Piyush Mittal, profile picture
Uploaded byPiyush Mittal
PDF, PPTX1,326 views

Cloud Computing Security

The document discusses cloud computing and security issues. It defines cloud computing as dynamically scalable shared resources accessed over a network. Examples are given of companies using cloud computing like Mogulus, Animoto, and the New York Times. Security risks of cloud computing include failures in the provider's security, attacks from other customers, availability issues, legal/regulatory problems, and the challenge of integrating security between the provider and customer. The document advocates using risk management processes to analyze security and considers when cloud computing may improve security for some organizations.

Embed presentation

Download as PDF, PPTX
Cloud Computing: Finding the Silver Lining Steve Hanna, Juniper Networks Copyright © 2009 Juniper Networks, Inc. 1
Agenda   What is Cloud Computing?   Security Analysis of Cloud Computing   Conclusions Copyright © 2009 Juniper Networks, Inc. 2
Agenda   What is Cloud Computing?   Security Analysis of Cloud Computing   Conclusions Copyright © 2009 Juniper Networks, Inc. 3
Cloud Computing Defined   Dynamically scalable shared resources accessed over a network •  Only pay for what you use •  Shared internally or with other customers •  Resources = storage, computing, services, etc. •  Internal network or Internet   Notes •  Similar to Timesharing •  Rent IT resources vs. buy •  New term – definition still being developed Copyright © 2009 Juniper Networks, Inc. 4
Conventional Data Center Data Center Data Applications Enterprise LAN Office User Internet Remote User Copyright © 2009 Juniper Networks, Inc. 5
Cloud Computing Model Enterprise 2 Cloud Provider Enterprise 1 Enterprise LAN Data Applications Enterprise LAN Office User Internet Remote User Copyright © 2009 Juniper Networks, Inc. 6
Many Flavors of Cloud Computing   SaaS – Software as a Service •  Network-hosted application   DaaS – Data as a Service •  Customer queries against provider’s database   PaaS– Platform as a Service •  Network-hosted software development platform   IaaS – Infrastructure as a Service •  Provider hosts customer VMs or provides network storage   IPMaaS – Identity and Policy Management as a Service •  Provider manages identity and/or access control policy for customer   NaaS – Network as a Service •  Provider offers virtualized networks (e.g. VPNs) Copyright © 2009 Juniper Networks, Inc. 7
Cloud Computing Providers DaaS SaaS PaaS IPM Software & Data IPMaaS Infrastructure NaaS IaaS (DC/server) Copyright © 2009 Juniper Networks, Inc. 8
Cloud Computing Pros and Cons Compliance/regulatory laws mandate on-site Pros ownership of data Reduced costs Resource sharing is more Security and privacy efficient Latency & bandwidth guarantees Management moves to Absence of robust SLAs cloud provider Uncertainty around Consumption based cost interoperability, portability & lock in Faster time to roll out new services Availability & reliability Dynamic resource availability for crunch Inhibitors periods Copyright © 2009 Juniper Networks, Inc. 9
Who’s using Clouds today? Copyright © 2009 Juniper Networks, Inc. 10
Example: Mogulus   Mogulus is a live broadcast platform on the internet. (cloud customer) •  Producers can use the Mogulus browser-based Studio application to create LIVE, scheduled and on-demand internet television to broadcast anywhere on the web through a single player widget.   Mogulus is entirely hosted on cloud (cloud provider)   On Election night Mogulus ramped to: •  87000 videos @500kbps = 43.5 Gbps •  http://www.mogulus.com Copyright © 2009 Juniper Networks, Inc. 11
Example: Animoto   Animoto is a video rendering & production house with service available over the Internet (cloud customer) •  With their patent-pending technology and high-end motion design, each video is a fully customized orchestration of user-selected images and music in several formats, including DVD.   Animoto is entirely hosted on cloud (cloud provider)   Released Facebook App: users were able to easily render their photos into MTV like videos •  Ramped from 25,000 users to 250,000 users in three days •  Signing up 20,000 new users per hour at peak •  Went from 50 to 3500 servers in 5 days •  Two weeks later scaled back to 100 servers •  http://www.animoto.com Copyright © 2009 Juniper Networks, Inc. 12
