Security & Privacy in Cloud Computing
-
Upload
john-johnson -
Category
Documents
-
view
312 -
download
0
description
Transcript of Security & Privacy in Cloud Computing
![Page 1: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/1.jpg)
Security & Privacy Issues in
![Page 2: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/2.jpg)
The Hype “The interesting thing about cloud
computing is that we’ve redefined cloud computing to include everything that we already do. I can’t think of anything that isn’t cloud computing with all of these announcements. The computer industry is the only industry that is more fashion-driven than women’s fashion. Maybe I’m an idiot, but I have no idea what anyone is talking about. What is it? It’s complete gibberish. It’s insane. When is this idiocy going to stop?”
Larry Ellison, CEO, Oracle (WSJ 9/25/08)
![Page 3: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/3.jpg)
Video
![Page 4: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/4.jpg)
Closer to Earth
• Let’s presume that Cloud Compu>ng is real.
• What is it? • Let’s try to cut through the hyperbole and define Cloud Compu>ng and see what it has to offer consumers and organiza>ons.
![Page 5: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/5.jpg)
![Page 6: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/6.jpg)
Example: MicrosoK
![Page 7: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/7.jpg)
Sor>ng things out…
PlaMorm
U>lity or Infrastructure
SoKware
![Page 8: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/8.jpg)
Infrastructure as a Service
• Amazon sells compu>ng power in a way similar to how we get electricity from the power company.
• Uses a pay-‐as-‐you-‐go model for offering VM instances, compu>ng power and storage on demand.
![Page 9: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/9.jpg)
PlaMorm as a Service
• One step above the u>lity, you find the PaaS providers, like Google App Engine, Salesforce’ force.com, and the recently announced MicrosoK Azure plaMorm.
• Here you develop apps and leverage a common development framework and plaMorm for delivery.
![Page 10: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/10.jpg)
SoKware as a Service
• SoKware as a Service (SaaS) is what most people are familiar with. This is where many of the common Web 2.0 applica>ons are, like: Flickr, Gmail, Google Apps, Facebook, TwiZer....
• There are also enterprise applica>ons, such as SAP, Oracle, MicrosoK and others aZemp>ng to gain market share here.
![Page 11: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/11.jpg)
Terminology
• Let’s face it, the use of all these acronyms can get confusing!
• SOA and SaaS oKen get confused. • The u>lity and plaMorm services are oKen called nothing more than the evolu>on of third-‐party hos>ng services that companies have used for years.
• There are good reasons these assump>ons are incorrect.
![Page 12: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/12.jpg)
SOA is dead…? “SOA met its demise on January 1, 2009, when it was
wiped out by the catastrophic impact of the economic recession. SOA is survived by its offspring: mashups, BPM, SaaS, Cloud Computing, and all other architectural approaches that depend on “services.” Manes’ real point, to quote her is that “we should not be talking about an architectural concept that has no universally accepted definition and an indefensible value proposition. Instead we should be talking about concrete things (like services) and concrete architectural practices (like application portfolio management) that deliver real value to the business.”
Anne Thomas Manes, Burton Group
![Page 13: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/13.jpg)
Consumers • Cloud Compu>ng is a new name for things consumers are already doing.
• Consumers are >red of being IT techs. • Consumers want to DO things online, and have the Internet cloud be as simple as Cable TV.
I don’t care what’s up
there, as long as it WORKS!
![Page 14: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/14.jpg)
The Business Case
• Cost Savings from economies of scale • Scalability • Elas>city • Reliability • (and in some cases, they enjoy a transfer of liability by outsourcing services)
![Page 15: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/15.jpg)
Source: www.cio.com/article/print/109706
2007
![Page 16: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/16.jpg)
Source: www.cio.com/article/print/109706
![Page 17: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/17.jpg)
Where does it make sense?
• Start-‐ups • Apps that are not processing key data
• Apps that benefit greatly from economies of scale, and that require high availability and DRP
• Apps that need periodic, huge capacity or CPU processing
![Page 18: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/18.jpg)
![Page 19: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/19.jpg)
Where does it not make sense?
• Key apps that are earning your bread and buZer
• Apps that touch personal data or process high-‐value/consumer transac>ons should be considered carefully
• Most cloud compu>ng works well for highly paralell, but not serial apps
![Page 20: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/20.jpg)
On-‐site vs. Off-‐site • PaaS can be hosted at your data center,
outsourced, or hosted in a hybrid environment like this example.
Source: cohesiveft.com/vpncubed
![Page 21: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/21.jpg)
Concern in the Cloud
• Security • Control • Performance • Support • Vendor Lock-‐In • Speed of Scaling • Configurability
![Page 22: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/22.jpg)
Security Concerns • CIA + Privacy • Can you extend your policies to the cloud?
• Regulatory compliance • Managing data on shared systems • Forensics • Audi>ng • Segrega>on of data • Portability & Interoperability • Reliability & Manageability
![Page 23: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/23.jpg)
In The News
• Monster.com Breach May Preface Targeted Attacks
• Salesforce.com AdmitsData Loss
• Millions of GmailUsers Left in theLurch
• Gmail is down,down, down
![Page 24: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/24.jpg)
More…
• United Airlines Flight Opera>ons Computer System Failure
• San Francisco Power Grid Failure • PayPal Subscrip>on Processing Fails • Skype Down for Days • LAX TSA Screening System Failure
• What if Google were to disappear for a few days? Or, Facebook? Yahoo?
![Page 25: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/25.jpg)
Compliance in the Cloud
• Let me just list some common U.S. regula>ons and speak to them:
• PCI • SOX • HIPAA • GLB • California Breach Law (SB1386)
![Page 26: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/26.jpg)
Future Trends
• The Web as a Par>cipatory Worldwide Communica>ons Media (Wikipedia, Facebook, YouTube…)
• The Need to Use Less Energy • Innova>on Impera>ve • Quest for Simplicity • Structure Out of Chaos
Source: www.cio.com/article/438371/Cloud_Computing_Hype_Versus_Reality
![Page 27: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/27.jpg)
• The Grinch: It came without segrega>on. It came without recovery goals. It came without adequate physical, logical, or personnel access controls. It could have been high, it could have been low, I just have no clue where the data may flow!
• Narrator: Then the Grinch thought of something he hadn't before.
• The Grinch: Maybe the perfect solu>on doesn't come from a store. Maybe solving business problems securely...
• Narrator: He thought • The Grinch: ...means a liZle bit more.
Grinch in the Cloud
![Page 28: Security & Privacy in Cloud Computing](https://reader034.fdocuments.in/reader034/viewer/2022051610/5492f579b47959564d8b4753/html5/thumbnails/28.jpg)
Useful Resources
• World Privacy Forum, www.worldprivacyforum.org
• Security Monks Blog, hZp://blog.securitymonks.com/2009/01/25/recent-‐cloud-‐pos>ngs/
• Ra>onal Survivability Blog, hZp://ra>onalsecurity.typepad.com/