A polemic on the issues and challenges confronting us in the domains of "security" and risk management, as system architectures move to include the Cloud.
Keep an eye on the speaker Notes for each slide -- there's stuff in there.
6. Did you know that there is a whole culture of ivory tower folk who spend their days trying to answer that question? http://consc.net/neh/papers/dretske2.htm http://en.wikipedia.org/wiki/Fred_Dretske http://philsci-archive.pitt.edu/archive/00002546/01/caatkg.pdf
9. “ It is an attempt to derive all mathematical truths from a well-defined set of axioms and inference rules in symbolic logic.” http://en.wikipedia.org/wiki/Principia_Mathematica
28. Risk exposure (RE) = probability(loss) * magnitude(loss) http://books.google.com/books?id=0RfANAwOUdIC&pg=PA800&lpg=PA800&dq=risk+exposure+re+formula&source=web&ots=pENn1no-zn&sig=Xe72BRymob2ftXlp4CciUr-ly-Y&hl=en&ei=QquNSfLdMob00AXB4OGcCw&sa=X&oi=book_result&resnum=5&ct=result (The Handbook Of Information Security)
53. The U.S. DOE published an excellent report in December: “A Scientific Research & Development Approach to Cyber Security”. http://chas.typepad.com/dli/2009/01/cyber-security-rd-needs-for-doe.html
54. The Jericho Forum, part of The Open Group, is doing important work in defining models of security and risk that don’t ignore Gödel’s LOL. https://www.opengroup.org/jericho/about.htm
55. And, in a shameless plug, CSC’s report on “liquid security” contains lots of information, particularly in the section on “Living on the Web”. http://www.csc.com/aboutus/leadingedgeforum/knowledgelibrary/uploads/LEF_2007DigitalTrustVol5.pdf
56. So what are you telling me? That everything I thought I knew about security is wrong?
69. 2) Because of that, we ought to study complex systems in Nature, learn how those systems cope with risk, uncertainty and so on, and apply those lessons to ICT.
70. We need to stop thinking in terms of “security” and start thinking in terms of “health”.
71. This is already true in your enterprise, if your systems landscape is not “small”
98. RAIC “solves” the problems of data portability and lock-in, whilst simultaneously increasing reliability, flexibility, and potentially, performance.
104. So you have to ensure that it is designed to be healthy.
105. Available and emerging things worth considering in the context of the orchestrator include…
106. Eucalyptus: http://eucalyptus.cs.ucsb.edu/ UCI: http://code.google.com/p/unifiedcloud/ Ubuntu: https://wiki.edubuntu.org/UDSJaunty/Report/Server GridGain API: http://www.gridgain.com/product.html And also take a look at things like Puppet: http://reductivelabs.com/trac/puppet Chef: http://wiki.opscode.com/display/chef/Chef+Solo AMQP: http://en.wikipedia.org/wiki/Advanced_Message_Queuing_Protocol Hadoop: http://en.wikipedia.org/wiki/Hadoop … and so on.
107. That’s a lot to digest, but a picture of how to bring the Cloud inside the firewall emerges from it.
108. What about using the Cloud outside the firewall? What about, for example, collaborating with external partners in the Cloud?
120. Join the conversation: http://groups.google.com/group/cloud-computing/ http://groups.google.com/group/cloudforum http://tech.groups.yahoo.com/group/cloudcomputing-tech/ … and please come talk to us, as well … http://twitter.com/mastermark http://twitter.com/gblnetwkr http://www.jroller.com/MasterMark/ Thanks!