Cloud computing arma_nnj

  • 717 views
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
717
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
47
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • CAS: Content-Addressable Storage / Associative Storage
  • CAS: Content-Addressable Storage / Associative Storage

Transcript

  • 1. Cloud Computing Steven C. Markey,MSIS,PMP, CISSP,CIPP, CISM,CISA,STS-EV,CCSK Principal, nControl, LLC Adjunct ProfessorPresident, Cloud Security Alliance – Delaware Valley Chapter (CSA-DelVal)
  • 2. Cloud Computing• Presentation Overview – Cloud Overview • General • Business Case for Cloud Computing • Security Guidance • Selecting a Cloud Service Provider (CSP) • Records & Info Management (RIM) in the Cloud – Case Studies • e-Discovery IN the Cloud
  • 3. Cloud Computing• General Overview – Why should you care about the “cloud”?
  • 4. Cloud Computing Trends Numbers Numbers around CC are always impressive: 80% fortune companies 1000 will pay to use cloud computing services and 30% will pay for infrastructure. GartnerAt this moment, the 5major search enginestogether have 2.000.000 Market :computers 42 billon: IDC 95 billion: Merrill Lynch 33% of IT business will be in Cloud Computing Gartner Microsoft data centre in Chicago: 610.000 servers 8 8 Source: Open Group
  • 5. Cloud Computing• What is Cloud Computing? – Re-Branded IT Business Model • Application Service Provider (ASP) • IT Outsourcing (ITO) – Formal Characteristics • Resource Pooling • Rapid Elasticity – Confusion • Hosting • Virtualization • Service Provider
  • 6. Service Delivery Models Source: Swain Techs
  • 7. Responsibility Source: Matthew Gardiner, Computer Associates
  • 8. SaaS Providers
  • 9. PaaS Providers
  • 10. IaaS Providers
  • 11. Private Cloud• Dedicated Clouds – Usually Hosted Internally • Use Chargeback/Shared Services Model – External Private Clouds Exist
  • 12. Hosting Providers
  • 13. Third Parties
  • 14. Cloud Computing• Business Case for Cloud Computing – Time-to-Market – Global Presence – Focus on Core Competency – Elasticity – Cost-Benefit Analysis (CBA)
  • 15. Cloud Computing• Partly Cloudy with a Chance of Risk! – The Cloud is Perceived as Risky Business • Lack of Control • Regulatory Compliance • Hacks, Outages, Disasters….Oh My! Source: Youtube
  • 16. Cloud Computing• Security Guidance – Existing Certifications/Attestations • SAS 70 Type II/SSAE 16/ISAE 3402 • ISO 27001/2, 27036, 15489 • BITS Shared Assessments • PCI DSS • HIPAA/HITECH – Guidance Specifically for the Cloud • CSA Guide v3.0 • ENISA Cloud Computing Risk Assessment • NIST SP 800-144 Guidelines Security/Privacy for a Public Cloud
  • 17. Cloud Computing• Selecting a CSP – Service Provider/Consumer Process Alignment – Portability/Interoperability – Contractual/Legal Agreements – Industry Tools
  • 18. Cloud Computing• Service Provider/Consumer Process Alignment – Change/Configuration Management – Loading/Offloading – Disaster Recovery – Incident Response – Legal Hold/Litigation Response/e-Discovery • Electronic Discovery Reference Model (EDRM) – Records and Information Management (RIM) • Generally Accepted Recordkeeping Principles (GARP) • Information Governance Reference Model (IGRM) • Information Lifecycle Management (ILM)
  • 19. Cloud Computing• Portability/Interoperability – Software – Data – Third Parties
  • 20. Cloud Computing• Contractual/Legal Agreements – Service Level Agreements (SLA) • Up-Time • Jurisdiction • Data Ownership – Escrow Data – Include Metadata • Exit Clause • Testing – Disaster Recovery – Incident Response – Legal Hold/Litigation Response/e-Discovery
  • 21. Cloud Computing• Contractual/Legal Agreements – Service Level Agreements (SLA) • Right to Audit – Vendor & Vendor’s Vendors – GARP-Specific
  • 22. Cloud Computing• Industry Tools – Selection • Gravitant CloudWiz • VMware Cloud Readiness Self-Assessment Tool – Brokerage/Management • RightScale • CloudFloor • Skydera • enStratus
  • 23. Cloud Computing• Industry Tools – Migration • Bit Titan MigrationWiz • Layer 2 SharePoint Cloud Connector • Metalogix StoragePoint • AvePoint DocAve Migrator
  • 24. Source: Metalogix StoragePoint
  • 25. Source: Metalogix StoragePoint
  • 26. Source: AvePoint DocAve Migrator
  • 27. Cloud Computing• RIM in the Cloud – Process • Self-Service Provisioning • CSP Brokerage, Monitoring & Metering • CSP Information Governance • CSP Adherence to Standards – NIST » SP 800-92: Log Management – ISO » 15489: Records Management » 23081: Records Metadata » 15386: Digital Archive » 30300/303001: RIM Management System » 17024: Conformity Assessment
  • 28. Source: Flickr
