Basics of Cloud Computing IBM

8/6/2019 Basics of Cloud Computing IBM

1/40

June 27, 2011

The Basics of Cloud Computing: FromGetting Started to Security- Get All YourBases Covered


2/40

Interactivity Tips

1. Ask A Question

2. Download a PDF copy of todays presentation

3. Group Chat

4. Social Networking Tools


3/40

Todays Agenda

Moderator: Elliot Markowitz - Vice President ofStrategic Content Development - Ziff Davis Enterprise

Guy Currier - Executive Director, Research - Ziff Davis

Enterprise

Joe Leonard - Security Practice Manager Presidio

Ric Telford - Vice President - IBM Cloud Services


4/40

Cloud Computing and ItsImplications: Infrastructure,

Operations, and Security

Guy Currier, Senior Editor / Research

[email protected]


5/40

Cloud computing

doesnt create atechnologyvacuum.


6/40

Cloud Computing: Why Were HereToday

The buzz around the cloud is quickly moving tosystem management and integration. Fornewly adopted cloud environments, how do you:

allocate resources?

provide security?

integrate existing operations?

integrate proliferating new apps, services, andfeatures?


7/40

Dissociation of the two halves of computing:1.the user interface

2.the data and its processing

Versatility:

low cost and high speed of entry and exit

particlization

broad range of customization

Integration: the key to the whole endeavor

Cloud Computing as a TemplateNot a Technology


8/40


9/40

Storage Cloud Computing Cloud

Have been lumped together as infrastructure asa service, or IaaS

But theyre fundamentally distinct

Storage: where to find the information

Computing: what to do with it

So there are different offerings for eachyoucan use different vendors or solutions for each

(More confusion: IaaS also stands for integrationas a service, which is actually PaaS )


10/40

Key Findings from Our CloudResearch

The attraction of cloud computing isnt cost-savings on equipmentits about versatility

Concerns about cloud computing deploymentshinge upon the loss of control adopters face

Infrastructure needs remain, and managementand integration needs grow Modern server, storage, client plant; robust network

Application infrastructure

Integration platforms and services RISK-MANAGEMENT (security, continuity/back-

up, compliance)


11/40

Both Public and Private CloudsProvide Flexibility, Speed

0% 5% 10% 15% 20% 25% 30%

Increased flexibility/versatility

Lower fixed costs for whole organization

Increased scalability

Reduced demand on IT staff

Reduced maintenance/migration costsReduced demand on hardware

Increased data security

Increased user productivity

Happier users

More user access to IT resources

Centralization of org.s fixed costs

Easier compliance

Top Benefits Expected, Next 2 Years

Public

Private

Source: Cloud-Computing Study, Baseline, May 2011 (N=320, 329)


12/40

Both Public and Private CloudsProvide Flexibility, Speed

0% 5% 10% 15% 20% 25% 30%

Increased flexibility/versatility

Lower fixed costs for whole organization

Increased scalability

Reduced demand on IT staff

Reduced maintenance/migration costsReduced demand on hardware

Increased data security

Increased user productivity

Happier users

More user access to IT resources

Centralization of org.s fixed costs

Easier compliance

Top Benefits Expected, Next 2 Years

Public

Private



13/40

The Kinds of Flexibility and SpeedYou Get with Cloud Computing

Elasticity(scalability up or

down)

Ease ofentry

and exit

Control point:where the cloud

begins

Scopeof

service


14/40

Kind of Cloud Service, Defined byIts Scope


15/40

The Cloud Computing TemplateHolds the Seeds of Its Own

Destruction

Elasticity (scalability up or down)

Ease of entry and exit

Control point: where the cloud begins

Scope of service

aspect of a cloud solution security verdict


16/40

The Consequences of Elasticity andEase of Entry

0% 5% 10% 15% 20% 25% 30%

Preventing unauthorized data access

Risk of occasional data unavailability

Preventing data loss

Service costs that are rising, or may rise

Uncertainty about cloud vendors future

Handling risk of slow applications

Possibility of offshore data storage

Less ability to customize

Makes compliance more difficult

Legal risk of losing document versions

Risk of higher migration costs

Top Challenges, Next Two Years

Public

Private


S

S

S

S


17/40

The Consequences of Flexibility inControl Point and in Scope of

Service

Not sowidely

recognized.


