A polemic on the issues and challenges confronting us in the domains of "security" and risk management, as system architectures move to include the Cloud.
Keep an eye on the speaker Notes for each slide -- there's stuff in there.
6. Did you know that there is a whole culture of ivory tower folk who spend their days trying to answer that question? http://consc.net/neh/papers/dretske2.htm http://en.wikipedia.org/wiki/Fred_Dretske http://philsci-archive.pitt.edu/archive/00002546/01/caatkg.pdf
9. â It is an attempt to derive all mathematical truths from a well-defined set of axioms and inference rules in symbolic logic.â http://en.wikipedia.org/wiki/Principia_Mathematica
28. Risk exposure (RE) = probability(loss) * magnitude(loss) http://books.google.com/books?id=0RfANAwOUdIC&pg=PA800&lpg=PA800&dq=risk+exposure+re+formula&source=web&ots=pENn1no-zn&sig=Xe72BRymob2ftXlp4CciUr-ly-Y&hl=en&ei=QquNSfLdMob00AXB4OGcCw&sa=X&oi=book_result&resnum=5&ct=result (The Handbook Of Information Security)
38. Ludwig Wittgenstein, a fierce critic of Principa Mathematica , conceded that it was useful, but only in the small.
39. To the extent that naĂŻve use of the Cloud scales systems up beyond âsmallâ, it forces us to confront a problem we may have been able to ignore.
53. The U.S. DOE published an excellent report in December: âA Scientific Research & Development Approach to Cyber Securityâ. http://chas.typepad.com/dli/2009/01/cyber-security-rd-needs-for-doe.html
54. The Jericho Forum, part of The Open Group, is doing important work in defining models of security and risk that donât ignore Gödelâs LOL. https://www.opengroup.org/jericho/about.htm
55. And, in a shameless plug, CSCâs report on âliquid securityâ contains lots of information, particularly in the section on âLiving on the Webâ. http://www.csc.com/aboutus/leadingedgeforum/knowledgelibrary/uploads/LEF_2007DigitalTrustVol5.pdf
56. So what are you telling me? That everything I thought I knew about security is wrong?
69. 2) Because of that, we ought to study complex systems in Nature, learn how those systems cope with risk, uncertainty and so on, and apply those lessons to ICT.
70. We need to stop thinking in terms of âsecurityâ and start thinking in terms of âhealthâ.
71. This is already true in your enterprise, if your systems landscape is not âsmallâ
87. 2) Static, manual processes to provision and manage VMs will probably not scale to demand.
88. You will find yourself wanting to archive (versioned) VMs, ensure VMs have specific attributes, and otherwise maintain governance.
89. But you will also need a way to maintain the âself-serviceâ factor, or risk torpedoing a significant part of the value proposition of the Cloud.
90. Again, there are tools available and emerging that can address some of these needsâŠ
98. RAIC âsolvesâ the problems of data portability and lock-in, whilst simultaneously increasing reliability, flexibility, and potentially, performance.
104. So you have to ensure that it is designed to be healthy.
105. Available and emerging things worth considering in the context of the orchestrator includeâŠ
106. Eucalyptus: http://eucalyptus.cs.ucsb.edu/ UCI: http://code.google.com/p/unifiedcloud/ Ubuntu: https://wiki.edubuntu.org/UDSJaunty/Report/Server GridGain API: http://www.gridgain.com/product.html And also take a look at things like Puppet: http://reductivelabs.com/trac/puppet Chef: http://wiki.opscode.com/display/chef/Chef+Solo AMQP: http://en.wikipedia.org/wiki/Advanced_Message_Queuing_Protocol Hadoop: http://en.wikipedia.org/wiki/Hadoop ⊠and so on.
107. Thatâs a lot to digest, but a picture of how to bring the Cloud inside the firewall emerges from it.
108. What about using the Cloud outside the firewall? What about, for example, collaborating with external partners in the Cloud?
120. Join the conversation: http://groups.google.com/group/cloud-computing/ http://groups.google.com/group/cloudforum http://tech.groups.yahoo.com/group/cloudcomputing-tech/ ⊠and please come talk to us, as well ⊠http://twitter.com/mastermark http://twitter.com/gblnetwkr http://www.jroller.com/MasterMark/ Thanks!