Example: New York Times   Timesmachine is a news archive of the NY Times available in pdf over the Internet to newspaper subscribers (cloud customer)   Timesmachine is entirely hosted on cloud (cloud provider)   Timesmachine needed infrastructure to host several terabits of data •  Internal IT rejected due to cost •  Business owners got the data up on cloud for $50 over one weekend •  http://timesmachine.nytimes.com Copyright © 2009 Juniper Networks, Inc. 13
Example: Eli Lilly   Eli Lilly is the 10th largest pharmaceutical company in the world (cloud customer)   Moved entire R&D environment to cloud (cloud provider)   Results: •  Reduced costs •  Global access to R&D applications •  Rapid transition due to VM hosting •  Time to deliver new services greatly reduced: •  New server: 7.5 weeks down to 3 minutes •  New collaboration: 8 weeks down to 5 minutes •  64 node linux cluster: 12 weeks down to 5 minutes Copyright © 2009 Juniper Networks, Inc. 14
Who’s using Clouds today?   Startups & Small businesses •  Can use clouds for everything •  SaaS, IaaS, collaboration services, online presence   Mid-Size Enterprises •  Can use clouds for many things •  Compute cycles for R&D projects, online collaboration, partner integration, social networking, new business tools   Large Enterprises •  More likely to have hybrid models where they keep some things in house •  On premises data for legal and risk management reasons Copyright © 2009 Juniper Networks, Inc. 15
Agenda   What is Cloud Computing?   Security Analysis of Cloud Computing   Conclusions Copyright © 2009 Juniper Networks, Inc. 16
Information Security Risk Management Process (ISO 27005)   Establish Context   Risk Assessment •  Identify Risks •  Identify Assets •  Identify Threats •  Identify Existing Controls •  Identify Vulnerabilities •  Identify Consequences •  Estimate Risks •  Evaluate Risks   Develop Risk Treatment Plan •  Reduce, Retain, Avoid, or Transfer Risks   Risk Acceptance   Implement Risk Treatment Plan   Monitor and Review Risks Copyright © 2009 Juniper Networks, Inc. 17
Streamlined Security Analysis Process   Identify Assets •  Which assets are we trying to protect? •  What properties of these assets must be maintained?   Identify Threats •  What attacks can be mounted? •  What other threats are there (natural disasters, etc.)?   Identify Countermeasures •  How can we counter those attacks?   Appropriate for Organization-Independent Analysis •  We have no organizational context or policies Copyright © 2009 Juniper Networks, Inc. 18
Identify Assets Copyright © 2009 Juniper Networks, Inc. 19
Conventional Data Center Data Center Data Applications Enterprise LAN Office User Internet Remote User Copyright © 2009 Juniper Networks, Inc. 20
Cloud Computing Model Enterprise 2 Cloud Provider Enterprise 1 Enterprise LAN Data Applications Enterprise LAN Office User Internet Remote User Copyright © 2009 Juniper Networks, Inc. 21
Identify Assets   Customer Data   Customer Applications   Client Computing Devices Copyright © 2009 Juniper Networks, Inc. 22
Information Security Principles (Triad)   C I A •  Confidentiality •  Prevent unauthorized disclosure •  Integrity •  Preserve information integrity •  Availability •  Ensure information is available when needed Copyright © 2009 Juniper Networks, Inc. 23
Identify Assets & Principles   Customer Data •  Confidentiality, integrity, and availability   Customer Applications •  Confidentiality, integrity, and availability   Client Computing Devices •  Confidentiality, integrity, and availability Copyright © 2009 Juniper Networks, Inc. 24
Identify Threats Copyright © 2009 Juniper Networks, Inc. 25
Cloud Computing Model Enterprise 2 Cloud Provider Enterprise 1 Enterprise LAN Data Applications Enterprise LAN Office User Internet Remote User Copyright © 2009 Juniper Networks, Inc. 26
Identify Threats   Failures in Provider Security   Attacks by Other Customers   Availability and Reliability Issues   Legal and Regulatory Issues   Perimeter Security Model Broken   Integrating Provider and Customer Security Systems Copyright © 2009 Juniper Networks, Inc. 27
