1 / 28

Security & Privacy Issues in

Cloud Computing. Security & Privacy Issues in. The Hype.

leora
Download Presentation

Security & Privacy Issues in

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Computing Security & Privacy Issues in

  2. The Hype “The interesting thing about cloud computing is that we’ve redefined cloud computing to include everything that we already do. I can’t think of anything that isn’t cloud computing with all of these announcements. The computer industry is the only industry that is more fashion-driven than women’s fashion. Maybe I’m an idiot, but I have no idea what anyone is talking about. What is it? It’s complete gibberish. It’s insane. When is this idiocy going to stop?” Larry Ellison, CEO, Oracle (WSJ 9/25/08)

  3. The Rant • Click here for YouTube video…

  4. Closer to Earth • Let’spresumethat Cloud Computingis real. • Whatisit? • Let’stry to cutthrough the hyperbole and define Cloud Computing and seewhatit has to offerconsumers and organizations.

  5. Example: Microsoft

  6. Sortingthings out… Utility or Infrastructure Platform Software

  7. Infrastructure as a Service • Amazon sellscomputing power in a waysimilar to how wegetelectricityfrom the power company. • Uses a pay-as-you-go model for offering VM instances, computing power and storageon demand.

  8. Platform as a Service • One stepabove the utility, youfind the PaaS providers, like Google AppEngine, Salesforce’ force.com, and the recentlyannounced Microsoft Azure platform. • Hereyoudevelopapps and leverage a commondevelopmentframework and platform for delivery.

  9. Software as a Service • Software as a Service (SaaS) iswhatmost people are familiarwith. This iswheremany of the common Web 2.0 applications are, like: Flickr, Gmail, Google Apps, Facebook, Twitter.... • There are alsoenterprise applications, such as SAP, Oracle, Microsoft and othersattempting to gain marketsharehere.

  10. Terminology • Let’s face it, the use of all theseacronymscangetconfusing! • SOA and SaaSoftengetconfused. • The utility and platform services are oftencallednothing more than the evolution of third-party hosting services thatcompanies have used for years. • There are good reasonstheseassumptions are incorrect.

  11. SOA isdead…? “SOA met its demise on January 1, 2009, when it was wiped out by the catastrophic impact of the economic recession. SOA is survived by its offspring: mashups, BPM, SaaS, Cloud Computing, and all other architectural approaches that depend on “services.” Manes’ real point, to quote her is that “we should not be talking about an architectural concept that has no universally accepted definition and an indefensible value proposition. Instead we should be talking about concrete things (like services) and concrete architectural practices (like application portfolio management) that deliver real value to the business.” Anne Thomas Manes, Burton Group

  12. Consumers • Cloud Computingis a new namefor thingsconsumers are alreadydoing. • Consumers are tired of beingIT techs. • Consumerswant to DO things online, and have the Internet cloudbe assimple asCable TV. I don’t care what’s up there, as long as it WORKS!

  13. The Business Case • CostSavingsfromeconomies of scale • Scalability • Elasticity • Reliability • (and in some cases, theyenjoy a transfer of liability by outsourcing services)

  14. 2007 Source: www.cio.com/article/print/109706

  15. Source: www.cio.com/article/print/109706

  16. Wheredoesitmakesense? • Start-ups • Appsthat are not processingkey data • Appsthatbenefitgreatlyfromeconomies of scale, and thatrequirehighavailability and DRP • Appsthatneedperiodic, hugecapacity or CPU processing

  17. Wheredoesitnotmakesense? • Key appsthat are earningyourbread and butter • Appsthattouchpersonal data or processhigh-value/consumer transactions shouldbeconsideredcarefully • Most cloudcomputingworkswell for highlyparalell, but not serial apps

  18. On-site vs. Off-site • PaaScanbehostedatyour data center, outsourced, or hosted in a hybridenvironmentlikethisexample. Source: cohesiveft.com/vpncubed

  19. Concern in the Cloud • Security • Control • Performance • Support • VendorLock-In • Speed of Scaling • Configurability

  20. Security Concerns • CIA + Privacy • Can youextendyourpolicies to the cloud? • Regulatorycompliance • Managing data on sharedsystems • Forensics • Auditing • Segregation of data • Portability & Interoperability • Reliability & Manageability

  21. In The News • Monster.com Breach May PrefaceTargetedAttacks • Salesforce.com AdmitsData Loss • Millions of GmailUsersLeft in theLurch • Gmailis down,down, down

  22. More… • United Airlines Flight Operations Computer System Failure • San Francisco Power GridFailure • PayPalSubscriptionProcessingFails • Skype Down for Days • LAX TSA Screening System Failure • What if Google were to disappear for a few days? Or, Facebook? Yahoo?

  23. Compliance in the Cloud • Let me justlistsomecommon U.S. regulations and speak to them: • PCI • SOX • HIPAA • GLB • CaliforniaBreach Law (SB1386)

  24. Future Trends • The Web as a Participatory Worldwide Communications Media (Wikipedia, Facebook, YouTube…) • The Need to Use Less Energy • Innovation Imperative • Quest for Simplicity • Structure Out of Chaos Source: www.cio.com/article/438371/Cloud_Computing_Hype_Versus_Reality

  25. Grinch in the Cloud • The Grinch: It came without segregation. It came without recovery goals. It came without adequate physical, logical, or personnel access controls. It could have been high, it could have been low, I just have no clue where the data may flow! • Narrator: Then the Grinch thought of something he hadn't before. • The Grinch: Maybe the perfect solution doesn't come from a store. Maybe solving businessproblems securely... • Narrator: He thought • The Grinch: ...means a little bit more.

  26. UsefulResources • World Privacy Forum, www.worldprivacyforum.org • Security Monks Blog, http://blog.securitymonks.com/2009/01/25/recent-cloud-postings/ • Rational Survivability Blog, http://rationalsecurity.typepad.com/

More Related