SlideShare a Scribd company logo

Data governance in the cloud

kay goodier
kay goodier

The document discusses why data governance is needed in the cloud, listing 4 key reasons: security, compliance, data loss, and loss of control. It then provides definitions and explanations of cloud security concepts like cloud service models, deployment models, and cloud architecture characteristics such as abstraction of infrastructure and elasticity of resources.

Technology
1 of 37
Download to read offline
Why is data governance needed in the cloud? 4 Reasons: • Security • Compliance • Data Loss • Loss of Control James and K Goodier 2
Security First some cloud security definitions • These definitions are extracted from the Cloud Security Alliance guidelines released in April 2009 and supported by NIST. • Cloud computing security guidance fits into a standard development lifecycle Design- Develop Deliver Deploy 3
Design- Develop Security Cloud Basics: Architecture • 5 Principal Characteristics – Abstraction of Infrastructure – Resource Democratization – Services Oriented Architecture – Elasticity/Dynamism of Resources – Utility model of Consumption & Allocation 4
Design- Develop Security Cloud Basics: Architecture – Abstraction of Infrastructure • The computer, network and storage infrastructure resources are abstracted from the application and information resources as a function of service delivery. • Physical resources on which data is processed, transmitted and stored becomes opaque from the perspective of the application or services’ ability to deliver it • Abstraction is generally provided by means of high levels of virtualization 5
Design- Security Develop Cloud Basics: Architecture – Resource Democratization • The abstraction of infrastructure provides resource democratization – The infrastructure, applications, or information are a pool of resources that can be made available and accessible to anyone or anything authorized to use them via standardized methods 6
Design- Security Develop Cloud Basics: Architecture – Services Oriented Architecture • The abstraction of infrastructure from application and information yields well-defined and loosely-coupled resource democratization, • The notion of using these components in whole or part, alone or with integration, provides a services oriented architecture where resources may be accessed and utilized in a standard way. • The delivery of service is the focus rather than the management of infrastructure. 7
Design- Security Develop Cloud Basics: Architecture – Elasticity/Dynamism of Resources • The on-demand model of Cloud provisioning coupled with high levels of automation, virtualization, and ubiquitous, reliable and high-speed connectivity provides for • The capability to rapidly expand or contract resource allocation to service definition • Requirements using a self-service model that scales to as-needed capacity. • Pooled resources ensure that better utilization and service levels can be achieved. 8
Design- Security Develop Cloud Basics: Architecture – Utility model of Consumption & Allocation • The abstracted, democratized, service-oriented and elastic nature of Cloud combined with tight automation, orchestration, provisioning and self-service allows for dynamic allocation of resources based on any number of governing input parameters. • At an atomic level, the consumption of resources can then be used to provide an “all-you-can-eat” but “pay-by-the-bite” metered utility-cost and usage model. • This approach provides cost efficiencies and scale as well as manageable and predictive costs. 9
Deliver Security 3 Cloud Service Delivery Models: • Software as a Service • Platform as a Service • Infrastructure as a Service • Note: Lamia Youseff, et. al., adds Hardware as a Service and Communications as a Service to this list in their paper Toward a Unified Ontology of Cloud Computing 10
Deliver Security Software as a Service – Lets the consumer use the provider’s applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email). – The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. 11
Deliver Security Platform as a Service – Lets the consumer deploy on the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .Net). – The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations. 12
Deliver Security Infrastructure as a Service – Lets the consumer rent processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. – The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers). 13
Deploy Security 4 Cloud Service Deployment Models – Public – Private – Managed – Hybrid 14
Deploy Security Public Cloud Services • Designated service provider and may offer either – a single-tenant (dedicated) or – multi-tenant (shared) operating environment • Physical infrastructure is owned by and managed by the designated service provider and located within the provider’s datacenters (off-premise.) • Consumers of Public Cloud services are “untrusted” – Untrusted consumers are those that may be authorized to consume some/all services but are not logical extensions of the organization 15
Deploy Security Private Cloud Services • Private Clouds are provided by an organization or their designated service provider. – single-tenant (dedicated) operating environment • The physical infrastructure may be either on-premise/owned by the organization or off-premise. • The consumers of the service are considered “trusted.” • Trusted consumers of service are those who are considered part of an organization’s legal/contractual umbrella including employees, contractors, & business partners. 16
Deploy Security Managed Cloud Services • A type of Public model - Managed Clouds are provided by a designated service provider • The key difference from Public Clouds is in the level of trust offered to users. • Consumers of Managed Clouds may be trusted or untrusted. 17
Deploy Security Hybrid Cloud Services – Combination of public and private cloud offerings that allow for transitive information exchange and possibly application compatibility and portability across disparate Cloud service offerings and providers. – May use either standard or proprietary methodologies regardless of ownership or location – Consumers of Hybrid Clouds may be trusted or untrusted 18
Security Governance and Risk Considerations for the Public Cloud • A portion of the cost savings obtained by cloud computing services must be invested into the increased scrutiny of the security capabilities of the provider and ongoing detailed audits to ensure requirements are continuously met. • The principals of Cloud Computing that make it very flexible and affordable create a relationship dynamism, which must be mitigated by ongoing risk management. • Providers should have regular third party risk assessments and these should be made available to customers. • Require listings of all third party relationships of the cloud provider. • Understand financial viability of cloud provider. 19