Failures in Provider Security   Explanation •  Provider controls servers, network, etc. •  Customer must trust provider’s security •  Failures may violate CIA principles   Countermeasures •  Verify and monitor provider’s security   Notes •  Outside verification may suffice •  For SMB, provider security may exceed customer security Copyright © 2009 Juniper Networks, Inc. 28
Attacks by Other Customers   Threats •  Provider resources shared with untrusted parties •  CPU, storage, network •  Customer data and applications must be separated •  Failures will violate CIA principles   Countermeasures •  Hypervisors for compute separation •  MPLS, VPNs, VLANs, firewalls for network separation •  Cryptography (strong) •  Application-layer separation (less strong) Copyright © 2009 Juniper Networks, Inc. 29
Availability and Reliability Issues   Threats •  Clouds may be less available than in-house IT •  Complexity increases chance of failure •  Clouds are prominent attack targets •  Internet reliability is spotty •  Shared resources may provide attack vectors •  BUT cloud providers focus on availability   Countermeasures •  Evaluate provider measures to ensure availability •  Monitor availability carefully •  Plan for downtime •  Use public clouds for less essential applications Copyright © 2009 Juniper Networks, Inc. 30
Legal and Regulatory Issues   Threats •  Laws and regulations may prevent cloud computing •  Requirements to retain control •  Certification requirements not met by provider •  Geographical limitations – EU Data Privacy •  New locations may trigger new laws and regulations   Countermeasures •  Evaluate legal issues •  Require provider compliance with laws and regulations •  Restrict geography as needed Copyright © 2009 Juniper Networks, Inc. 31
Perimeter Security Model Broken Copyright © 2009 Juniper Networks, Inc. 32
Perimeter Security Model Data Center Data Applications Safe Zone Enterprise LAN Office User Internet Remote User Copyright © 2009 Juniper Networks, Inc. 33
Perimeter Security with Cloud Computing? Enterprise 2 Cloud Provider Enterprise 1 Enterprise LAN Data Applications Enterprise LAN Office User Internet Remote User Copyright © 2009 Juniper Networks, Inc. 34
Perimeter Security Model Broken   Threats •  Including the cloud in your perimeter •  Lets attackers inside the perimeter •  Prevents mobile users from accessing the cloud directly •  Not including the cloud in your perimeter •  Essential services aren’t trusted •  No access controls on cloud   Countermeasures •  Drop the perimeter model! Copyright © 2009 Juniper Networks, Inc. 35
Integrating Provider and Customer Security   Threat •  Disconnected provider and customer security systems •  Fired employee retains access to cloud •  Misbehavior in cloud not reported to customer   Countermeasures •  At least, integrate identity management •  Consistent access controls •  Better, integrate monitoring and notifications   Notes •  Can use SAML, LDAP, RADIUS, XACML, IF-MAP, etc. Copyright © 2009 Juniper Networks, Inc. 36
Agenda   What is Cloud Computing?   Security Analysis of Cloud Computing   Conclusions Copyright © 2009 Juniper Networks, Inc. 37
Bottom Line on Cloud Computing Security   Engage in full risk management process for each case   For small and medium organizations •  Cloud security may be a big improvement! •  Cost savings may be large (economies of scale)   For large organizations •  Already have large, secure data centers •  Main sweet spots: •  Elastic services •  Internet-facing services   Employ countermeasures listed above Copyright © 2009 Juniper Networks, Inc. 38
Security Analysis Skills Reviewed Today   Information Security Risk Management Process •  Variations used throughout IT industry •  ISO 27005, NIST SP 800-30, etc. •  Requires thorough knowledge of threats and controls •  Bread and butter of InfoSec – Learn it! •  Time-consuming but not difficult   Streamlined Security Analysis Process •  Many variations •  RFC 3552, etc. •  Requires thorough knowledge of threats and controls •  Useful for organization-independent analysis •  Practice this on any RFC or other standard •  Become able to do it in 10 minutes Copyright © 2009 Juniper Networks, Inc. 39
Discussion Copyright © 2009 Juniper Networks, Inc. 40
Copyright © 2009 Juniper Networks, Inc. 41

