Cloud Computing Services Cloud Computing Services & Security Concerns for & Security Concerns for

Data StorageData Storage

AGENDA What is Cloud Computing?

Cloud Services and Deployment Models

Why all the hype??

Security risks

Future of the Cloud Computing

Summary

What is Cloud ComputingAccording to NIST

‘Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.’

According to Gartner

‘Gartner defines cloud computing as a style of computing in which massively scalable IT-related capabilities are provided "as a service" using Internet technologies to multiple external customers’

Cloud Service Models

The Cloud Service models are Cloud Software as a Service (SaaS) – no purchase of

software, rent it and pay per use model Cloud Platform as a Service (PaaS) – development

platform is offered as service Cloud Infrastructure as a Service (IaaS) – provides

entire infrastructure, storage, networking, backup.

Other type of models according to Juniper Networks Cloud Data as a Service (Daas) Identity and Policy Management as a Service

(IPMaas) Cloud Network as a Service (Naas)

Cloud Computing Providers

Copyright © 2009 Juniper Networks, Inc. http://www.ists.dartmouth.edu/docs/HannaCloudComputingv2.pdf

Cloud Deployment Models Private Cloud

Internal cloud solely dedicated to single Organization. Security management managed by internal IT

Public Cloud Owned by vendor, available to the public. Offered to

multiple customers from common infrastructure

Hybrid Cloud Runs non-core application in public cloud and

sensitive data in private cloud

Why all the hype? Cloud Computing is internet based, real-time

service and can access solution regardless of location

It is massively scalable with flexible business model

Provides a flexible pricing model, with a low upfront cost for both infrastructure and software

End up being less maintenance, promoting energy efficiency (Green IT) and cost benefits.

A recent survey conducted by Pew Internet showed that 69% of all Americans use cloud-based software to store pictures, videos, emails, calendars and other various data onlinehttp://www.pewinternet.org

Security Risks Security, timely availability and reliability of the

data on cloud computing is the main concern

Unplanned outages (Amazon S3 cloud service went down, 2008) Data recovery refer SLA’s / Cloud provider Google’s Apps users faced slow service, April 2009

Data location and Storage, there are jurisdictions involved Is it secured properly all the private and

confidential information. Located in different geographic location, what are

the ramification of laws for foreign entity.

Security Risk Management According to Mather, Kumaraswamy & Latif, 2009,

research some of the standards to be used for Security Management in Cloud Computing Services: ITIL ISO/IEC 27001 and 27002.

Cloud Services secure areas covered are: Availability management, Vulnerability Management,

Access Control, Patch management, Configuration management, Incident response & System use and access monitoring

According to Gartner 25 Percent of new business Software will be delivered as Software as a Service (Saas) by 2011.http://www.gartner.com/it/page.jsp?id=496886

Cloud Security Alliance is a not-for-profit organization providing security assurance for Cloud Service.

Jericho Forum working on getting secure collaboration for cloud computing for individual business needs.

Federal CIO is a huge cloud Proponent. Many Cloud pilot programs with in the govt.Washington DC uses Google apps, twitter, you tube

Summary Cloud Computing is going to be around, accept it!

Always understand the Service level agreements (SLAs) of Cloud Service providers, to understand the uptime and downtime

Cloud Service is in IT security department and be due diligent.

Users should consider what type of data to be used for cloud storage

Cost savings can be huge, but be aware of security and governance issues

References Issues related to Cloud Computing arrangements

http://www.seyfarth.com/index.cfm/fuseaction/publications.publications_detail/object_id/9275a22b-3998-494c-84d8-7d234e503d82/IssuesRelatedToCloudComputingArrangements.cfm

Proposed 2010 Budget, Section 9 http://www.whitehouse.gov/omb/budget/fy2010/assets/crosscutting.pdf

Security Guidance for Critical areas of focus in Cloud Computing, Cloud Security Alliance, April 2009 http://www.cloudsecurityalliance.org/guidance/csaguide.pdf

Gartner Newsroom, Stamford, Conn., September 29, 2008 http://www.gartner.com/it/page.jsp?id=766215

Waxer, C. (2009). Can you trust the Cloud? Computer World. May 25/June1, 2009, 23-26

Lamb, J. (2009). The Greening of IT: How Companies Can Make a Difference for the Environment, IBM Press, April 2009

Mather, T., Kumaraswamy, S., and Latif, S. (2009) Cloud Security and Privacy, 1st Edition. 1005 Gravenstein Highway North, Sebastopol, CA 95472: O'Reilly Media, Inc.,