  • 29. Cloud Computing• RIM in the Cloud – People • More Empowered: Shadow IT, Consumerized IT – Millenials Expect Autonomy – Bring Your Own Device (BYOD) – Less Office Time, But Always On • Increased Roles & Responsibilities • Additional Tech/Analytical Skill-Sets Required – Technology • Commoditized • CSP Metadata • New Technologies: Non-Relational Database Architectures • New Paradigms: Big Data (Data Lakes & Cloud)
  • 30. Cloud Computing• Case Study: e-Discovery FROM the Cloud – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned – Next Steps
  • 31. Cloud Computing• Case Study: e-Discovery FROM the Cloud – Background • Financial Services SMB – Capital Management (PA) • Recent Project: 2010 • IT: Managed Service Provider/Operations, Director – Drivers • Cost • Compliance – Technologies • Email: Exchange Server 2007, 2010/Office 365 • Discovery: Symantec Enterprise Vault (EV) v8.0/v9.0
  • 32. Cloud Computing• Case Study: e-Discovery FROM the Cloud – Limitations • Budget • Skill-Sets • Resources – Risks • Software/System Interoperability • Vendor Management: Contractual/SLA Omissions • Disaster Recovery: Datacom • Legacy Email Availability, No More Archiving • Scope Creep
  • 33. Cloud Computing• Case Study: e-Discovery FROM the Cloud – Lessons Learned • Limited Cost Savings – On-Site Exchange Box for Journaling – Upgrade to EV v9.0 to Support Exchange 2010 – Exchange Hosted Encryption (EHE) – Forefront Online Protection for Exchange (FOPE) • Exchange Journaling From the Cloud, Complicated – Microsoft Federation Gateway (MFG) • Leverage Interim Solution for BlackBerry Services – Shutdown BlackBerry Enterprise Server (BES) – Leverage AstraSync (Exchange ActiveSync)
  • 34. Cloud Computing• Case Study: e-Discovery FROM the Cloud – Next Steps • Upgrade to EV v10.0 – Incorporate Social Media • Test BCP/DR e-Discovery Functionality • BlackBerry Office 365 – Looking at BES Balance (“Data Boxing”) • Leverage Office 365 for SharePoint, iOS & Android – Nix AstraSync, Reviewing Hosted AirWatch & MobileIron for MDM • Reviewing Cloud e-Discovery SaaS Solutions – Symantec Enterprise Vault.cloud – Microsoft Exchange Online Archiving (EOA)
  • 35. Cloud Computing• Presentation Take Aways – Cloud = Re-Branded Business Model –With New Bells & Whistles (Big Data, etc.) – Paradigm Shift Towards Empowerment – Strategy & Due Diligence Are VERY Important –Must Consider the Business Ecosystem
  • 36. Cloud Computing• References – CSA Guide: https://cloudsecurityalliance.org/research/security-guidance/ – BITS Enterprise Cloud Self-Assessment: http://sharedassessments.org/media/pdf-EnterpriseCloud-SA.pdf – ENISA Risk Assessment: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk- assessment – NIST SP 800-144: http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf – IGRM: http://www.edrm.net/projects/igrm – EDRM: http://www.edrm.net/ – MIKE2.0: http://mike2.openmethodology.org/ – VMware CRSA: http://getcloudready.vmware.com/crsa/ – Bit Titan MigrationWiz: https://www.migrationwiz.com/Secure/Default.aspx – Gravitant cloudWiz: http://www.gravitant.com/cloudwiz-home.html – RightScale: http://www.rightscale.com/ – CloudFloor: http://www.cloudfloor.com/ – Skydera: http://www.skydera.com/ – enStratus: http://enstratus.com/ – Layer 2: http://www.layer2.de/en/products/Pages/Cloud-Connector-for-SharePoint-2010-Office365.aspx – Metalogix StoragePoint: http://www.metalogix.com/Products/StoragePoint.aspx – AvePoint DocAve: http://www.avepoint.com/sharepoint-to-sharepoint-migration-docave/
  • 37. Cloud Computing• Personal References – PenTest Magazine, "Scanning Your Cloud Environment": http://pentestmag.com/client-side-exploits-pentest- 082011/ – ISACA Journal, "Testing Your Incident Response Plan": http://www.isaca.org/Journal/Current- Issue/Pages/default.aspx – e-Discovery 2.0: In the Cloud: https://s3.amazonaws.com/nControl-Docs/CSA11_Session-SMarkey.ppt – Security in the Cloud: https://s3.amazonaws.com/nControl-Docs/Cloud_Computing-Security.ppt – System Architecture & Engineering for the Cloud: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing-Architecture_Engineering.ppt – Cloud Computing Primer: https://s3.amazonaws.com/nControl-Docs/Cloud_Computing-Basic.ppt – Cloud Computing - Authentication & Encryption: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing_Security-Session_II.ppt – Cloud Computing - Application & Virtualization Security: https://s3.amazonaws.com/nControl- Docs/Cloud_Computing_Security-Session_III.ppt – Securing Your ESI: https://s3.amazonaws.com/nControl-Docs/Securing_Your_ESI_v2.ppt
  • 38. • Questions?• Contact – Email: steve@ncontrol-llc.com – Twitter: @markes1, @csdadelval2011 – LI: http://www.linkedin.com/in/smarkey – CSA-DelVal: http://www.csadelval.org/