Security Governance and Risk Considerations for the Public Cloud • Understand the cloud provider’s key risk and performance indicators and – Ask yourself: How can these indicators be monitored and measured from a customer perspective? • Request complete disclosure on all policies, procedures and processes comprising the cloud provider’s Information Security Management System (ISMS) • Understand that it is the responsibility of the customer to perform extensive due diligence of any cloud provider for use in business functions or for hosting of regulated data , especially personally identifiable information. • Establish contracts that contain a comprehensive listing of the required due diligence that you require of the cloud provider – The contract should be considered as one of many strong governance tools. 20
Security Data Security summary • Two big dimensions of security that are different in the cloud: – Control to user access/privilege to your application has been extended to your cloud provider. • You need to know who has access to your application. • If they can't tell you, assume everyone in the company does! – Protection against network and host based attacks. • Does your cloud vendor really understand security? • Have you asked about their corporate security policies? 21
Compliance Data Compliance - Negatives • Certain types of data – Privacy data (FISA compliance) – Financial data (SOX compliance) – Healthcare data (HIPPA compliance) • Cause compliance/regulatory issues – Can you allow this data to go into a public cloud? – How do you prevent compliance failure? 22
Compliance Data Compliance - Positives • Private Clouds can assist with data compliance – Consider running a prototype and – Ride the wave of cloud popularity to gain more control within your organization 23
Data Loss Data Loss • Can In-the-Cloud applications and services overlook these risk? • When something happens, does your cloud service have to go offline until recovery? • If you are a cloud vendor, do you have backup/recovery policies in place? – Have these been audited by an external 3rd party? 24
Loss of Control Loss of Data Control • Richard Stallman, founder of GNU, claims that the use of cloud computing services and applications is "worse than stupid" because it locks users into proprietary systems. • He particularly cautions against big players like Google, Microsoft and Amazon. – In my opinion, his comments have a conspiracy theory flavor but the issue of control and privacy is something to consider. What’s the worse that could happen in the cloud without data governance? 25
The Worst that could happen 26
Loss of Control Cloud Losers: Unlucky Seals of 2009 and 2008 27
Loss of Control Cloud Computing Incidents Database (CCID) • “The CCID records and monitors verifiable, noteworthy events that impact cloud computing providers, such as outages, security issues and breaches, both as they are happening and on an ongoing historical basis.” – http://wiki.cloudcommunity.org/wiki/CloudComputing:Incidents_Database • The CCID is offered to all under a Creative Commons (CC-BY- SA 3.0) license. 28
Loss of Control 2009 incidents "From about 6:30 AM PST until 7:25 AM PST, most searches for any site in Google's database returned the message "This site may harm your computer." If a user attempted to click through to the result, a subsequent page referred users to StopBadware.org, causing that site to crash from the millions of visitors trying to access the site." 29
Loss of Control A lesson from ma.gnolia • ma.gnolia was a cloud computing based bookmark service provider. Corrupted data caused a catastrophic site crash on January 30, 2009. ma.gnolia’s backup methods did not include a known good backup. Three key lessons can be learned from this crash: – Disaster recovery planning, implementation and testing is more important in the cloud than ever before. – Implement competing backup solutions so that you have backup to your backup. – Implement the daily/hourly workhorse backup. Make sure the backup and the restore process is fully defined, and run tests to prove it. Do these tests routinely . 30
Loss of Control 2008 incidents 31
Loss of Control 2008 incidents Datastore writes experienced All elevated latencies and Performance error-rates. 9/15/2008 App Engine Google Low Outage Degradation No Malicious service provider could All SSO users impersonate a Yes user at other service 9/2/2008 Google Apps Google High Security User Impersonation [11] providers. Full extended All 8/26/2008 FlexiScale FlexiScale Critical Outage Disaster Recovery No outage Users unable to use webmail due to issues Many with loading contacts between 14:00 Change and 16:00 PT 8/12/2008 Gmail Google High Outage Management No 32
Loss of Control 2008 incidents Data claimed to 20,000 be safe but Nirvanix inaccessible 8/8/2008 The Linkup MediaMax Critical Data Loss Closure No Full outage for 8 All (weekend) hours 7/20/2008 Amazon S3 AWS Critical Outage Design Fault No Scheduled outage window All exceeded during upgrade to MobileMe 7/10/2008 MobileMe Apple Moderate Outage Migration No Full outage (except mail) All during upgrade to MobileMe 18:00-00:00 7/9/2008 .Mac Apple Info Outage Scheduled Outage No 33
Loss of Control 2008 incidents Result of a customer Small subset creating a large of instances number of firewall rules Degraded and instances. 4/28/2008 EC2 Amazon Low Outage Performance No Early morning outage (04:31- 06:48 PST) All caused by authentication Authentication service overload 2/15/2008 Amazon S3 AWS Low Outage Failures No 34
Demo - Governed data in the cloud It’s beautiful ! 35
Some Private AND Public Clouds • MAX - http://www.omb.gov (Private SaaS) • OOR – (Public IaaS) – http://ontolog.cim3.net/cgibin/wiki.pl?OpenOntologyRepository – http://oor-01.cim3.net • Teragrid - http://www.teragrid.org/ (Hybrid PasS) 36
Summary • 4 Reasons Data Governance is important to cloud computing (Security, Compliance, Data Loss, Loss of Control) • 5 Principal Characteristics of the Cloud Architecture (Abstraction of Infrastructure, Resource Democratization, Services Oriented Architecture, Elasticity/Dynamism of Resources, Utility model of Consumption & Allocation ) • 3 Cloud Service Delivery Models (Software as a Service-SaaS, Platform as a Service-PaaS, Infrastructure as a Service-IaaS) • 4 Cloud Service Deployment Models (Public, Private, Managed, Hybrid) 37
References • The authors of this presentation wish to thank the following authors and organizations for their work in the field of Cloud Computing: – National Institute of Standards and Technology (NIST) – Lamia Youseff, Univ. of California, Santa Barbara – United States Department of Defense – The Cloud Security Alliance – The Cloud computing org (CCID) – Unisys Corporation – L-3 Communications – Morgan Franklin Corporation 38