More Related Content

PDF
Cloud Migration Strategy - IT Transformation with Cloud
byBlazeclan Technologies Private Limited
 
PPTX
Cloud Security
byAWS User Group Bengaluru
 
PPTX
Azure Hub spoke v1.0
bySayed Ashraf Kazi
 
PDF
Designing An Enterprise Data Fabric
byAlan McSweeney
 
PPTX
Big Data & Data Science
byBrijeshGoyani
 
PPTX
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud Migration
byFloyd DCosta
 
PDF
Cloud Migration Checklist | Microsoft Azure Migration
byIntellika
 
PPTX
Manage services presentation
byLen Moncrieffe
 
Cloud Migration Strategy - IT Transformation with Cloud
byBlazeclan Technologies Private Limited
 
Cloud Security
byAWS User Group Bengaluru
 
Azure Hub spoke v1.0
bySayed Ashraf Kazi
 
Designing An Enterprise Data Fabric
byAlan McSweeney
 
Big Data & Data Science
byBrijeshGoyani
 
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud Migration
byFloyd DCosta
 
Cloud Migration Checklist | Microsoft Azure Migration
byIntellika
 
Manage services presentation
byLen Moncrieffe
 

What's hot

PDF
Modernizing to a Cloud Data Architecture
byDatabricks
 
PDF
Prisma Cloud - CyberTech ID Forum 24.pdf
bysatrioyoyo
 
PPTX
Managed Services Presentation
byIISGL
 
PDF
Data Audit Approach To Developing An Enterprise Data Strategy
byAlan McSweeney
 
PDF
Data Architecture Best Practices for Today’s Rapidly Changing Data Landscape
byDATAVERSITY
 
PPTX
Identity and Access Management Introduction
byAidy Tificate
 
PPTX
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
byNicholas Vossburg
 
PPTX
Migration into a Cloud
byDivya S
 
PDF
Modern Data architecture Design
byKujambu Murugesan
 
PDF
Smart Data Strategy EN (1).pdf
byaminnezarat
 
PPTX
Cloud computing security issues and challenges
byDheeraj Negi
 
PDF
DI&A Slides: Data Lake vs. Data Warehouse
byDATAVERSITY
 
PPTX
Data Loss Prevention from Symantec
byArrow ECS UK
 
PPTX
Azure Migration Program Overview
byNicholas Vossburg
 
PPTX
Cloud Based Disaster Recovery (DRaaS)
byPT Datacomm Diangraha
 
PDF
Data Migration PowerPoint Presentation Slides
bySlideTeam
 
PPTX
Deep Learning Technical Pitch Deck
byNicholas Vossburg
 
PPTX
Cloud Computing Architecture
byVasu Jain
 
PPTX
Enterprise Security Architecture
byPriyanka Aash
 
PPTX
Iot data analytics
byUnmesh Ballal
 
Modernizing to a Cloud Data Architecture
byDatabricks
 
Prisma Cloud - CyberTech ID Forum 24.pdf
bysatrioyoyo
 
Managed Services Presentation
byIISGL
 
Data Audit Approach To Developing An Enterprise Data Strategy
byAlan McSweeney
 
Data Architecture Best Practices for Today’s Rapidly Changing Data Landscape
byDATAVERSITY
 
Identity and Access Management Introduction
byAidy Tificate
 
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
byNicholas Vossburg
 
Migration into a Cloud
byDivya S
 
Modern Data architecture Design
byKujambu Murugesan
 
Smart Data Strategy EN (1).pdf
byaminnezarat
 
Cloud computing security issues and challenges
byDheeraj Negi
 
DI&A Slides: Data Lake vs. Data Warehouse
byDATAVERSITY
 
Data Loss Prevention from Symantec
byArrow ECS UK
 
Azure Migration Program Overview
byNicholas Vossburg
 
Cloud Based Disaster Recovery (DRaaS)
byPT Datacomm Diangraha
 
Data Migration PowerPoint Presentation Slides
bySlideTeam
 
Deep Learning Technical Pitch Deck
byNicholas Vossburg
 
Cloud Computing Architecture
byVasu Jain
 
Enterprise Security Architecture
byPriyanka Aash
 
Iot data analytics
byUnmesh Ballal
 

Viewers also liked

PPT
Cloud computing security
byAkhila Param
 
PPT
Cloud computing-security-issues
byAleem Mohammed
 
PPT
Cloud Computing - Security Benefits and Risks
byWilliam McBorrough
 
PPTX
Cloud security ppt
byVenkatesh Chary
 
PPTX
2013 Future of Cloud Computing - 3rd Annual Survey Results
byMichael Skok
 
PDF
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
byVenkateswar Reddy Melachervu
 
