Cloud computing arma_nnj
Upcoming SlideShare
Loading in...5
×
 

Cloud computing arma_nnj

on

  • 987 views

 

Statistics

Views

Total Views
987
Views on SlideShare
987
Embed Views
0

Actions

Likes
0
Downloads
47
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • CAS: Content-Addressable Storage / Associative Storage
  • CAS: Content-Addressable Storage / Associative Storage

Cloud computing arma_nnj Cloud computing arma_nnj Presentation Transcript

  • Cloud Computing Steven C. Markey,MSIS,PMP, CISSP,CIPP, CISM,CISA,STS-EV,CCSK Principal, nControl, LLC Adjunct ProfessorPresident, Cloud Security Alliance – Delaware Valley Chapter (CSA-DelVal)
  • Cloud Computing• Presentation Overview – Cloud Overview • General • Business Case for Cloud Computing • Security Guidance • Selecting a Cloud Service Provider (CSP) • Records & Info Management (RIM) in the Cloud – Case Studies • e-Discovery IN the Cloud
  • Cloud Computing• General Overview – Why should you care about the “cloud”?
  • Cloud Computing Trends Numbers Numbers around CC are always impressive: 80% fortune companies 1000 will pay to use cloud computing services and 30% will pay for infrastructure. GartnerAt this moment, the 5major search enginestogether have 2.000.000 Market :computers 42 billon: IDC 95 billion: Merrill Lynch 33% of IT business will be in Cloud Computing Gartner Microsoft data centre in Chicago: 610.000 servers 8 8 Source: Open Group
  • Cloud Computing• What is Cloud Computing? – Re-Branded IT Business Model • Application Service Provider (ASP) • IT Outsourcing (ITO) – Formal Characteristics • Resource Pooling • Rapid Elasticity – Confusion • Hosting • Virtualization • Service Provider
  • Service Delivery Models Source: Swain Techs
  • Responsibility Source: Matthew Gardiner, Computer Associates
  • SaaS Providers
  • PaaS Providers
  • IaaS Providers
  • Private Cloud• Dedicated Clouds – Usually Hosted Internally • Use Chargeback/Shared Services Model – External Private Clouds Exist
  • Hosting Providers
  • Third Parties
  • Cloud Computing• Business Case for Cloud Computing – Time-to-Market – Global Presence – Focus on Core Competency – Elasticity – Cost-Benefit Analysis (CBA)
  • Cloud Computing• Partly Cloudy with a Chance of Risk! – The Cloud is Perceived as Risky Business • Lack of Control • Regulatory Compliance • Hacks, Outages, Disasters….Oh My! Source: Youtube
  • Cloud Computing• Security Guidance – Existing Certifications/Attestations • SAS 70 Type II/SSAE 16/ISAE 3402 • ISO 27001/2, 27036, 15489 • BITS Shared Assessments • PCI DSS • HIPAA/HITECH – Guidance Specifically for the Cloud • CSA Guide v3.0 • ENISA Cloud Computing Risk Assessment • NIST SP 800-144 Guidelines Security/Privacy for a Public Cloud
  • Cloud Computing• Selecting a CSP – Service Provider/Consumer Process Alignment – Portability/Interoperability – Contractual/Legal Agreements – Industry Tools
  • Cloud Computing• Service Provider/Consumer Process Alignment – Change/Configuration Management – Loading/Offloading – Disaster Recovery – Incident Response – Legal Hold/Litigation Response/e-Discovery • Electronic Discovery Reference Model (EDRM) – Records and Information Management (RIM) • Generally Accepted Recordkeeping Principles (GARP) • Information Governance Reference Model (IGRM) • Information Lifecycle Management (ILM)
  • Cloud Computing• Portability/Interoperability – Software – Data – Third Parties
  • Cloud Computing• Contractual/Legal Agreements – Service Level Agreements (SLA) • Up-Time • Jurisdiction • Data Ownership – Escrow Data – Include Metadata • Exit Clause • Testing – Disaster Recovery – Incident Response – Legal Hold/Litigation Response/e-Discovery
  • Cloud Computing• Contractual/Legal Agreements – Service Level Agreements (SLA) • Right to Audit – Vendor & Vendor’s Vendors – GARP-Specific
  • Cloud Computing• Industry Tools – Selection • Gravitant CloudWiz • VMware Cloud Readiness Self-Assessment Tool – Brokerage/Management • RightScale • CloudFloor • Skydera • enStratus
  • Cloud Computing• Industry Tools – Migration • Bit Titan MigrationWiz • Layer 2 SharePoint Cloud Connector • Metalogix StoragePoint • AvePoint DocAve Migrator
  • Source: Metalogix StoragePoint
  • Source: Metalogix StoragePoint
  • Source: AvePoint DocAve Migrator
  • Cloud Computing• RIM in the Cloud – Process • Self-Service Provisioning • CSP Brokerage, Monitoring & Metering • CSP Information Governance • CSP Adherence to Standards – NIST » SP 800-92: Log Management – ISO » 15489: Records Management » 23081: Records Metadata » 15386: Digital Archive » 30300/303001: RIM Management System » 17024: Conformity Assessment
  • Source: Flickr