Recommended

An study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computingAn study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computing
ijsrd.com
 
Intelligent Cloud Enablement
Intelligent Cloud EnablementIntelligent Cloud Enablement
Intelligent Cloud Enablement
DocuLynx
 
Ijarcet vol-2-issue-3-884-890
Ijarcet vol-2-issue-3-884-890Ijarcet vol-2-issue-3-884-890
Ijarcet vol-2-issue-3-884-890
Editor IJARCET
 
Cloud computing
Cloud computingCloud computing
Cloud computing
akanksha botke
 
Data Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud Environment
IOSR Journals
 
Yongsan presentation 2
Yongsan presentation 2Yongsan presentation 2
Yongsan presentation 2
GovCloud Network
 
Cloud computing
Cloud computingCloud computing
Cloud computing
saralaanuj
 
Resarch paper i cloud computing
Resarch paper i cloud computingResarch paper i cloud computing
Resarch paper i cloud computing
Bharat Gupta
 

Recommended

An study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computingAn study of security issues & challenges in cloud computing
An study of security issues & challenges in cloud computing
ijsrd.com
 
Intelligent Cloud Enablement
Intelligent Cloud EnablementIntelligent Cloud Enablement
Intelligent Cloud Enablement
DocuLynx
 
Ijarcet vol-2-issue-3-884-890
Ijarcet vol-2-issue-3-884-890Ijarcet vol-2-issue-3-884-890
Ijarcet vol-2-issue-3-884-890
Editor IJARCET
 
Cloud computing
Cloud computingCloud computing
Cloud computing
akanksha botke
 
Data Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud Environment
IOSR Journals
 
Yongsan presentation 2
Yongsan presentation 2Yongsan presentation 2
Yongsan presentation 2
GovCloud Network
 
Cloud computing
Cloud computingCloud computing
Cloud computing
saralaanuj
 
Resarch paper i cloud computing
Resarch paper i cloud computingResarch paper i cloud computing
Resarch paper i cloud computing
Bharat Gupta
 
