Understanding Cloud Computing. 26th Nov 2011 - Saturday. What Is Cloud Computing? What Comprises Cloud Computing? Essential Characteristics of Cloud Computing Cloud Service Models Cloud Deployment Models Evaluating initial cloud risks Security Benefits Security Risks. Agenda. ?. - PowerPoint PPT Presentation
Analyzing TCP/IP Networks with Microsoft Network Monitor 3.4
& Wireshark.
Understanding Cloud Computing
26th Nov 2011 - Saturday
Agenda
What Is Cloud Computing?
What Comprises Cloud Computing?
Essential Characteristics of Cloud Computing
Cloud Service Models
Cloud Deployment Models
Evaluating initial cloud risks
Security Benefits
Security Risks
What Is Cloud Computing?
?
What Is Cloud Computing? Definition?
There are many definitions today which attempt to address cloud
from the perspective ofacademicians, architects, engineers,
developers, managers, Providers, and consumers.
What Comprises Cloud Computing?
?
What Comprises Cloud Computing?
Essential Characteristics of Cloud Computing
Cloud Service Models
Cloud Deployment Models
Essential Characteristics of Cloud Computing
?
Essential Characteristics of Cloud Computing
On-demand self-service.
Broad network access
Resource pooling
Rapid elasticity
Measured service.
Utility-like model Pay as you go
Other Characteristics Required in Cloud Computing
?
Other Characteristics Required in Cloud Computing
Multi-Tenancy
High Availability / Site Resilience
Cloud Service Models
?
Cloud Service Models
Software as a Service (SaaS).
Platform as a Service (PaaS).
Infrastructure as a Service (IaaS).
SAAS, PAAS & IAAS
?
Cloud Deployment Models
?
Cloud Deployment Models
Public Cloud.
Private Cloud.
Community Cloud.
Hybrid Cloud.
Cloud Deployment Models - Summary
Cloud Deployment Models - Summary
Evaluating initial cloud risks
Identify the asset for the cloud deployment
Evaluate the asset
Map the asset to potential cloud deployment models
Evaluate potential cloud service models and providers
Sketch the potential data flow
Conclusions
Evaluate the asset
How would we be harmed if the asset became widely public and
widely distributed?
How would we be harmed if an employee of our cloud provider
accessed the asset?
How would we be harmed if the process or function were
manipulated by an outsider?
How would we be harmed if the process or function failed to
provide expected results?
How would we be harmed if the information/data were unexpectedly
changed?
How would we be harmed if the asset were unavailable for a
period of time?
Evaluating initial cloud risks - Conclusions
You should now understand the importance of what you are
considering moving to the cloud, your risk tolerance (at least at a
high level), and which combinations of deployment and service
models are acceptable. Youll also have a rough idea of potential
exposure points for sensitive information and operations.
Security Risks
Policy and Organizational Risks
Technical Risks
Legal Risks
Risks not specific to the cloud
Policy and Organizational Risks
Lock-in
Loss of governance
Compliance Challenges
Loss of business reputation due to co-tenant activities
Cloud service termination or failure
Cloud Provider acquisition
Supply chain Failure
Technical Risks
Resource ExhaustionIsolation FailureCloud Provider malicious
insiderManagement Interface CompromiseIntercepting data in
transitData Leakage on up/download, intra-cloudInsecure or
ineffective deletion of dataDistributed Denial of service /
Economic Denial of serviceLoss of Encryption keysUndertaking
Malicious probes or scansCompromise Service EngineConflicts between
customer hardening procedure and cloud environment
Legal Risks
Subpoena and e-discovery
Risk from changes of jurisdiction
Data Protection risks
Licensing risks
Risks not specific to the cloud
Network BreaksNetwork Congestion / Mis-connection / non-optimal
useModifying network trafficPrivilege escalationSocial engineering
attacks (i.e., impersonation)Loss or compromise of
operational/Security logsBackup lost / StolenUnauthorized access to
premisesTheft of computer equipmentNatural Disasters
Security Benefits
Security and the benefits of scale
Security as a market differentiator
Standardized Interface for managed security services
Rapid, smart scaling of resources
Audit and evidence gathering
More timely and effective and efficient updates and defaults
Audit and SLA force better risk management
Benefits of resource concentration
Credits (Resources Referred)
Understanding Microsoft Virtualization Solutions; from the
Desktop to the Datacenter Second Edition
Cloud Computing: Benefits, Risks and recommendations for
information security (ENISA European Network and Information
Security Agency)
Security Guidance for Critical Areas of Focus in Cloud Computing
V2.1 (CSA - Cloud Security Alliance)
What Is Cloud Computing?
Cloud describes the use of a collection of services,
applications, information, and infrastructure comprised of pools of
compute, network, information, and storage resources. These
components can be rapidly orchestrated, provisioned, implemented
and decommissioned,and scaled up or down; providing for an
on-demand utility-like model of allocation and consumption.
What Is Cloud Computing?
Cloud Computing is a New way of delivering Computing resources,
not a new technology.
Thank You..
Shabbir AhmedCCIE#21327, MVP, MCT, CEH, CCSA, ISO 27001 LA,
[email protected]