PPT
Cloud Computing Security Issues
byDiscover Cloud Computing
 
PPTX
Security in cloud computing
byAbhishek Kumar Sinha
 
PDF
Can we hack open source #cloud platforms to help reduce emissions?
byTom Raftery
 
PDF
2013 State of Cloud Survey SMB Results
bySymantec
 
PDF
Cloud computing & Security presentation
byParveen Yadav
 
PPTX
Simplifying The Cloud Top 10 Questions By SMBs
bySun Digital, Inc.
 
PPTX
Cloud computing security
byAung Thu Rha Hein
 
PPTX
Penetrating the Cloud: Opportunities & Challenges for Businesses
byCompTIA
 
PDF
Summer School Scale Cloud Across the Enterprise
byWSO2
 
PPT
Cloud computing security - Insights
bygiorgiacaleffi
 
PDF
Cloud computing security
byAntonio Sanz Alcober
 
PDF
Cloud Security - Security Aspects of Cloud Computing
byJim Geovedi
 
PDF
Intro to cloud computing — MegaCOMM 2013, Jerusalem
byReuven Lerner
 
PDF
Breaking through the Clouds
byAndy Piper
 
Cloud computing security
byAkhila Param
 
Cloud computing-security-issues
byAleem Mohammed
 
Cloud Computing - Security Benefits and Risks
byWilliam McBorrough
 
Cloud security ppt
byVenkatesh Chary
 
2013 Future of Cloud Computing - 3rd Annual Survey Results
byMichael Skok
 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
byVenkateswar Reddy Melachervu
 
Cloud Computing Security Issues
byDiscover Cloud Computing
 
Security in cloud computing
byAbhishek Kumar Sinha
 
Can we hack open source #cloud platforms to help reduce emissions?
byTom Raftery
 
2013 State of Cloud Survey SMB Results
bySymantec
 
Cloud computing & Security presentation
byParveen Yadav
 
Simplifying The Cloud Top 10 Questions By SMBs
bySun Digital, Inc.
 
Cloud computing security
byAung Thu Rha Hein
 
Penetrating the Cloud: Opportunities & Challenges for Businesses
byCompTIA
 
Summer School Scale Cloud Across the Enterprise
byWSO2
 
Cloud computing security - Insights
bygiorgiacaleffi
 
Cloud computing security
byAntonio Sanz Alcober
 
Cloud Security - Security Aspects of Cloud Computing
byJim Geovedi
 
Intro to cloud computing — MegaCOMM 2013, Jerusalem
byReuven Lerner
 
Breaking through the Clouds
byAndy Piper
 

Similar to Cloud Computing Security

PPTX
Introduction to cloud computing
byJithin Parakka
 
PPTX
Introduction Cloud Computing
byRoel Honning
 
PDF
Cloud Computing at UTM Shillong
byCapgemini
 
PDF
Journey to the cloud- A practical approach (November 7, 2012 Innovation Dinner)
byitnewsafrica
 
PDF
Cisco cloud strategy cisco
byOpenSourceCamp
 
PDF
Lam Chee Keong
byAmelia Velu
 
PDF
Cloud + Soa: Enterprise Service Platform
byvictorlbrown
 
PDF
Truth and Lies about Latency in the Cloud, Jelle Frank v.d. Zwet, Interxion
byCloudOps Summit
 