2 25008 domain_ten11.29.12_v2_opt
2 25008 domain_ten11.29.12_v2_opt2 25008 domain_ten11.29.12_v2_opt
2 25008 domain_ten11.29.12_v2_opt
Edda Kang
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platforms
Prabhat gangwar
 
Information Storage and Management
Information Storage and Management Information Storage and Management
Information Storage and Management
AngelineR
 
NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15
Bill Annibell
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Pushpa
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
swamipise14
 
Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114
Gary Dischner
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Dheeraj Negi
 
Cloudcomputing basics
Cloudcomputing basicsCloudcomputing basics
Cloudcomputing basics
Aravindharamanan S
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
IJIR JOURNALS IJIRUSA
 
NARA's FAQ and Bulletin on Cloud Computing
NARA's FAQ and Bulletin on Cloud ComputingNARA's FAQ and Bulletin on Cloud Computing
NARA's FAQ and Bulletin on Cloud Computing
Arian Ravanbakhsh
 
Cloud Enablement - IT Services Model
Cloud Enablement - IT Services Model Cloud Enablement - IT Services Model
Cloud Enablement - IT Services Model
Vishal Sharma
 
Cloud Computing : Top to Bottom
Cloud Computing : Top to BottomCloud Computing : Top to Bottom
Cloud Computing : Top to Bottom
Istiyak Siddiquee
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
IJIR JOURNALS IJIRUSA
 
Understanding the cloud computing stack
Understanding the cloud computing stackUnderstanding the cloud computing stack
Understanding the cloud computing stack
Satish Chavan
 
IJSRED-V1I1P1
IJSRED-V1I1P1IJSRED-V1I1P1
IJSRED-V1I1P1
IJSRED
 
The NIST Definition of Cloud Computing
The NIST Definition of Cloud ComputingThe NIST Definition of Cloud Computing
The NIST Definition of Cloud Computing
Alexis Blandin
 
Cloud Computing basic concept to understand
Cloud Computing basic concept to understandCloud Computing basic concept to understand
Cloud Computing basic concept to understand
RahulBhole12
 
Cloud computing explained
Cloud computing explained Cloud computing explained
Cloud computing explained
Juan Pablo
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02
abhisheknayak29
 
cloudintro-lec018.1.ppt
cloudintro-lec018.1.pptcloudintro-lec018.1.ppt
cloudintro-lec018.1.ppt
gunvinit931
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101
MISA Ontario Cloud SIG
 

More Related Content

What's hot

2 25008 domain_ten11.29.12_v2_opt
2 25008 domain_ten11.29.12_v2_opt2 25008 domain_ten11.29.12_v2_opt
2 25008 domain_ten11.29.12_v2_opt
Edda Kang
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platforms
Prabhat gangwar
 
Information Storage and Management
Information Storage and Management Information Storage and Management
Information Storage and Management
AngelineR
 
NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15
Bill Annibell
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Pushpa
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
swamipise14
 
Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114
Gary Dischner
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Dheeraj Negi
 
Cloudcomputing basics
Cloudcomputing basicsCloudcomputing basics
Cloudcomputing basics
Aravindharamanan S
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
IJIR JOURNALS IJIRUSA
 
NARA's FAQ and Bulletin on Cloud Computing
NARA's FAQ and Bulletin on Cloud ComputingNARA's FAQ and Bulletin on Cloud Computing
NARA's FAQ and Bulletin on Cloud Computing
Arian Ravanbakhsh
 
Cloud Enablement - IT Services Model
Cloud Enablement - IT Services Model Cloud Enablement - IT Services Model
Cloud Enablement - IT Services Model
Vishal Sharma
 
Cloud Computing : Top to Bottom
Cloud Computing : Top to BottomCloud Computing : Top to Bottom
Cloud Computing : Top to Bottom
Istiyak Siddiquee
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
IJIR JOURNALS IJIRUSA
 
Understanding the cloud computing stack
Understanding the cloud computing stackUnderstanding the cloud computing stack
Understanding the cloud computing stack
Satish Chavan
 
IJSRED-V1I1P1
IJSRED-V1I1P1IJSRED-V1I1P1
IJSRED-V1I1P1
IJSRED
 
The NIST Definition of Cloud Computing
The NIST Definition of Cloud ComputingThe NIST Definition of Cloud Computing
The NIST Definition of Cloud Computing
Alexis Blandin
 

What's hot (17)

2 25008 domain_ten11.29.12_v2_opt
2 25008 domain_ten11.29.12_v2_opt2 25008 domain_ten11.29.12_v2_opt
2 25008 domain_ten11.29.12_v2_opt
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platforms
 
