uc cloud computing security
Post on 30-Nov-2014
Embed Size (px)
DESCRIPTIONDean Jones has more than a 24-year track record in understanding technology-business interface, identifying & aligning clients technology needs with products & services, and solving complex problems. He has a successful and diverse background spanning technical, operational management, project delivery, and strategy development disciplines underscores expertise in engaging decision makers and devising winning strategies and solutions.
- 1. BDPA DALLASMay 31st Program MeetingUC Cloud ComputingSecurityDean Jones, EngagementManager Infrastructure As A Service (IAAS)
2. Discussion Topics Potential Security Breaches & Associated Cost Cloud Computing and Topology SIP UC Cloud / IAAS Topology Case Studies 3. Potential Security Breaches 4. The Cost of Unsecured Hosted and Private UC Environments.One Successful TollFraud Attack $40,000 5. A crisis of complexity. The need for progress is clear.Global Annual Server Spending(IDC)300 Power and cooling costsManagement and admin costs250New system spend200Uncontrolled management150and energy costs100 50 Steady CAPEX spend$0BTo make progress, delivery organizations must address the server, storageand network operating cost problem, not just CAPEX Source: IBM Corporate Strategy analysis of IDC data 5 Cloud Computing 6. Perimeter defense is essential But it doesnt guard data against the human factorLost or Intellectual property exposed to competitorsstolen Sensitive customer data compromiseddevices Competitive information leaked to the mediaExposed Extracts pulled for processing and reportingbusiness Circulating data across organizationsprocesses Workarounds during system outagesMalicious Malware deployed within the networkinsiders Intentional misuse of company information Identity theft and Industrial espionageCareless use Viruses unwittingly downloaded at homeof the Unsecured archives or copies of datacorporate Uncontrolled circulation of classified documents or personal e-mail messagesnetwork 7. Increased collaboration brings increased complexityand increased risk.Foes, Gremlins, andBananaPeelsCoffee ShopHotels HomeBusiness Inadequate, disjointed PartnersSupply technology managementChain 8. Many companies expend resources on thenetwork without achieving the expected results. A piecemeal approach to network security and updates leads to an overly complex infrastructure Time-consuming to pinpoint causes of performance problems, especially for newly added voice and video applications that impact traditional mission-critical applications Difficult to determine the best way to optimize costs and performance Hardto estimate future expenditures and justify current costs Almost impossible to predict capacity requirements accurately Through 2011, enterprises will waste $100 billion buyingthe wrong networking technologies and services3 Unnecessary technologies Excess bandwidth Unwarranted upgrades 3 Gartner, Gartners Top Predictions for IT Organizations and Users, 2007 and Beyond, Daryl C. Plummer and others, December 2006. 9. Ponemon Institutes Security Breach Studies Ponemon Institutes released two separate reports, The First Annual Cost of Cyber CrimeStudy (PDF), which was sponsored by ArcSight, The Leaking Vault (PDF) released today bythe Digital Forensics Association, both showing troubling findings for companies finances: a median cost of $3.8 million for an attack per year, including all costs, from detection,investigation, containment, and recovery to any post-response operations. out of 2,807 publicly disclosed data breaches worldwide during the past five years, the costto the victim firms as well as those whose information was exposed reached $139 billion. nearly half of all of the reported breaches came from a laptop, which in 95 percent of thecases is stolen hacks led to the most stolen records during 2005 to 2009, with 327 million of the 721.9million covered in the report, although hacks represent only about 16 percent of the databreaches Web-borne attacks, malicious code, and malicious insiders are the most costly types ofattacks, making up more than 90 percent of all cybercrime costs per organization per year A Web-based attack costs 143,209 USD; malicious code, 124,083 USD; and malicious insiders,100,300 USD. 10. Cloud Security Breach Examples Google Doc allowed shared permission without userknowledge http://www.google.com/support/forum/p/Google+Docs/thread?tid=2ef115be2ce4fd0e&hl=en Salesforce.com phishing attack led to leak of a customer list;subsequent attacks http://voices.washingtonpost.com/securityfix/2007/11/salesforcecom_acknowledges_dat.html Vasrev.com Webhost hack wipes out data for 100,000 sites http://www.theregister.co.uk/2009/06/08/webhost_attack/ Twitter company files leaked in Cloud Computing securityfailure / http://www.infosecurity-us.com/view/2554/twitter-company-files-leaked-in-cloud-computing-security-failure DDoS attack that downed Twitter also hit Facebook http://www.computerworld.com/s/article/9136340/DDoS_attack_that_downed_Twitter_also_hit_Facebook?source=CTWNLE_nlt_security_ 2009-08-07 11. UCCloud Computing Securityand Topology 12. Cloud: Consumption & Delivery Models Optimized by Workload Cloud is:Cloud enables: A new consumption Self-serviceand delivery modelinspired by consumer Sourcing optionsInternet services. Economies-of-scale Cloud Services Cloud Computing ModelCloud represents:Multiple Types of Clouds will co-exist: The Industrializationof Private, Public and HybridDeliveryfor IT Workload and/orsupported Services Programming Model Specific 15 Cloud Computing 13. Is cloud computing really new? Yes, and No.Cloud computing is a new consumptionand delivery model inspired by consumerInternet services. Cloud computing exhibitsUsage TrackingWeb 2.0the following 5 key characteristics:On-demand self-serviceUbiquitous network accessEnd User FocusedLocation independent resource pooling Service VirtualizationRapid elasticity Automation& SOAPay per useWhile the technology is not new, the enduser focus of self-service, self-managementleveraging these technologies is new. Cloud Computing 14. Today there are three primary delivery models that companies are implementing for cloud Enterprise Public TraditionalPrivateCloudsEnterprise IT CloudHybrid CloudPrivate CloudHybrid CloudPublic CloudIT activities/functions are provided asInternal and externalIT activities/functions are provideda service, over an intranet, within theservice delivery as a service, over the Internetenterprise and behind the firewallmethods areintegrated, with Key features:Key features include:activities/functions Scalability Scalabilityallocated to based on Automatic/rapid provisioning Automatic/rapid provisioning security Standardized offerings Chargeback ability requirements, criticality, Consumption-based pricing. Widespread virtualizationarchitecture and other Multi-tenancyestablished policies.Source: IBM Market Insights, Cloud Computing Research, July 2009.Cloud Computing 15. Security Implications of the Delivery Models 16. Cost savings and faster time to value are theleading reasons why companies consider cloudTo what degree would each of these factors induce you to acquire public cloud services?Pay only for what we use Hardware savingsReducecostsSoftware licenses savings Lower labor and IT 77%support costs Lower outside maintenance costsTake advantage of latest functionality Faster time tovalueSimplify updating/upgrading Speed deployment72% Scale IT resources to meet needs ImproveImprove system reliability reliability Improve system availability 50% Respondents could rate multiple drivers itemsSource: IBM Market Insights, Cloud Computing Research, July 2009. n=1,090 UC Cloud Computing 17. Managing Cloud Adoption Cloud economics can be compelling Small companies will adopt as reliable, easy-to-use services are available Scale economics are within reach of many enterprises Client migration will be work load driven Trade-off is value vs. risk of migration Workload characteristics are critical New workloads will emerge as cloud makes them affordable (e.g. pervasive analytics, Smart Healthcare)21 Cloud Computing 18. Elements that Drive Cloud Efficiency andInfrastructure EconomicsVirtualization ofDrives lower capital Leverage Hardware requirementsUtilization ofVirtualized environments Infrastructure only get benefits of scaleif they are highly utilized Clients who can serveSelf Servicethemselves require lesssupport and get servicesLeverage Labor Automation ofTake repeatable tasks and Management automate Standardization ofMore complexity =Workloads less automation possible= people needed 19. Enterprise Benefits from Cloud ComputingCapability From ToServer/Storage 10-20%Cloud accelerates70-90%Utilization business valueSelf serviceNone across a wide Unlimited variety ofTest ProvisioningWeeks domains. Minutes Change Months Days/Hours ManagementRelease WeeksMinutes ManagementFixed costMetering/Billing GranularmodelStandardization Complex Self-Service Payback periodYears Monthsfor new services Legacy environments Cloud enabled enterpriseCloud Computing 20. Clients told us their implementation strategies public or private Cloud, present or future for 25 specific workloads Analytics Data mining, text mining, or other analytics Data warehouses or data marts Development and testing Transactional databases Development environment Analytics Test environmentDevelopment Business Servicesand Test CRM or Sales Force Automation e-mail ERP applications Industry-specific applications Infrastructure Business Services Application servers Application streaming Collaboration Business continuity/disaster recovery Audio/video/web conferencingInfrastructure Data archiving Unified communications Data backup VoIP infrastructure Data center network capacityCollaboration Security Desktop and devices Servers Desktop Storage Service/help desk Training infrastructure WAN capacityDesktop andDevicesSource: IBM Market Insights, Cloud Computing Research, July 2009. 21. Clients cite "push factors" for and "barriers" against cloud adoption for each workload typeBarriers Higher propensity Data privacy orregulatory and for cloudcompliance issues Fluctuating demandHigh level of Internal Highly standardizedcontrol required applicationsAccessibility and Modular,reliability are a independentconcern applicationsCost