PDF
MISA Cloud workshop - Cloud 101
byMISA Ontario Cloud SIG
 
PDF
Build 4 The Cloud By Cisco V Mware2
byAzlan NL
 
PPT
Cloud Computing Webinar
bySaif Ahmad
 
PDF
Cloud Computing - Jan 2011 - Chandna
byAsheem Chandna
 
PPT
Chris millercloud
byChris Miller
 
PPT
Cloud computing
byperfectican
 
PDF
MPLS 2010: Network Enabled Cloud and Service Models
byCisco Service Provider
 
PPTX
Swarm Computing Next Generation Clouds and the role of SOA
byJürgen Kress
 
PPTX
considering the cloud? From IaaS to SaaS and Beyond - Find Your Path to the C...
byWeb2Present
 
PDF
Skysphere leverage the cloud
byCornerStone
 
PDF
Cloud Computing by Dindo Fernando
bykristine1018
 
PPTX
The Future of IT
bySimon May
 
Introduction to cloud computing
byJithin Parakka
 
Introduction Cloud Computing
byRoel Honning
 
Cloud Computing at UTM Shillong
byCapgemini
 
Journey to the cloud- A practical approach (November 7, 2012 Innovation Dinner)
byitnewsafrica
 
Cisco cloud strategy cisco
byOpenSourceCamp
 
Lam Chee Keong
byAmelia Velu
 
Cloud + Soa: Enterprise Service Platform
byvictorlbrown
 
Truth and Lies about Latency in the Cloud, Jelle Frank v.d. Zwet, Interxion
byCloudOps Summit
 
MISA Cloud workshop - Cloud 101
byMISA Ontario Cloud SIG
 
Build 4 The Cloud By Cisco V Mware2
byAzlan NL
 
Cloud Computing Webinar
bySaif Ahmad
 
Cloud Computing - Jan 2011 - Chandna
byAsheem Chandna
 
Chris millercloud
byChris Miller
 
Cloud computing
byperfectican
 
MPLS 2010: Network Enabled Cloud and Service Models
byCisco Service Provider
 
Swarm Computing Next Generation Clouds and the role of SOA
byJürgen Kress
 
considering the cloud? From IaaS to SaaS and Beyond - Find Your Path to the C...
byWeb2Present
 
Skysphere leverage the cloud
byCornerStone
 
Cloud Computing by Dindo Fernando
bykristine1018
 
The Future of IT
bySimon May
 

More from Piyush Mittal

PDF
Design pattern tutorial
byPiyush Mittal
 
PDF
Intro to parallel computing
byPiyush Mittal
 
PDF
oracle 9i cheat sheet
byPiyush Mittal
 
PPTX
Cuda Architecture
byPiyush Mittal
 
PDF
Intel open mp
byPiyush Mittal
 
PPT
Basics of Coding Theory
byPiyush Mittal
 
PDF
Java cheat sheet
byPiyush Mittal
 
PDF
Cuda toolkit reference manual
byPiyush Mittal
 
PDF
Git cheat sheet
byPiyush Mittal
 
PPTX
Power mock
byPiyush Mittal
 
PPT
Reflection
byPiyush Mittal
 
PDF
Ubuntu cheat sheet
byPiyush Mittal
 
PDF
Google app engine cheat sheet
byPiyush Mittal
 
PDF
Matrix multiplication using CUDA
byPiyush Mittal
 
PPT
Channel coding
byPiyush Mittal
 
PDF
Php cheat sheet
byPiyush Mittal
 
PDF
Css cheat sheet
byPiyush Mittal
 
PDF
Cpp cheat sheet
byPiyush Mittal
 
PDF
Vi cheat sheet
byPiyush Mittal
 
PPTX
Gpu archi
byPiyush Mittal
 
Design pattern tutorial
byPiyush Mittal
 
Intro to parallel computing
byPiyush Mittal
 
oracle 9i cheat sheet
byPiyush Mittal
 
Cuda Architecture
byPiyush Mittal
 
Intel open mp
byPiyush Mittal
 
Basics of Coding Theory
byPiyush Mittal
 
Java cheat sheet
byPiyush Mittal
 
Cuda toolkit reference manual
byPiyush Mittal
 
Git cheat sheet
byPiyush Mittal
 
Power mock
byPiyush Mittal
 
Reflection
byPiyush Mittal
 
Ubuntu cheat sheet
byPiyush Mittal
 
Google app engine cheat sheet
byPiyush Mittal
 
Matrix multiplication using CUDA
byPiyush Mittal
 
Channel coding
byPiyush Mittal
 
Php cheat sheet
byPiyush Mittal
 
Css cheat sheet
byPiyush Mittal
 
Cpp cheat sheet
byPiyush Mittal
 
Vi cheat sheet
byPiyush Mittal
 
Gpu archi
byPiyush Mittal
 

Recently uploaded

PDF
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
PPTX
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
PDF
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
PDF
WebXR in Android and Linux with OpenXR
byIgalia
 
