></ul><ul><li>Completely automated </li></ul><ul><li>Near real-time delivery (seconds or minutes) </li></ul>
    7. 13. <ul><li>Resources are drawn from a common pool </li></ul><ul><li>Dynamically allocated to meet demand </li></ul><ul><li>Dynamically released when appropriate </li></ul><ul><li>Fully automated </li></ul>
    8. 14. <ul><li>Common resources build economies of scale </li></ul><ul><li>Common infrastructure runs at high efficiency </li></ul>
    9. 15. <ul><li>Consumers pay for services used </li></ul><ul><li>Underlying hardware costs are irrelevant </li></ul>
    10. 16. <ul><li>Open standards and APIs </li></ul><ul><ul><li>Almost always IP, HTTP, and REST </li></ul></ul>
    11. 18. <ul><li>Where is it? </li></ul><ul><li>Who runs it? </li></ul><ul><li>Who are the customers? </li></ul>
    12. 21. <ul><li>Similar to: </li></ul><ul><ul><li>Utility Computing or Grid Computing </li></ul></ul><ul><ul><li>Old-school “Time-sharing” on Mainframes </li></ul></ul><ul><li>Often uses: </li></ul><ul><ul><li>Virtualization </li></ul></ul><ul><ul><li>Shared storage (SAN or Cluster) </li></ul></ul><ul><li>Target User: System Administrator </li></ul>
    13. 22. <ul><li>Doesn’t matter what it uses </li></ul><ul><li>Clouds are service-based, e.g. abstracted </li></ul><ul><li>Implementation is hidden, changeable </li></ul>
    14. 23. <ul><li>Amazon EC2, S3 and EBS </li></ul><ul><li>Linode </li></ul><ul><li>Rackspace Cloud </li></ul><ul><li>Terramark Enterprise Cloud* </li></ul><ul><li>IBM CloudBurst </li></ul>
    15. 24. <ul><li>Hardware Consolidation </li></ul><ul><li>Short-term IT needs </li></ul><ul><li>Development infrastructure </li></ul><ul><li>Network storage </li></ul><ul><li>Supplemental peak capacity </li></ul>
    16. 25. <ul><li>Interacts at the Source Code level </li></ul><ul><li>Total abstraction from infrastructure </li></ul><ul><li>“ Infinitely” scalable </li></ul><ul><li>Target User: Software Developer </li></ul>
    17. 26. <ul><li>Google AppEngine </li></ul><ul><li> </li></ul><ul><li>Microsoft Azure </li></ul>
    18. 27. <ul><li>Advantages: </li></ul><ul><ul><li>Much easier to use than IaaS </li></ul></ul><ul><ul><li>Applications can be more secure </li></ul></ul><ul><ul><li>Achieves higher efficiencies than IaaS alone </li></ul></ul><ul><li>Disadvantages: </li></ul><ul><ul><li>Usually a language-specific platform </li></ul></ul><ul><ul><li>Limited set of services (DB type, Queue, etc) </li></ul></ul>
    19. 28. <ul><li>Can include almost any IT service: </li></ul><ul><ul><li>Email </li></ul></ul><ul><ul><li>Web Hosting (Google Sites) </li></ul></ul><ul><ul><li>Blogs, Wikis, Forums, etc. </li></ul></ul><ul><ul><li>Source code control </li></ul></ul><ul><ul><li>Telephony </li></ul></ul><ul><ul><li>Office and Productivity Software </li></ul></ul><ul><li>Target User: End-User </li></ul>
    20. 31. <ul><li>Availability </li></ul><ul><li>Integrity </li></ul><ul><li>Security </li></ul>
    21. 32. <ul><li>Generic IT Risks </li></ul><ul><li>Outsourced Infrastructure Risks </li></ul><ul><li>Cloud-specific Risks </li></ul>
    22. 33. <ul><li>Centralized IT Mgmt = Lower Risk </li></ul><ul><ul><li>Software and OS are more up-to-date </li></ul></ul><ul><ul><li>Smaller attack surface </li></ul></ul><ul><ul><li>Centralized monitoring = faster response </li></ul></ul><ul><li>The Hard Part: </li></ul><ul><ul><li>Managing shared responsibilities </li></ul></ul><ul><ul><li>Things we do poorly have to be fixed (Auth) </li></ul></ul>
    23. 34. <ul><li>Already well understood </li></ul><ul><ul><li>NSPIRES,,, etc. </li></ul></ul><ul><li>(Most) Public Cloud is not ready yet </li></ul><ul><ul><li>FISMA compliant public clouds = Q1 2010 </li></ul></ul><ul><li>The Hard Part(s): </li></ul><ul><ul><li>Coordinating C&A (GSA is working on this) </li></ul></ul><ul><ul><li>Avoiding Lock-In </li></ul></ul>
    24. 35. <ul><li>IaaS: Hypervisor Attacks </li></ul><ul><ul><li>Blue Pill, SubVirt </li></ul></ul><ul><li>SaaS: Shared Execution Environment </li></ul><ul><li>Data Locality, Data Multitenancy </li></ul><ul><li>Eventual Consistency </li></ul>
    25. 37. <ul><li>Trust no one </li></ul><ul><li>Encrypt data, not just delivery </li></ul><ul><li>Store everything in 3 places </li></ul><ul><li>Separate Public and Private concerns </li></ul><ul><li>…Everything we should be doing anyway. </li></ul>
    26. 38. <ul><li>Engage in standards </li></ul><ul><li>Start with a private cloud </li></ul>