Information Storage and Management
Information Storage and Management Information Storage and Management
Information Storage and Management
 
NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloudcomputing basics
Cloudcomputing basicsCloudcomputing basics
Cloudcomputing basics
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
 
NARA's FAQ and Bulletin on Cloud Computing
NARA's FAQ and Bulletin on Cloud ComputingNARA's FAQ and Bulletin on Cloud Computing
NARA's FAQ and Bulletin on Cloud Computing
 
Cloud Enablement - IT Services Model
Cloud Enablement - IT Services Model Cloud Enablement - IT Services Model
Cloud Enablement - IT Services Model
 
Cloud Computing : Top to Bottom
Cloud Computing : Top to BottomCloud Computing : Top to Bottom
Cloud Computing : Top to Bottom
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
 
Understanding the cloud computing stack
Understanding the cloud computing stackUnderstanding the cloud computing stack
Understanding the cloud computing stack
 
IJSRED-V1I1P1
IJSRED-V1I1P1IJSRED-V1I1P1
IJSRED-V1I1P1
 
The NIST Definition of Cloud Computing
The NIST Definition of Cloud ComputingThe NIST Definition of Cloud Computing
The NIST Definition of Cloud Computing
 

Similar to Data governance in the cloud

Cloud Computing basic concept to understand
Cloud Computing basic concept to understandCloud Computing basic concept to understand
Cloud Computing basic concept to understand
RahulBhole12
 
Cloud computing explained
Cloud computing explained Cloud computing explained
Cloud computing explained
Juan Pablo
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02
abhisheknayak29
 
cloudintro-lec018.1.ppt
cloudintro-lec018.1.pptcloudintro-lec018.1.ppt
cloudintro-lec018.1.ppt
gunvinit931
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101
MISA Ontario Cloud SIG
 
Cloud computing & security basics
Cloud computing & security basicsCloud computing & security basics
Cloud computing & security basics
Rahul Gurnani
 
Cloud Computing & DCIM
Cloud Computing & DCIMCloud Computing & DCIM
Cloud Computing & DCIM
GreenField Software Private Limited
 
NIST Model of Cloud Computing by Piyush Bujade.pptx
NIST Model of Cloud Computing by Piyush Bujade.pptxNIST Model of Cloud Computing by Piyush Bujade.pptx
NIST Model of Cloud Computing by Piyush Bujade.pptx
theLegendPiyush
 
Security Authorization: An Approach for Community Cloud Computing Environments
Security Authorization: An Approach for Community Cloud Computing EnvironmentsSecurity Authorization: An Approach for Community Cloud Computing Environments
Security Authorization: An Approach for Community Cloud Computing Environments
Booz Allen Hamilton
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Nazish Mohammed
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Abderrahmane TEKFI
 
Cloud Computing Nist Paul Pajo
Cloud Computing Nist Paul PajoCloud Computing Nist Paul Pajo
Cloud Computing Nist Paul Pajo
Paul Pajo
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
International Journal of Engineering Inventions www.ijeijournal.com
 
Chap 1 introduction to cloud computing
Chap 1 introduction to cloud computingChap 1 introduction to cloud computing
Chap 1 introduction to cloud computing
Raj Sarode
 
Data Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcData Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtc
DataTactics
 
Towards a Federated Cloud Ecosystem
Towards a Federated Cloud EcosystemTowards a Federated Cloud Ecosystem
Towards a Federated Cloud Ecosystem
Clovis Chapman
 
CLOUD COMPUTING.ppt
CLOUD COMPUTING.pptCLOUD COMPUTING.ppt
CLOUD COMPUTING.ppt
Dss
 
Cloudmod4
Cloudmod4Cloudmod4
Cloudmod4
kongara
 
cloudintro-lec01.ppt
cloudintro-lec01.pptcloudintro-lec01.ppt
cloudintro-lec01.ppt
TomMot10
 
cloudintro-lec01.ppt
cloudintro-lec01.pptcloudintro-lec01.ppt
cloudintro-lec01.ppt
NishantAnand39
 

Similar to Data governance in the cloud (20)

Cloud Computing basic concept to understand
Cloud Computing basic concept to understandCloud Computing basic concept to understand
Cloud Computing basic concept to understand
 
Cloud computing explained
Cloud computing explained Cloud computing explained
Cloud computing explained
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02
 
cloudintro-lec018.1.ppt
cloudintro-lec018.1.pptcloudintro-lec018.1.ppt
cloudintro-lec018.1.ppt
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101
 
