cloud computing security

Ninh V. [email protected]

The Hype

Cluster ComputingCloud ComputingGrid Computing

“What the hell is Cloud Computing?”- Larry Ellison

Monolithic Client-Server Web SOA Cloud Services

1970s 1980s 1990s 2000s 2009+

5th Generation of Computing

Wikipedia’s DefinitionsCloud computing is a computing paradigm shift where computing is moved awayfrom personal computers or an individual server to a “cloud” of computers.

– 12/2007

Cloud computing is Internet-based ("cloud") development and use of computerTechnology ("computing"). The cloud is a metaphor for the Internet, based on

howit is depicted in computer network diagrams, and is an abstraction for the complexinfrastructure it conceals.

– 12/2008

Cloud computing is a style of computing in which dynamically scalable and oftenvirtualized resources are provided as a service over the Internet.

– 6/2009

Cloud computing is an example of computing in which dynamically scalable andoften virtualized resources are provided as a service over the Internet.

- Now

Common implies multi-tenancy, not single or isolated tenancy Location-independentOnlineUtility implies pay-for-use pricingDemand implies ~infinite, ~immediate, ~invisible scalability

Cloud Computing Infrastructure Models

Hybrid Cloud

Connectivity(Network Access)

SME

SME

SME

Enterprise

Enterprise

Public Cloud

Public Cloud

Private CloudPrivate Cloud

The Cloud Provider

The Cloud Provider

Architectural Layers of Cloud Computing

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Cloud Infrastructure

IaaS

PaaS

SaaS

Infrastructure as a Service (IaaS) Architectures

Platform as a Service (PaaS)Architectures

Software as a Service (SaaS)

Architectures


SaaS


PaaS

SaaS


IaaS

PaaS


PaaS


IaaS

Cloud Computing Characteristics

Comparisons

Grid Computing

•A form of distributed computing•A “super and virtual computer” is composed of a cluster of networked•Loosely coupled computers acting in concert to perform very large tasks

Utility Computing

•Packaging of computing resources, such as computation and storage•A metered service similar to a traditional public utility, such as electricity

Autonomy Computing

•Computer systems capable of self-management

Variable Costs(OpEx)

Fixed Costs(CapEx)

Cloud Computing Economics

Variable Costs(OpEx)

Users

Cost

s

Traditional IT

Cloud Computing

Pros and Cons

Cloud Computing Security

Your Application

Testing, Monitoring, Diagnostics

and Verification

Architectural Views

Governance

Life Cycle(Birth, Growth, Failure, Recovery, Death)

Web of MetadataCategories, Capabilities, Configuration and Dependencies

Resource Management Basic

Monitoring

Software & Hardware Infrastructure

Facilities & Logistics

Element Management

(Split Responsibility)

YourProblem

TheirProblem

A Cloud Technology Reference Model

Operating System

Hypervisor

Application

Datacenter (Power, Cooling, Physical Security)

ApplicationServer Middleware Database

CPU Networking StorageYOUR DATA Backup

Software as a Service

Your Problem

Their Problem

Operating System

Hypervisor

Your Application


ApplicationServer Middleware Database

CPU Networking Storage Backup

Platform as a Service

Your Problem

Their Problem

Your Operating System

Hypervisor

Your Application


YourApplication

Server

YourMiddleware

YourDatabase

CPU Networking Storage Backup

Infrastructure as a Service

Your Problem

Their Problem

Security Issues

Overview

Governing in the Cloud

Governance & Enterprise Risk Management

Legal

Electronic Discovery

Compliance and Audit

Information Life Cycle Management

Portability & Interoperability

Operating in the Cloud

Traditional Security

Data Center Operations

Incident Response

Virtualization

Identity & Access Management

Storage

Application Security

Encryption & Key Management

Selected Issues

Governing in the Cloud

Governance & Enterprise Risk Management

Legal

Electronic Discovery

Compliance and Audit

Information Life Cycle Management

Portability & Interoperability

Operating in the Cloud

Traditional Security

Data Center Operations

Incident Response

Virtualization

Identity & Access Management

Storage

Application Security



Storage

Internet

Encryption on Storage

Encryption on TransmissionKey Management

Case StudyAmazon Web Services (AWS)

AWS Registration and Security

X.509 Certificate

AWS Multi-Factor Authentication (AWS MFA)

Multi-Factor Authentication

Request Authenticationwith HMAC-SHA1 (1)

Request Authenticationwith HMAC-SHA1 (2)

HMAC-SHA1

Summary & Predictions

.. We think everyone on the planet deserves to have their ownvirtual data center in the cloud ..

- Lew Tucker

.. Cloud Computing Will Be As Influential As E-business .. - Gartner

.. one of the most important transformations the federalgovernment will go through in the next decade ..

- Obama’s TIGR Team

.. Who knew that the concept of security in cloud computing waseven possible to imagine?..

- Scott Bradner

Thank You