understanding cloud computing n.
Skip this Video
Loading SlideShow in 5 Seconds..
Understanding Cloud Computing PowerPoint Presentation
Download Presentation
Understanding Cloud Computing

Understanding Cloud Computing

299 Views Download Presentation
Download Presentation

Understanding Cloud Computing

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Understanding Cloud Computing 26th Nov 2011 - Saturday

  2. What Is Cloud Computing? • What Comprises Cloud Computing? • Essential Characteristics of Cloud Computing • Cloud Service Models • Cloud Deployment Models • Evaluating initial cloud risks • Security Benefits • Security Risks Agenda

  3. ? What Is Cloud Computing?

  4. There are many definitions today which attempt to address cloud from the perspective of academicians, architects, engineers, developers, managers, Providers, and consumers. What Is Cloud Computing? Definition?

  5. ? What Comprises Cloud Computing?

  6. Essential Characteristics of Cloud Computing • Cloud Service Models • Cloud Deployment Models What Comprises Cloud Computing?

  7. ? Essential Characteristics of Cloud Computing

  8. On-demand self-service. • Broad network access • Resource pooling • Rapid elasticity • Measured service. • Utility-like model – Pay as you go Essential Characteristics of Cloud Computing

  9. ? Other Characteristics Required in Cloud Computing

  10. Multi-Tenancy • High Availability / Site Resilience Other Characteristics Required in Cloud Computing

  11. ? Cloud Service Models

  12. Software as a Service (SaaS). • Platform as a Service (PaaS). • Infrastructure as a Service (IaaS). Cloud Service Models

  13. ? SAAS, PAAS & IAAS

  14. ? Cloud Deployment Models

  15. Public Cloud. • Private Cloud. • Community Cloud. • Hybrid Cloud. Cloud Deployment Models

  16. Cloud Deployment Models - Summary

  17. Cloud Deployment Models - Summary

  18. Identify the asset for the cloud deployment • Evaluate the asset • Map the asset to potential cloud deployment models • Evaluate potential cloud service models and providers • Sketch the potential data flow • Conclusions Evaluating initial cloud risks

  19. How would we be harmed if the asset became widely public and widely distributed? • How would we be harmed if an employee of our cloud provider accessed the asset? • How would we be harmed if the process or function were manipulated by an outsider? • How would we be harmed if the process or function failed to provide expected results? • How would we be harmed if the information/data were unexpectedly changed? • How would we be harmed if the asset were unavailable for a period of time? Evaluate the asset

  20. You should now understand the importance of what you are considering moving to the cloud, your risk tolerance (at least at a high level), and which combinations of deployment and service models are acceptable. You’ll also have a rough idea of potential exposure points for sensitive information and operations. Evaluating initial cloud risks - Conclusions

  21. Policy and Organizational Risks • Technical Risks • Legal Risks • Risks not specific to the cloud Security Risks

  22. Lock-in • Loss of governance • Compliance Challenges • Loss of business reputation due to co-tenant activities • Cloud service termination or failure • Cloud Provider acquisition • Supply chain Failure Policy and Organizational Risks

  23. Resource Exhaustion • Isolation Failure • Cloud Provider malicious insider • Management Interface Compromise • Intercepting data in transit • Data Leakage on up/download, intra-cloud • Insecure or ineffective deletion of data • Distributed Denial of service / Economic Denial of service • Loss of Encryption keys • Undertaking Malicious probes or scans • Compromise Service Engine • Conflicts between customer hardening procedure and cloud environment Technical Risks

  24. Subpoena and e-discovery • Risk from changes of jurisdiction • Data Protection risks • Licensing risks Legal Risks

  25. Network Breaks • Network Congestion / Mis-connection / non-optimal use • Modifying network traffic • Privilege escalation • Social engineering attacks (i.e., impersonation) • Loss or compromise of operational/Security logs • Backup lost / Stolen • Unauthorized access to premises • Theft of computer equipment • Natural Disasters Risks not specific to the cloud

  26. Security and the benefits of scale • Security as a market differentiator • Standardized Interface for managed security services • Rapid, smart scaling of resources • Audit and evidence gathering • More timely and effective and efficient updates and defaults • Audit and SLA force better risk management • Benefits of resource concentration Security Benefits

  27. Understanding Microsoft Virtualization Solutions; from the Desktop to the Datacenter– Second Edition Cloud Computing: Benefits, Risks and recommendations for information security (ENISA – European Network and Information Security Agency) Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 (CSA - Cloud Security Alliance) Credits (Resources Referred)

  28. Cloud describes the use of a collection of services, applications, information, and infrastructure comprised of pools of compute, network, information, and storage resources. These components can be rapidly orchestrated, provisioned, implemented and decommissioned, and scaled up or down; providing for an on-demand utility-like model of allocation and consumption. What Is Cloud Computing?

  29. Cloud Computing is a New way of delivering Computing resources, not a new technology. What Is Cloud Computing?

  30. Thank You.. Shabbir Ahmed CCIE#21327, MVP, MCT, CEH, CCSA, ISO 27001 LA, ITIL.