Cloud computing & security basics
Cloud computing & security basicsCloud computing & security basics
Cloud computing & security basics
 
Cloud Computing & DCIM
Cloud Computing & DCIMCloud Computing & DCIM
Cloud Computing & DCIM
 
NIST Model of Cloud Computing by Piyush Bujade.pptx
NIST Model of Cloud Computing by Piyush Bujade.pptxNIST Model of Cloud Computing by Piyush Bujade.pptx
NIST Model of Cloud Computing by Piyush Bujade.pptx
 
Security Authorization: An Approach for Community Cloud Computing Environments
Security Authorization: An Approach for Community Cloud Computing EnvironmentsSecurity Authorization: An Approach for Community Cloud Computing Environments
Security Authorization: An Approach for Community Cloud Computing Environments
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Computing Nist Paul Pajo
Cloud Computing Nist Paul PajoCloud Computing Nist Paul Pajo
Cloud Computing Nist Paul Pajo
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
 
Chap 1 introduction to cloud computing
Chap 1 introduction to cloud computingChap 1 introduction to cloud computing
Chap 1 introduction to cloud computing
 
Data Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcData Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtc
 
Towards a Federated Cloud Ecosystem
Towards a Federated Cloud EcosystemTowards a Federated Cloud Ecosystem
Towards a Federated Cloud Ecosystem
 
CLOUD COMPUTING.ppt
CLOUD COMPUTING.pptCLOUD COMPUTING.ppt
CLOUD COMPUTING.ppt
 
Cloudmod4
Cloudmod4Cloudmod4
Cloudmod4
 
cloudintro-lec01.ppt
cloudintro-lec01.pptcloudintro-lec01.ppt
cloudintro-lec01.ppt
 
cloudintro-lec01.ppt
cloudintro-lec01.pptcloudintro-lec01.ppt
cloudintro-lec01.ppt
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
Federico Razzoli
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 