18/40

Information Hardware Software Interface User


Service


19/40


Service

Risks

Uncertainty in dataaccess points

Greater variation insystem transparency,depending on solutionneeded

Opportunities

Better balance of securityand application

investment Ability to pick the cloud

scheme that fits withcurrent capabilities


20/40


Service

Risks

More complexapplications and systems

Many more entry points Function

Portal

Device

Really, much much morecomplex systems!

Opportunity

Ability to target securitymeasures granularly

even by feature


21/40

Connecting the Dots

Cloud computing provides organizations withgreater versatility in building out capabilities

But it also presents key challenges:

Data loss or security breach (even for private clouds)

Lost productivity or other costs related tounavailability, slower performance, poor integration

Maintenance and management costs from holding itall together

Organizations still must seek, and can get,the control and performance theyre used

tothey just havent demanded it yet.


22/40

Paired for

Presidio Networked SolutionsBreaches are becoming complex and targeted

What do we do?

Joe Leonard, CISA, CISM, CRISC, CISSP, CCSK, CCSP, CEH

Secure Networks Practice Manager

June 27, 2011


23/40

Agenda

Security in the News

Security Consulting Portfolio

Presidio Typical Assessment Findings Recommendations to protect your

organization

SANS Consensus Audit Guidelines

23


24/40

Security in the News

RSA SecureID breach Daily news articles Cost of breach TBD

Sony Network 77M records compromised Network down 1 week

Minimum damage estimate $170MLockheed Martin Cyber incident

Replaced 90,000 SecureID Tokens

InternationalMonetaryFund

Economic Espionage Theft of large quantities of data Spear fishing attack (digital insider) Not detected for months

Citigroup 360,000 accounts compromised

SonyUS SenateCIA

Hacktivists Multiple attacks Sites inaccessible (DoS)

Organization Details MAR APR MAY JUN

http://www.privacyrights.org/data-breach 24


25/40

Security Consulting Portfolio

25

Portfolio BenefitsSecurity Strategy Design and implement information security

program to protect data.

Security Assessments VulnerabilityRiskNetworkVirtualizationCloud

Security Integration Implement industry leading security controlsAssessments are snapshots in time


26/40

Presidio Typical Assessment Findings

Poor patch management Anti-virus software out-of-date

Security controls not tested

SNMP weaknesses

Password management

No logging and alerting

Hardware vulnerable

Reconnaissance (map network)

Network available to intruders

Poor change control Applications vulnerable to attack

No security awareness training

26


27/40

Recommendations

Security Strategy - Senior management develop,implement, and enforce a comprehensive informationsecurity program that defines security policies, standardsand procedures that are part of culture.

Education & Training - Educate users on securitypolicies and threats to the organization.

Continuous Monitoring - Test systems regularly andperform remediation. (Quarterly and Annual vulnerability

assessments use to be recommended, however it is nowrecommended to perform daily monitoring.)

Controls - Deploy strong perimeter controls FW, IPS,Web/Email and Web Application Firewalls.

27


28/40

Recommendations (cont.)

Segmentation - Segment sensitive data and systemsfrom the general network.

Configuration Management - Develop, implement, andenforce configuration management policies and

procedures for all systems.

Authentication - Utilize strong authentication for alladministrative and remote access connections.

Least Privilege - Control user access based on least

privilege and need to know.

Endpoint security controls Deploy AV/AS/MDM/HIPS

Incident Response Plan - Develop and test incidentresponse plan.

28

SANS C A di G id li (CAG)


29/40

SANS Consensus Audit Guidelines (CAG)20 Critical Security Controls

1. Inventory of authorized and unauthorized

devices2. Inventory of authorized and unauthorized

software

3. Secure configurations for hardware andsoftware for laptops, workstations andservers

4. Secure configurations for networkdevices such as firewalls, routers andswitches

5. Boundary defense

6. Maintenance, monitoring and analysisof audit logs

7. Application software security

8. Controlled use of administrationprivileges

9. Controlled access based or need to know

10. Continuous vulnerability assessmentand remediation

11. Access monitoring and control

12. Malware defenses13. Limitation and control of network ports,

protocols and services

14. Wireless device control

15. Data Loss Prevention (DLP)

29

Can be automated

Cannot be automated

http://www.sans.org/critical-security-controls/

16. Secure networking engineering17. Penetration tests and red team exercises.

18. Incident response capability

19. Data recovery capability

20. Security skills assessment andappropriate training to fill gaps


30/40

Thank you for joining us today!

