Cloud computing 101

598 views

Published on

TH

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
598
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
15
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Wow. That makes my head hurt. Let’s see if we can’t find a simpler metaphor.
  • Cloud computing 101

    1. 1. Welcome to secure360 2012 Did you remember to scan your badge for CPE Credits? Ask your Room Volunteer for assistance. Please complete the Session Survey front and back (this is Room 12), and leave on your seat.  Note: “Session” is Tuesday or Wednesday Are you tweeting? #Sec360
    2. 2. Cloud computing is a model for enablingubiquitous, convenient, on-demand networkaccess to a shared pool of configurablecomputing resources (e.g., networks, servers,storage, applications, and services) thatcan be rapidly provisioned and released withminimal management effort or serviceprovider interaction. This cloud model iscomposed of five essential characteristics,three service models, and four deploymentmodels.
    3. 3. Broad Rapid Measured On-DemandNetwork Access Elasticity Service Self-Service Resource Pooling Essential Characteristics Infrastructure asSoftware as a Platform as a aService (SaaS) Service (PaaS) Service (IaaS) Service Models Public Private Hybrid Community Deployment Models NIST Visual Model of Cloud Computing
    4. 4. Essential CharacteristicsFrom FromHere Here Cloud Yup, Wait! Over Here Too Here Too! Broad Network Access
    5. 5. Essential Characteristics Bigger CloudLittle LittleCloud Cloud Rapid Elasticity
    6. 6. Essential CharacteristicsA LotMiddlin’A Little Time Measured Service
    7. 7. Essential Characteristics I want to do it. NOW! On-Demand Self-Service
    8. 8. Essential Characteristics Everybody uses the same water. Resource Pooling
    9. 9. Service Models Presentation Presentation Modality Platform APIs Applications (Software as a Service)Data Metadata Content Integration and Middleware (Platform as a Service) SaaS APIs (Infrastructure as PaaS a Service) IaaS Abstraction Hardware Facilities
    10. 10. Service Models Here’s a bunch of logs, have at it. IaaS
    11. 11. Service ModelsHere’s afoundation, sometools, and morematerials. Knockyourself out. PaaS
    12. 12. Service Models It’s all in there. Just move in. SaaS
    13. 13. Who’s In Control? SaaS Less Control PaaS As We Go Up IaaS
    14. 14. Deployment Models Private Community Public Hybrid
    15. 15. Deployment Models PrivateSource: http://dogs.icanhascheezburger.com/2012/03/16/funny-dog-pictures-mine-all-mine-2/
    16. 16. Deployment Models PublicSource: http://popupcity.net/2009/11/on-moscows-public-toilets/
    17. 17. Deployment Models Community
    18. 18. Deployment Models Hybridhttp://www.coolfunnycomments.com/funnypictures/dogs_041.html
    19. 19. Actors Consume r Provider Broker Auditor Carrier
    20. 20. Things to Think About Visibility  Backups Compliance  Encryption Availability  Logging Audit  Authentication Disaster Rec.  Access control Monitoring  Monitoring
    21. 21. Questions to Ask Yourself How would we be harmed if the asset became widely public and widely distributed?
    22. 22. Questions to Ask Yourself How would we be harmed if an employee of our cloud provider accessed the asset?
    23. 23. Questions to Ask Yourself How would we be harmed if the process or function were manipulated by an outsider?
    24. 24. Questions to Ask Yourself How would we be harmed if the process or function failed to provide expected results?
    25. 25. Questions to Ask Yourself How would we be harmed if the information/data were unexpectedly changed?
    26. 26. Questions to Ask Yourself How would we be harmed if the asset were unavailable for a period of time?
    27. 27. ReferencesNIST SP800-145 Cloud Definitionhttp://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdfNIST SP800-146 Cloud Computing Synopsis andRecommendationshttp://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdfNIST SP500-292 Cloud Computing Reference Architecturehttp://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505Cloud Security Alliance Guidancehttps://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdfENISA Cloud Risk Assessmenthttp://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessmentAustralian DoD Cloud Security Considerationshttp://www.dsd.gov.au/publications/Cloud_Computing_Security_Considerations.pdfJericho Cloud Cubehttps://collaboration.opengroup.org/jericho/cloud_cube_model_v1.0.pdfCloud Security Ruleshttp://www.amazon.com/The-Cloud-Security-Rules-Technology/dp/1463691785
    28. 28. Questions?Twitter: @kriggins,@infosecramblinsEmail: kriggins@infosecramblings

    ×