• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Cloud computing 101
 

Cloud computing 101

on

  • 486 views

TH

TH

Statistics

Views

Total Views
486
Views on SlideShare
484
Embed Views
2

Actions

Likes
1
Downloads
5
Comments
0

2 Embeds 2

http://www.linkedin.com 1
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Wow. That makes my head hurt. Let’s see if we can’t find a simpler metaphor.

Cloud computing 101 Cloud computing 101 Presentation Transcript

  • Welcome to secure360 2012 Did you remember to scan your badge for CPE Credits? Ask your Room Volunteer for assistance. Please complete the Session Survey front and back (this is Room 12), and leave on your seat.  Note: “Session” is Tuesday or Wednesday Are you tweeting? #Sec360
  • Cloud computing is a model for enablingubiquitous, convenient, on-demand networkaccess to a shared pool of configurablecomputing resources (e.g., networks, servers,storage, applications, and services) thatcan be rapidly provisioned and released withminimal management effort or serviceprovider interaction. This cloud model iscomposed of five essential characteristics,three service models, and four deploymentmodels.
  • Broad Rapid Measured On-DemandNetwork Access Elasticity Service Self-Service Resource Pooling Essential Characteristics Infrastructure asSoftware as a Platform as a aService (SaaS) Service (PaaS) Service (IaaS) Service Models Public Private Hybrid Community Deployment Models NIST Visual Model of Cloud Computing
  • Essential CharacteristicsFrom FromHere Here Cloud Yup, Wait! Over Here Too Here Too! Broad Network Access
  • Essential Characteristics Bigger CloudLittle LittleCloud Cloud Rapid Elasticity
  • Essential CharacteristicsA LotMiddlin’A Little Time Measured Service
  • Essential Characteristics I want to do it. NOW! On-Demand Self-Service
  • Essential Characteristics Everybody uses the same water. Resource Pooling
  • Service Models Presentation Presentation Modality Platform APIs Applications (Software as a Service)Data Metadata Content Integration and Middleware (Platform as a Service) SaaS APIs (Infrastructure as PaaS a Service) IaaS Abstraction Hardware Facilities
  • Service Models Here’s a bunch of logs, have at it. IaaS
  • Service ModelsHere’s afoundation, sometools, and morematerials. Knockyourself out. PaaS
  • Service Models It’s all in there. Just move in. SaaS
  • Who’s In Control? SaaS Less Control PaaS As We Go Up IaaS
  • Deployment Models Private Community Public Hybrid
  • Deployment Models PrivateSource: http://dogs.icanhascheezburger.com/2012/03/16/funny-dog-pictures-mine-all-mine-2/
  • Deployment Models PublicSource: http://popupcity.net/2009/11/on-moscows-public-toilets/
  • Deployment Models Community
  • Deployment Models Hybridhttp://www.coolfunnycomments.com/funnypictures/dogs_041.html
  • Actors Consume r Provider Broker Auditor Carrier
  • Things to Think About Visibility  Backups Compliance  Encryption Availability  Logging Audit  Authentication Disaster Rec.  Access control Monitoring  Monitoring
  • Questions to Ask Yourself How would we be harmed if the asset became widely public and widely distributed?
  • Questions to Ask Yourself How would we be harmed if an employee of our cloud provider accessed the asset?
  • Questions to Ask Yourself How would we be harmed if the process or function were manipulated by an outsider?
  • Questions to Ask Yourself How would we be harmed if the process or function failed to provide expected results?
  • Questions to Ask Yourself How would we be harmed if the information/data were unexpectedly changed?
  • Questions to Ask Yourself How would we be harmed if the asset were unavailable for a period of time?
  • ReferencesNIST SP800-145 Cloud Definitionhttp://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdfNIST SP800-146 Cloud Computing Synopsis andRecommendationshttp://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdfNIST SP500-292 Cloud Computing Reference Architecturehttp://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505Cloud Security Alliance Guidancehttps://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdfENISA Cloud Risk Assessmenthttp://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessmentAustralian DoD Cloud Security Considerationshttp://www.dsd.gov.au/publications/Cloud_Computing_Security_Considerations.pdfJericho Cloud Cubehttps://collaboration.opengroup.org/jericho/cloud_cube_model_v1.0.pdfCloud Security Ruleshttp://www.amazon.com/The-Cloud-Security-Rules-Technology/dp/1463691785
  • Questions?Twitter: @kriggins,@infosecramblinsEmail: kriggins@infosecramblings