1. Cryptographic Data Splitting& Cloud ComputingBy Kevin L. Jackson, Engineering FellowNJVC, LLCPresented to:AFCEA Technology Over Bagels October 12, 2010

2. The New IT EraIDC September 2008rev date 10/12/2010 3. What is Cloud Computing An Amalgamation of TechnologiesAn Amalgamation of Technologies Converging on a Revolutionaryand Transformational Services Delivery Model A pay-per-use model for enabling available, convenientand on-demand network access to a shared pool of configurable computing resources(e.g., networks, servers, storage, applications, services)that can be rapidly provisioned and released with minimal management effort or service providerinteraction. Other terms frequently associated with cloud computing include: NIST Definition - network-centric - application service provider (ASP) - external hosting and co-location - private cloud = Intranet-based 2008 Science Applications International Corporation. All rights reserved. SAIC and the SAIC logo are registered trademarks of Science Applications International Corporation in the U.S. and/or other countries. 4. Non-Scalable Applications Are Expensive and Risky Non-scalable applications suffer from diminishing returns on added resources As the business grows, per transaction costs INCREASE At some point the application will hit a wall, leading to: Application crashes (and potential disaster for the business at huge cost) Expensive process of re-architecting the application every few months/yearsNon-Linear Scalability (15% Contention) $1,200,000$1,000,000Server cost: $20,000 Total Solution Cost $800,000$600,000Single server throughput:The Scalability 1,000 tx/sec $400,000 Wall Contention: $200,000 15%$0 1,000 2,000 3,000 4,000 5,000 6,000 7,0008,000 9,000 10,000 Required Throughput (e.g., Tx/Sec) 5. The Goal: Linear Scalability On Demand No diminishing returns on scale No code changes when scaling Drop in another box and increase capacity linearly $1,200,000 $1,000,000$800,000$600,000$400,000$200,000$01,000 2,0003,000 4,000 5,0006,000 7,0008,000 9,00010,0001,000 tx/sec tx/sec tx/sec tx/sec 2,000 3,000 4,000Linear ScalabilityNon-Linear Scalability (15% Contention) 6. Cloud Computing Value 140120100 OPEX 80Cost 60CapabilityDemandTraditional40CAPEX200 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 140120100 80Cost (20% premium) 60CapabilityDemandCloudOPEX40 200 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20Courtesy The Open Gro 7. Economic Benefit (Booz Allen Hamilton, October 2009) 8. Speed of Cost Reduction, Cost of ChangeCourtesy The Open Gro 9. Optimizing Ownership UseCourtesy The Open Gro 10. Optimizing Time to Deliver CapabilityCourtesy The Open Gro 11. Value and Capabilities Time Reduce time to deliver/execute mission Increased responsiveness/flexibility/availability Cost Optimizing cost to deliver/execute mission Optimizing cost of ownership (lifecycle cost) Increased efficiencies in capital/operational expenditures Quality Environmental improvements Experiential improvements 12. Government Cloud Computing United States Federal Chief Information Officers Council Data.gov & IT Dashboard Defense Information Systems Agency (DISA) Rapid Access Computing Environment (RACE) US Department of Energy (DOE) Magellan General Services Administration (GSA) Apps.gov Department of the Interior National Business Center (NBC) Cloud Computing NASA Nebula National Institute of Standards and Technology (NIST) United Kingdom G-Cloud European Union Resources and Services Virtualization without Barriers Project (RESERVOIR) Canada Canada Cloud Computing Cloud Computing and the Canadian Environment Japan The Digital Japan Creation Project (ICT Hatoyama Plan) The Kasumigaseki Cloud 13. Communications Infrastructure ContinuumMilitaryTactical Edge High PerformanceThe MainstreamMobile, Ad Hoc Networks Internet Networks Some Common Characteristics Some Common CharacteristicsSome Common Characteristics Stable infrastructure Mixed range of assets Ad hoc assets Fiber optic/High-speed RF/wireless Mixed media Generally wireless optical Tending to higher bandwidth Design for degraded operation Highest bandwidth Overprovisioned Large variability in latency and Low latency