Data governance in the cloud

  • 1. Why is data governance needed in the cloud? 4 Reasons: • Security • Compliance • Data Loss • Loss of Control James and K Goodier 2
  • 2. Security First some cloud security definitions • These definitions are extracted from the Cloud Security Alliance guidelines released in April 2009 and supported by NIST. • Cloud computing security guidance fits into a standard development lifecycle Design- Develop Deliver Deploy 3
  • 3. Design- Develop Security Cloud Basics: Architecture • 5 Principal Characteristics – Abstraction of Infrastructure – Resource Democratization – Services Oriented Architecture – Elasticity/Dynamism of Resources – Utility model of Consumption & Allocation 4
  • 4. Design- Develop Security Cloud Basics: Architecture – Abstraction of Infrastructure • The computer, network and storage infrastructure resources are abstracted from the application and information resources as a function of service delivery. • Physical resources on which data is processed, transmitted and stored becomes opaque from the perspective of the application or services’ ability to deliver it • Abstraction is generally provided by means of high levels of virtualization 5
  • 5. Design- Security Develop Cloud Basics: Architecture – Resource Democratization • The abstraction of infrastructure provides resource democratization – The infrastructure, applications, or information are a pool of resources that can be made available and accessible to anyone or anything authorized to use them via standardized methods 6
  • 6. Design- Security Develop Cloud Basics: Architecture – Services Oriented Architecture • The abstraction of infrastructure from application and information yields well-defined and loosely-coupled resource democratization, • The notion of using these components in whole or part, alone or with integration, provides a services oriented architecture where resources may be accessed and utilized in a standard way. • The delivery of service is the focus rather than the management of infrastructure. 7
  • 7. Design- Security Develop Cloud Basics: Architecture – Elasticity/Dynamism of Resources • The on-demand model of Cloud provisioning coupled with high levels of automation, virtualization, and ubiquitous, reliable and high-speed connectivity provides for • The capability to rapidly expand or contract resource allocation to service definition • Requirements using a self-service model that scales to as-needed capacity. • Pooled resources ensure that better utilization and service levels can be achieved. 8
  • 8. Design- Security Develop Cloud Basics: Architecture – Utility model of Consumption & Allocation • The abstracted, democratized, service-oriented and elastic nature of Cloud combined with tight automation, orchestration, provisioning and self-service allows for dynamic allocation of resources based on any number of governing input parameters. • At an atomic level, the consumption of resources can then be used to provide an “all-you-can-eat” but “pay-by-the-bite” metered utility-cost and usage model. • This approach provides cost efficiencies and scale as well as manageable and predictive costs. 9
  • 9. Deliver Security 3 Cloud Service Delivery Models: • Software as a Service • Platform as a Service • Infrastructure as a Service • Note: Lamia Youseff, et. al., adds Hardware as a Service and Communications as a Service to this list in their paper Toward a Unified Ontology of Cloud Computing 10
  • 10. Deliver Security Software as a Service – Lets the consumer use the provider’s applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email). – The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. 11
  • 11. Deliver Security Platform as a Service – Lets the consumer deploy on the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .Net). – The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations. 12
  • 12. Deliver Security Infrastructure as a Service – Lets the consumer rent processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. – The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers). 13
  • 13. Deploy Security 4 Cloud Service Deployment Models – Public – Private – Managed – Hybrid 14
  • 14. Deploy Security Public Cloud Services • Designated service provider and may offer either – a single-tenant (dedicated) or – multi-tenant (shared) operating environment • Physical infrastructure is owned by and managed by the designated service provider and located within the provider’s datacenters (off-premise.) • Consumers of Public Cloud services are “untrusted” – Untrusted consumers are those that may be authorized to consume some/all services but are not logical extensions of the organization 15
  • 15. Deploy Security Private Cloud Services • Private Clouds are provided by an organization or their designated service provider. – single-tenant (dedicated) operating environment • The physical infrastructure may be either on-premise/owned by the organization or off-premise. • The consumers of the service are considered “trusted.” • Trusted consumers of service are those who are considered part of an organization’s legal/contractual umbrella including employees, contractors, & business partners. 16
  • 16. Deploy Security Managed Cloud Services • A type of Public model - Managed Clouds are provided by a designated service provider • The key difference from Public Clouds is in the level of trust offered to users. • Consumers of Managed Clouds may be trusted or untrusted. 17
  • 17. Deploy Security Hybrid Cloud Services – Combination of public and private cloud offerings that allow for transitive information exchange and possibly application compatibility and portability across disparate Cloud service offerings and providers. – May use either standard or proprietary methodologies regardless of ownership or location – Consumers of Hybrid Clouds may be trusted or untrusted 18
  • 18. Security Governance and Risk Considerations for the Public Cloud • A portion of the cost savings obtained by cloud computing services must be invested into the increased scrutiny of the security capabilities of the provider and ongoing detailed audits to ensure requirements are continuously met. • The principals of Cloud Computing that make it very flexible and affordable create a relationship dynamism, which must be mitigated by ongoing risk management. • Providers should have regular third party risk assessments and these should be made available to customers. • Require listings of all third party relationships of the cloud provider. • Understand financial viability of cloud provider. 19
