security & privacy issues in

28
Security & Privacy Issues in CLOUD COMPUTING

Upload: leora

Post on 10-Jan-2016

44 views

Category:

Documents


4 download

DESCRIPTION

Cloud Computing. Security & Privacy Issues in. The Hype. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Security &  Privacy  Issues in

Security & Privacy Issuesin

CLOUD COMPUTING

Page 2: Security &  Privacy  Issues in

The Hype

“The interesting thing about cloud computing is that we’ve redefined cloud computing to include everything that we already do. I can’t think of anything that isn’t cloud computing with all of these announcements. The computer industry is the only industry that is more fashion-driven than women’s fashion. Maybe I’m an idiot, but I have no idea what anyone is talking about. What is it? It’s complete gibberish. It’s insane. When is this idiocy going to stop?”

Larry Ellison, CEO, Oracle (WSJ 9/25/08)

Page 3: Security &  Privacy  Issues in

The Rant

• Click here for YouTube video…

Page 4: Security &  Privacy  Issues in

Closer to Earth

• Let’s presume that Cloud Computing is real.

• What is it?• Let’s try to cut through the

hyperbole and define Cloud Computing and see what it has to offer consumers and organizations.

Page 5: Security &  Privacy  Issues in
Page 6: Security &  Privacy  Issues in

Example: Microsoft

Page 8: Security &  Privacy  Issues in

Infrastructure as a Service

• Amazon sells computing power in a way similar to how we get electricity from the power company.

• Uses a pay-as-you-go model for offering VM instances, computing power and storage on demand.

Page 9: Security &  Privacy  Issues in

Platform as a Service

• One step above the utility, you find the PaaS providers, like Google App Engine, Salesforce’ force.com, and the recently announced Microsoft Azure platform.

• Here you develop apps and leverage a common development framework and platform for delivery.

Page 10: Security &  Privacy  Issues in

Software as a Service

• Software as a Service (SaaS) is what most people are familiar with. This is where many of the common Web 2.0 applications are, like: Flickr, Gmail, Google Apps, Facebook, Twitter....

• There are also enterprise applications, such as SAP, Oracle, Microsoft and others attempting to gain market share here.

Page 11: Security &  Privacy  Issues in

Terminology

• Let’s face it, the use of all these acronyms can get confusing!

• SOA and SaaS often get confused.• The utility and platform services are

often called nothing more than the evolution of third-party hosting services that companies have used for years.

• There are good reasons these assumptions are incorrect.

Page 12: Security &  Privacy  Issues in

SOA is dead…?“SOA met its demise on January 1, 2009, when it was

wiped out by the catastrophic impact of the economic recession. SOA is survived by its offspring: mashups, BPM, SaaS, Cloud Computing, and all other architectural approaches that depend on “services.” Manes’ real point, to quote her is that “we should not be talking about an architectural concept that has no universally accepted definition and an indefensible value proposition. Instead we should be talking about concrete things (like services) and concrete architectural practices (like application portfolio management) that deliver real value to the business.”

Anne Thomas Manes, Burton Group

Page 13: Security &  Privacy  Issues in

Consumers• Cloud Computing is a new name for things

consumers are already doing.• Consumers are tired of being IT techs.• Consumers want to DO things online, and

have the Internet cloudbe assimple asCable TV.

I don’t care what’s up

there, as long as it WORKS!

Page 14: Security &  Privacy  Issues in

The Business Case

• Cost Savings from economies of scale• Scalability• Elasticity• Reliability• (and in some cases, they enjoy a

transfer of liability by outsourcing services)

Page 15: Security &  Privacy  Issues in

Source: www.cio.com/article/print/109706

2007

Page 16: Security &  Privacy  Issues in

Source: www.cio.com/article/print/109706

Page 17: Security &  Privacy  Issues in

Where does it make sense?

• Start-ups• Apps that are not processing key

data• Apps that benefit greatly from

economies of scale, and that require high availability and DRP

• Apps that need periodic, huge capacity or CPU processing

Page 18: Security &  Privacy  Issues in
Page 19: Security &  Privacy  Issues in

Where does it not make sense?

• Key apps that are earning your bread and butter

• Apps that touch personal data or process high-value/consumer transactions should be considered carefully

• Most cloud computing works well for highly paralell, but not serial apps

Page 20: Security &  Privacy  Issues in

On-site vs. Off-site

• PaaS can be hosted at your data center, outsourced, or hosted in a hybrid environment like this example.

Source: cohesiveft.com/vpncubed

Page 21: Security &  Privacy  Issues in

Concern in the Cloud

• Security• Control• Performance• Support• Vendor Lock-In• Speed of Scaling• Configurability

Page 22: Security &  Privacy  Issues in

Security Concerns

• CIA + Privacy• Can you extend your policies to the cloud?• Regulatory compliance• Managing data on shared systems• Forensics• Auditing• Segregation of data• Portability & Interoperability• Reliability & Manageability

Page 23: Security &  Privacy  Issues in

In The News

• Monster.com Breach May Preface Targeted Attacks

• Salesforce.com AdmitsData Loss

• Millions of GmailUsers Left in theLurch

• Gmail is down,down, down

Page 24: Security &  Privacy  Issues in

More…

• United Airlines Flight Operations Computer System Failure

• San Francisco Power Grid Failure• PayPal Subscription Processing Fails• Skype Down for Days• LAX TSA Screening System Failure

• What if Google were to disappear for a few days? Or, Facebook? Yahoo?

Page 25: Security &  Privacy  Issues in

Compliance in the Cloud

• Let me just list some common U.S. regulations and speak to them:

• PCI• SOX• HIPAA• GLB• California Breach Law (SB1386)

Page 26: Security &  Privacy  Issues in

Future Trends

• The Web as a Participatory Worldwide Communications Media (Wikipedia, Facebook, YouTube…)

• The Need to Use Less Energy• Innovation Imperative• Quest for Simplicity • Structure Out of Chaos

Source: www.cio.com/article/438371/Cloud_Computing_Hype_Versus_Reality

Page 27: Security &  Privacy  Issues in

• The Grinch: It came without segregation. It came without recovery goals. It came without adequate physical, logical, or personnel access controls. It could have been high, it could have been low, I just have no clue where the data may flow!

• Narrator: Then the Grinch thought of something he hadn't before.

• The Grinch: Maybe the perfect solution doesn't come from a store. Maybe solving businessproblems securely...

• Narrator: He thought • The Grinch: ...means a little bit more.

Grinch in the Cloud

Page 28: Security &  Privacy  Issues in

Useful Resources

• World Privacy Forum, www.worldprivacyforum.org

• Security Monks Blog, http://blog.securitymonks.com/2009/01/25/recent-cloud-postings/

• Rational Survivability Blog, http://rationalsecurity.typepad.com/