bandwidth Low to high latency Connection-oriented links Highly dynamic routing Table-based routing Policy-based QoS More distributed network service Mixed policies in forwarding and models requiredQoS Change is the norm 14. Humanitarian Assistance and Disaster Response (HADR)Humanity &Infrastructure Damaged local infrastructure Heterogeneous mobile support/response infrastructure Secure/Sensitive/Unsecure information requirements Network flexibility paramount 15. Cloud Computing Not a technology but a new way of provisioning and consuming information technology An automated SOA implemented with brutal standardization over a virtualized infrastructure (compute, storage, networks) enables cloud computing Key BenefitsKey Concerns Significant cost reductions Standards Reduced time to capability Portability Increased flexibility Control/Availability Elastic scalability Security Increase service quality IT Policy Increased security Management / Monitoring Ease of technology refresh Ecosystem Ease of collaboration Increased efficiency 16. Cloud Computing Security Increased virtualization (Compute, Storage, Network) Modification of infrastructure centric security policies Support of information risk management profiles Brutal standardization to increase automation and reduces opportunity for human error Increased infrastructure visibility to improve ability to deploy, monitor and enforce security policies Implementation of advanced data-centric security technologies Global File Systems / Content Addressable Storage Global, Shared Infrastructures Dynamic, Non-traditional Coalitions 17. Cryptographic Data Splitting (SecureParser ) Cryptographically splits dataDocument E-mail Database Email-DatabaseVideoMap Imagery Imagery Creates physically separate fault tolerant Shares High-efficiency cryptographic module:CDIP & COI Framework Provably-secure Computational Secret Sharing Cryptographic Data Splitting AES Encryption Data Integrity Protection Modules can be change out, e.g. AES could be changed with a Random Bit Split TYPE I encryption as requirement called for M of N Fault Tolerance Share Authentication Physically Separate SharesWritten to Storage Data at RestWritten to Networks Data in Motion Created at any IO Point in the system12 3 4User Definable Number of Shares Fault Tolerance Key Management 18. SecureParser Key Management 19. Independent Testing and Evaluation 2005 CWID: AFCA assessment & AF C2 Battle Lab demo as demonstrating the potential to be labeled as an MLS/PL-4 System2005 DISA: Technical Information Panel (TIP) found to have merit for further evaluation and consideration for use as an information assurance technologypotential to fundamentally alter the way storing and securing of data is approached. 2006 SOCOM: National Center for the Study of Counter-terrorism and Cybercrime IV&V completed successfully for SOCOM MLS Pilot Project 2006 EUCOM Combined Endeavor: Joint Interoperability Test Center (JITC) value of the SecureParser was obvious. This capability not only offers increased security of data, but reduces costs by eliminating the need for redundant resources. 2008 Selected by DISA as a demonstration solution for CWID08 - June 08Selected by NSA for HAP Trade Study as a Crypto Service and for DAR 20. ISR Data Collection to War fighter IA CollectionCommunication Storage and Sharing. Hiding War Fighter Data in Plain Site on the Access GIG. Geographically distributed Data and ServersX X Data transmitted through multiple paths (Satellite and Terrestrial)WAN/DIB X Ground ISR Data Processing centerSecure ISR Secure and Highly Secure ISR Data Secure and HighlySecure and Highly DataAvailable Sharing Available Storage andAvailable COI ISRCommunicationsIntegrated Backup Data Sharing 21. Conclusion Cloud Computing represents an important shift in the consumption and delivery of information technology Shift from infrastructure-centric to data-centric computing (and security) Cryptographic data splitting can support the security needs of this new era. 22. Thank You ! Kevin L. Jackson Director Cloud Computing Services NJVC, LLC (703) 335-0830 Kevin.Jackson@NJVC.com http://kevinljackson.blogspot.com http://govcloud.ulitzer.com