Understanding Cloud Computing 26th Nov 2011 - Saturday
What Is Cloud Computing? • What Comprises Cloud Computing? • Essential Characteristics of Cloud Computing • Cloud Service Models • Cloud Deployment Models • Evaluating initial cloud risks • Security Benefits • Security Risks Agenda
? What Is Cloud Computing?
There are many definitions today which attempt to address cloud from the perspective of academicians, architects, engineers, developers, managers, Providers, and consumers. What Is Cloud Computing? Definition?
? What Comprises Cloud Computing?
Essential Characteristics of Cloud Computing • Cloud Service Models • Cloud Deployment Models What Comprises Cloud Computing?
? Essential Characteristics of Cloud Computing
On-demand self-service. • Broad network access • Resource pooling • Rapid elasticity • Measured service. • Utility-like model – Pay as you go Essential Characteristics of Cloud Computing
? Other Characteristics Required in Cloud Computing
Multi-Tenancy • High Availability / Site Resilience Other Characteristics Required in Cloud Computing
? Cloud Service Models
Software as a Service (SaaS). • Platform as a Service (PaaS). • Infrastructure as a Service (IaaS). Cloud Service Models
? SAAS, PAAS & IAAS
? Cloud Deployment Models
Public Cloud. • Private Cloud. • Community Cloud. • Hybrid Cloud. Cloud Deployment Models
Identify the asset for the cloud deployment • Evaluate the asset • Map the asset to potential cloud deployment models • Evaluate potential cloud service models and providers • Sketch the potential data flow • Conclusions Evaluating initial cloud risks
How would we be harmed if the asset became widely public and widely distributed? • How would we be harmed if an employee of our cloud provider accessed the asset? • How would we be harmed if the process or function were manipulated by an outsider? • How would we be harmed if the process or function failed to provide expected results? • How would we be harmed if the information/data were unexpectedly changed? • How would we be harmed if the asset were unavailable for a period of time? Evaluate the asset
You should now understand the importance of what you are considering moving to the cloud, your risk tolerance (at least at a high level), and which combinations of deployment and service models are acceptable. You’ll also have a rough idea of potential exposure points for sensitive information and operations. Evaluating initial cloud risks - Conclusions
Policy and Organizational Risks • Technical Risks • Legal Risks • Risks not specific to the cloud Security Risks
Lock-in • Loss of governance • Compliance Challenges • Loss of business reputation due to co-tenant activities • Cloud service termination or failure • Cloud Provider acquisition • Supply chain Failure Policy and Organizational Risks
Resource Exhaustion • Isolation Failure • Cloud Provider malicious insider • Management Interface Compromise • Intercepting data in transit • Data Leakage on up/download, intra-cloud • Insecure or ineffective deletion of data • Distributed Denial of service / Economic Denial of service • Loss of Encryption keys • Undertaking Malicious probes or scans • Compromise Service Engine • Conflicts between customer hardening procedure and cloud environment Technical Risks
Subpoena and e-discovery • Risk from changes of jurisdiction • Data Protection risks • Licensing risks Legal Risks
Network Breaks • Network Congestion / Mis-connection / non-optimal use • Modifying network traffic • Privilege escalation • Social engineering attacks (i.e., impersonation) • Loss or compromise of operational/Security logs • Backup lost / Stolen • Unauthorized access to premises • Theft of computer equipment • Natural Disasters Risks not specific to the cloud
Security and the benefits of scale • Security as a market differentiator • Standardized Interface for managed security services • Rapid, smart scaling of resources • Audit and evidence gathering • More timely and effective and efficient updates and defaults • Audit and SLA force better risk management • Benefits of resource concentration Security Benefits
Understanding Microsoft Virtualization Solutions; from the Desktop to the Datacenter– Second Edition Cloud Computing: Benefits, Risks and recommendations for information security (ENISA – European Network and Information Security Agency) Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 (CSA - Cloud Security Alliance) Credits (Resources Referred)
Cloud describes the use of a collection of services, applications, information, and infrastructure comprised of pools of compute, network, information, and storage resources. These components can be rapidly orchestrated, provisioned, implemented and decommissioned, and scaled up or down; providing for an on-demand utility-like model of allocation and consumption. What Is Cloud Computing?
Cloud Computing is a New way of delivering Computing resources, not a new technology. What Is Cloud Computing?
Thank You.. Shabbir Ahmed CCIE#21327, MVP, MCT, CEH, CCSA, ISO 27001 LA, ITIL. Shabbir550@gmail.com