Your SlideShare is downloading. ×

Cloud computing 101

406

Published on

TH

TH

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
406
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
14
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Wow. That makes my head hurt. Let’s see if we can’t find a simpler metaphor.
  • Transcript

    • 1. Welcome to secure360 2012 Did you remember to scan your badge for CPE Credits? Ask your Room Volunteer for assistance. Please complete the Session Survey front and back (this is Room 12), and leave on your seat.  Note: “Session” is Tuesday or Wednesday Are you tweeting? #Sec360
    • 2. Cloud computing is a model for enablingubiquitous, convenient, on-demand networkaccess to a shared pool of configurablecomputing resources (e.g., networks, servers,storage, applications, and services) thatcan be rapidly provisioned and released withminimal management effort or serviceprovider interaction. This cloud model iscomposed of five essential characteristics,three service models, and four deploymentmodels.
    • 3. Broad Rapid Measured On-DemandNetwork Access Elasticity Service Self-Service Resource Pooling Essential Characteristics Infrastructure asSoftware as a Platform as a aService (SaaS) Service (PaaS) Service (IaaS) Service Models Public Private Hybrid Community Deployment Models NIST Visual Model of Cloud Computing
    • 4. Essential CharacteristicsFrom FromHere Here Cloud Yup, Wait! Over Here Too Here Too! Broad Network Access
    • 5. Essential Characteristics Bigger CloudLittle LittleCloud Cloud Rapid Elasticity
    • 6. Essential CharacteristicsA LotMiddlin’A Little Time Measured Service
    • 7. Essential Characteristics I want to do it. NOW! On-Demand Self-Service
    • 8. Essential Characteristics Everybody uses the same water. Resource Pooling
    • 9. Service Models Presentation Presentation Modality Platform APIs Applications (Software as a Service)Data Metadata Content Integration and Middleware (Platform as a Service) SaaS APIs (Infrastructure as PaaS a Service) IaaS Abstraction Hardware Facilities
    • 10. Service Models Here’s a bunch of logs, have at it. IaaS
    • 11. Service ModelsHere’s afoundation, sometools, and morematerials. Knockyourself out. PaaS
    • 12. Service Models It’s all in there. Just move in. SaaS
    • 13. Who’s In Control? SaaS Less Control PaaS As We Go Up IaaS
    • 14. Deployment Models Private Community Public Hybrid
    • 15. Deployment Models PrivateSource: http://dogs.icanhascheezburger.com/2012/03/16/funny-dog-pictures-mine-all-mine-2/
    • 16. Deployment Models PublicSource: http://popupcity.net/2009/11/on-moscows-public-toilets/
    • 17. Deployment Models Community
    • 18. Deployment Models Hybridhttp://www.coolfunnycomments.com/funnypictures/dogs_041.html
    • 19. Actors Consume r Provider Broker Auditor Carrier
    • 20. Things to Think About Visibility  Backups Compliance  Encryption Availability  Logging Audit  Authentication Disaster Rec.  Access control Monitoring  Monitoring
    • 21. Questions to Ask Yourself How would we be harmed if the asset became widely public and widely distributed?
    • 22. Questions to Ask Yourself How would we be harmed if an employee of our cloud provider accessed the asset?
    • 23. Questions to Ask Yourself How would we be harmed if the process or function were manipulated by an outsider?
    • 24. Questions to Ask Yourself How would we be harmed if the process or function failed to provide expected results?
    • 25. Questions to Ask Yourself How would we be harmed if the information/data were unexpectedly changed?
    • 26. Questions to Ask Yourself How would we be harmed if the asset were unavailable for a period of time?
    • 27. ReferencesNIST SP800-145 Cloud Definitionhttp://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdfNIST SP800-146 Cloud Computing Synopsis andRecommendationshttp://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdfNIST SP500-292 Cloud Computing Reference Architecturehttp://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505Cloud Security Alliance Guidancehttps://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdfENISA Cloud Risk Assessmenthttp://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessmentAustralian DoD Cloud Security Considerationshttp://www.dsd.gov.au/publications/Cloud_Computing_Security_Considerations.pdfJericho Cloud Cubehttps://collaboration.opengroup.org/jericho/cloud_cube_model_v1.0.pdfCloud Security Ruleshttp://www.amazon.com/The-Cloud-Security-Rules-Technology/dp/1463691785
    • 28. Questions?Twitter: @kriggins,@infosecramblinsEmail: kriggins@infosecramblings

    ×