  • Cloud Computing• RIM in the Cloud – People • More Empowered: Shadow IT, Consumerized IT – Millenials Expect Autonomy – Bring Your Own Device (BYOD) – Less Office Time, But Always On • Increased Roles & Responsibilities • Additional Tech/Analytical Skill-Sets Required – Technology • Commoditized • CSP Metadata • New Technologies: Non-Relational Database Architectures • New Paradigms: Big Data (Data Lakes & Cloud)
  • Cloud Computing• Case Study: e-Discovery FROM the Cloud – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned – Next Steps
  • Cloud Computing• Case Study: e-Discovery FROM the Cloud – Background • Financial Services SMB – Capital Management (PA) • Recent Project: 2010 • IT: Managed Service Provider/Operations, Director – Drivers • Cost • Compliance – Technologies • Email: Exchange Server 2007, 2010/Office 365 • Discovery: Symantec Enterprise Vault (EV) v8.0/v9.0
  • Cloud Computing• Case Study: e-Discovery FROM the Cloud – Limitations • Budget • Skill-Sets • Resources – Risks • Software/System Interoperability • Vendor Management: Contractual/SLA Omissions • Disaster Recovery: Datacom • Legacy Email Availability, No More Archiving • Scope Creep
  • Cloud Computing• Case Study: e-Discovery FROM the Cloud – Lessons Learned • Limited Cost Savings – On-Site Exchange Box for Journaling – Upgrade to EV v9.0 to Support Exchange 2010 – Exchange Hosted Encryption (EHE) – Forefront Online Protection for Exchange (FOPE) • Exchange Journaling From the Cloud, Complicated – Microsoft Federation Gateway (MFG) • Leverage Interim Solution for BlackBerry Services – Shutdown BlackBerry Enterprise Server (BES) – Leverage AstraSync (Exchange ActiveSync)
  • Cloud Computing• Case Study: e-Discovery FROM the Cloud – Next Steps • Upgrade to EV v10.0 – Incorporate Social Media • Test BCP/DR e-Discovery Functionality • BlackBerry Office 365 – Looking at BES Balance (“Data Boxing”) • Leverage Office 365 for SharePoint, iOS & Android – Nix AstraSync, Reviewing Hosted AirWatch & MobileIron for MDM • Reviewing Cloud e-Discovery SaaS Solutions – Symantec Enterprise Vault.cloud – Microsoft Exchange Online Archiving (EOA)
  • Cloud Computing• Presentation Take Aways – Cloud = Re-Branded Business Model –With New Bells & Whistles (Big Data, etc.) – Paradigm Shift Towards Empowerment – Strategy & Due Diligence Are VERY Important –Must Consider the Business Ecosystem
  • Cloud Computing• References – CSA Guide: https://cloudsecurityalliance.org/research/security-guidance/ – BITS Enterprise Cloud Self-Assessment: http://sharedassessments.org/media/pdf-EnterpriseCloud-SA.pdf – ENISA Risk Assessment: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk- assessment – NIST SP 800-144: http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf – IGRM: http://www.edrm.net/projects/igrm – EDRM: http://www.edrm.net/ – MIKE2.0: http://mike2.openmethodology.org/ – VMware CRSA: http://getcloudready.vmware.com/crsa/ – Bit Titan MigrationWiz: https://www.migrationwiz.com/Secure/Default.aspx – Gravitant cloudWiz: http://www.gravitant.com/cloudwiz-home.html – RightScale: http://www.rightscale.com/ – CloudFloor: http://www.cloudfloor.com/ – Skydera: http://www.skydera.com/ – enStratus: http://enstratus.com/ – Layer 2: http://www.layer2.de/en/products/Pages/Cloud-Connector-for-SharePoint-2010-Office365.aspx – Metalogix StoragePoint: http://www.metalogix.com/Products/StoragePoint.aspx – AvePoint DocAve: http://www.avepoint.com/sharepoint-to-sharepoint-migration-docave/
  • Cloud Computing• Personal References – PenTest Magazine, "Scanning Your Cloud Environment": http://pentestmag.com/client-side-exploits-pentest- 082011/ – ISACA Journal, "Testing Your Incident Response Plan": http://www.isaca.org/Journal/Current- Issue/Pages/default.aspx – e-Discovery 2.0: In the Cloud: https://s3.amazonaws.com/nControl-Docs/CSA11_Session-SMarkey.ppt – Security in the Cloud: https://s3.amazonaws.com/nControl-Docs/Cloud_Computing-Security.ppt – System Architecture & Engineering for the Cloud: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing-Architecture_Engineering.ppt – Cloud Computing Primer: https://s3.amazonaws.com/nControl-Docs/Cloud_Computing-Basic.ppt – Cloud Computing - Authentication & Encryption: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing_Security-Session_II.ppt – Cloud Computing - Application & Virtualization Security: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing_Security-Session_III.ppt – Securing Your ESI: https://s3.amazonaws.com/nControl-Docs/Securing_Your_ESI_v2.ppt
  • • Questions?• Contact – Email: steve@ncontrol-llc.com – Twitter: @markes1, @csdadelval2011 – LI: http://www.linkedin.com/in/smarkey – CSA-DelVal: http://www.csadelval.org/