Presidio Networked Solutions

7601 Ora Glen [email protected]

Voice: (301) 313.2058

Mobile (301) 704.5037

30


31/40

2011 IBM Corporation

Basics of Cloud Computing

Ric TelfordJune 27, 2011


32/40

2011 IBM Corporation32

CIO visionary plans are evolving: business intelligence andanalytics remain at the top, with cloud computing moving into the

top four

Source: 2011 CIO Study, Q12: Which visionary plans do you have to increase competitiveness over the next 3 to 5 years? (n=3,018)

IBM Institute for Business Value

2009 2011

Business Intelligence and analytics83%

83%

Mobility solutions 74%

68%

Virtualization 68%75%

Cloud computing 60%33%

Business process management 60%64%

Risk management and compliance 58%71%

Self-service portals57%

66%

Collaboration and Social Networking55%

54%

Most important visionary plan elements(Interviewed CIOs could select as many as they wanted)


33/40


Appl Appl

Cloud Computing should be part of overall IT Strategy

Consolidate hardwareinfrastructure

Eliminate redundantsoftware and data

Improve service

delivery

Optimize the overall IT environment

Compress Deduplicate Integrate Archive

Appl Appl Appl Appl SOA

Cloud Computing

Integrated Service Management

Visibility AutomationControl

Modernize theenterprise

IT Systems

ManualTasks

Automated Process

Information

33


34/40


Readyfor Cloud

Evaluate the IT services you provide for Cloud readiness

SensitiveData

ComplexProcesses &Transactions

Regulation

Sensitive

Not yetVirtualized

3rd Party SW

HighlyCustomized

Analytics

Collaboration

Development& Test

Workplace, Desktop& Devices

InfrastructureStorage

Infrastructure

Compute

BusinessProcesses

IndustryApplications

Pre-ProductionSystems

InformationIntensive

IsolatedWorkloads

MatureWorkloads

BatchProcessing

Maynot yet

be readyfor migration


35/40


Decide which of the Cloud deployment options is right for each ITservice

EnterpriseData Center

PrivateCloud

ManagedPrivate Cloud

HostedPrivate Cloud

SharedCloud Services

PublicCloud Services

EnterpriseData Center

Third-partyoperated

Enterprise

Third-partyhosted andoperated

Enterprises Users

Free Register Credit Card Click to contract

HybridInternal and external service deliverymethods are integrated

Private Public

IT capabilities are provided as aservice, over an intranet, within theenterprise and behind the firewall

IT activities / functions areprovided as a service, overthe Internet


36/40


Have an architecture for your private cloud

Define the

services you willdeliver

Define the

components of acommon deliveryplatform

Common Cloud Management Platform

Virtualized Infrastructure Server, Storage, Network, Facilities

CloudServices

Software-as-a-Service

Platform-as-as-Service

Infrastructure-as-a-Service

Business-Process-as-a-Service

Metering, Analytics & Reporting

Configuration Mgmt

Offering Mgmt

Order Mgmt

Accounting & Billing

Customer Mgmt

Entitlements

Contract Mgmt SLAReporting

Pricing & Rating

Peering & Settlement

Subscriber Mgmt

Service OfferingCatalog

Invoicing

Service Automation Management

Virtualization Mgmt

Provisioning

Monitoring &Event Mgmt

IT Asset & License Mgmt

Service Request Mgmt

IT Service Level Mgmt

Image Lifecycle Mgmt

Capacity &Performance Mgmt

Incident, Problem &Change Management

BSSBusinessSupportSystem

API

ServiceDeliveryPortal

OSSOperationalSupportSystem

Service Delivery Catalog

Service Templates


37/40


Have a roadmap for evolving your private cloud services

Integrated Middleware Platform& Image ManagementIndividualDeployment

Middleware

Application

Hardware

Today Tomorrow

Operating System

Shared Hardware

Shared Hardware & VirtualizedApplications

MW

App

OS

MW

App

OS

MW

App

OS

Benefits Increased utilization of infrastructure Location independent deployment

BenefitsStandardized middleware Increased utilization of software Improved deployment speedSimplified applications

management

Shared Infrastructure

Integrated Middleware Platform

App App App App

Image

Management

Challenges

Low hardwareutilization

Heavilycustomizedinfrastructure

Challenges

Building images Image proliferationGovernance of changesCreation of composite applicationsConnectivity to legacy and off

premises applications

Yesterday


38/40



39/40

Thank You,

QUESTIONS?


40/40

Attendee Services

Download a copy of todays presentation

Provide your feedback! Please complete our

survey.

A recorded version of this seminar will be

available at www.eSeminarsLive.com

View a calendar of our Upcoming Events

Documents

Basics of Cloud Computing IBM