  • 19. Security Governance and Risk Considerations for the Public Cloud • Understand the cloud provider’s key risk and performance indicators and – Ask yourself: How can these indicators be monitored and measured from a customer perspective? • Request complete disclosure on all policies, procedures and processes comprising the cloud provider’s Information Security Management System (ISMS) • Understand that it is the responsibility of the customer to perform extensive due diligence of any cloud provider for use in business functions or for hosting of regulated data , especially personally identifiable information. • Establish contracts that contain a comprehensive listing of the required due diligence that you require of the cloud provider – The contract should be considered as one of many strong governance tools. 20
  • 20. Security Data Security summary • Two big dimensions of security that are different in the cloud: – Control to user access/privilege to your application has been extended to your cloud provider. • You need to know who has access to your application. • If they can't tell you, assume everyone in the company does! – Protection against network and host based attacks. • Does your cloud vendor really understand security? • Have you asked about their corporate security policies? 21
  • 21. Compliance Data Compliance - Negatives • Certain types of data – Privacy data (FISA compliance) – Financial data (SOX compliance) – Healthcare data (HIPPA compliance) • Cause compliance/regulatory issues – Can you allow this data to go into a public cloud? – How do you prevent compliance failure? 22
  • 22. Compliance Data Compliance - Positives • Private Clouds can assist with data compliance – Consider running a prototype and – Ride the wave of cloud popularity to gain more control within your organization 23
  • 23. Data Loss Data Loss • Can In-the-Cloud applications and services overlook these risk? • When something happens, does your cloud service have to go offline until recovery? • If you are a cloud vendor, do you have backup/recovery policies in place? – Have these been audited by an external 3rd party? 24
  • 24. Loss of Control Loss of Data Control • Richard Stallman, founder of GNU, claims that the use of cloud computing services and applications is "worse than stupid" because it locks users into proprietary systems. • He particularly cautions against big players like Google, Microsoft and Amazon. – In my opinion, his comments have a conspiracy theory flavor but the issue of control and privacy is something to consider. What’s the worse that could happen in the cloud without data governance? 25
  • 25. The Worst that could happen 26
  • 26. Loss of Control Cloud Losers: Unlucky Seals of 2009 and 2008 27
  • 27. Loss of Control Cloud Computing Incidents Database (CCID) • “The CCID records and monitors verifiable, noteworthy events that impact cloud computing providers, such as outages, security issues and breaches, both as they are happening and on an ongoing historical basis.” – http://wiki.cloudcommunity.org/wiki/CloudComputing:Incidents_Database • The CCID is offered to all under a Creative Commons (CC-BY- SA 3.0) license. 28
  • 28. Loss of Control 2009 incidents "From about 6:30 AM PST until 7:25 AM PST, most searches for any site in Google's database returned the message "This site may harm your computer." If a user attempted to click through to the result, a subsequent page referred users to StopBadware.org, causing that site to crash from the millions of visitors trying to access the site." 29
  • 29. Loss of Control A lesson from ma.gnolia • ma.gnolia was a cloud computing based bookmark service provider. Corrupted data caused a catastrophic site crash on January 30, 2009. ma.gnolia’s backup methods did not include a known good backup. Three key lessons can be learned from this crash: – Disaster recovery planning, implementation and testing is more important in the cloud than ever before. – Implement competing backup solutions so that you have backup to your backup. – Implement the daily/hourly workhorse backup. Make sure the backup and the restore process is fully defined, and run tests to prove it. Do these tests routinely . 30
  • 30. Loss of Control 2008 incidents 31
  • 31. Loss of Control 2008 incidents Datastore writes experienced All elevated latencies and Performance error-rates. 9/15/2008 App Engine Google Low Outage Degradation No Malicious service provider could All SSO users impersonate a Yes user at other service 9/2/2008 Google Apps Google High Security User Impersonation [11] providers. Full extended All 8/26/2008 FlexiScale FlexiScale Critical Outage Disaster Recovery No outage Users unable to use webmail due to issues Many with loading contacts between 14:00 Change and 16:00 PT 8/12/2008 Gmail Google High Outage Management No 32
  • 32. Loss of Control 2008 incidents Data claimed to 20,000 be safe but Nirvanix inaccessible 8/8/2008 The Linkup MediaMax Critical Data Loss Closure No Full outage for 8 All (weekend) hours 7/20/2008 Amazon S3 AWS Critical Outage Design Fault No Scheduled outage window All exceeded during upgrade to MobileMe 7/10/2008 MobileMe Apple Moderate Outage Migration No Full outage (except mail) All during upgrade to MobileMe 18:00-00:00 7/9/2008 .Mac Apple Info Outage Scheduled Outage No 33
  • 33. Loss of Control 2008 incidents Result of a customer Small subset creating a large of instances number of firewall rules Degraded and instances. 4/28/2008 EC2 Amazon Low Outage Performance No Early morning outage (04:31- 06:48 PST) All caused by authentication Authentication service overload 2/15/2008 Amazon S3 AWS Low Outage Failures No 34
  • 34. Demo - Governed data in the cloud It’s beautiful ! 35
  • 35. Some Private AND Public Clouds • MAX - http://www.omb.gov (Private SaaS) • OOR – (Public IaaS) – http://ontolog.cim3.net/cgibin/wiki.pl?OpenOntologyRepository – http://oor-01.cim3.net • Teragrid - http://www.teragrid.org/ (Hybrid PasS) 36
  • 36. Summary • 4 Reasons Data Governance is important to cloud computing (Security, Compliance, Data Loss, Loss of Control) • 5 Principal Characteristics of the Cloud Architecture (Abstraction of Infrastructure, Resource Democratization, Services Oriented Architecture, Elasticity/Dynamism of Resources, Utility model of Consumption & Allocation ) • 3 Cloud Service Delivery Models (Software as a Service-SaaS, Platform as a Service-PaaS, Infrastructure as a Service-IaaS) • 4 Cloud Service Deployment Models (Public, Private, Managed, Hybrid) 37
  • 37. References • The authors of this presentation wish to thank the following authors and organizations for their work in the field of Cloud Computing: – National Institute of Standards and Technology (NIST) – Lamia Youseff, Univ. of California, Santa Barbara – United States Department of Defense – The Cloud Security Alliance – The Cloud computing org (CCID) – Unisys Corporation – L-3 Communications – Morgan Franklin Corporation 38