PDF
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
PDF
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
PDF
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
PPTX
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
PDF
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
PDF
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
PDF
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
PPTX
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
PDF
Dr. Robert Krug - Specializes In Predictive Modeling
byDr. Robert Krug
 
PDF
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
PDF
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
PDF
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
WebXR in Android and Linux with OpenXR
byIgalia
 
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
Dr. Robert Krug - Specializes In Predictive Modeling
byDr. Robert Krug
 
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 
In this document
Powered by AI

Overview of cloud computing and its significance. Key points include definition and the components of the agenda.

Cloud computing is described as scalable resources accessed over a network, including cost efficiency, resource sharing, and the cloud model compared to conventional data centers.

Different cloud computing models include SaaS, DaaS, PaaS, IaaS, IPMaaS, and NaaS. Each provides specific services and features.

Discussion of the advantages (reduced costs, resource sharing) and disadvantages (security issues, compliance) associated with cloud computing.

Various case studies of cloud computing usage by companies such as Mogulus, Animoto, New York Times, and Eli Lilly, highlighting scalability and cost efficiency.

Process of information security risk management outlining steps like risk assessment, treatment planning, and monitoring.

Focuses on identifying critical assets in cloud environments, potential threats, and countermeasures to safeguard against threats.

Discusses threats to perimeter security in cloud computing and suggests countermeasures like integrating customer and provider security.

Summary of security analyses emphasizing risk management processes and the need for appropriate countermeasures depending on organizational size.

Review of skills necessary for effective cloud security analysis, emphasizing the importance of understanding risks and controls.

Wrap-up of the presentation and an invitation for further discussion on the topic of cloud computing and its security aspects.

Cloud Computing Security

  • 1.
    Cloud Computing: Finding the Silver Lining Steve Hanna, Juniper Networks Copyright © 2009 Juniper Networks, Inc. 1
  • 2.
    Agenda   What is Cloud Computing?   Security Analysis of Cloud Computing   Conclusions Copyright © 2009 Juniper Networks, Inc. 2
  • 3.
    Agenda   What is Cloud Computing?   Security Analysis of Cloud Computing   Conclusions Copyright © 2009 Juniper Networks, Inc. 3
  • 4.
    Cloud Computing Defined   Dynamically scalable shared resources accessed over a network •  Only pay for what you use •  Shared internally or with other customers •  Resources = storage, computing, services, etc. •  Internal network or Internet   Notes •  Similar to Timesharing •  Rent IT resources vs. buy •  New term – definition still being developed Copyright © 2009 Juniper Networks, Inc. 4
  • 5.
    Conventional Data Center Data Center Data Applications Enterprise LAN Office User Internet Remote User Copyright © 2009 Juniper Networks, Inc. 5
  • 6.
    Cloud Computing Model Enterprise 2 Cloud Provider Enterprise 1 Enterprise LAN Data Applications Enterprise LAN Office User Internet Remote User Copyright © 2009 Juniper Networks, Inc. 6
  • 7.
    Many Flavors ofCloud Computing   SaaS – Software as a Service •  Network-hosted application   DaaS – Data as a Service •  Customer queries against provider’s database   PaaS– Platform as a Service •  Network-hosted software development platform   IaaS – Infrastructure as a Service •  Provider hosts customer VMs or provides network storage   IPMaaS – Identity and Policy Management as a Service •  Provider manages identity and/or access control policy for customer   NaaS – Network as a Service •  Provider offers virtualized networks (e.g. VPNs) Copyright © 2009 Juniper Networks, Inc. 7
  • 8.
    Cloud Computing Providers DaaS SaaS PaaS IPM Software & Data IPMaaS Infrastructure NaaS IaaS (DC/server) Copyright © 2009 Juniper Networks, Inc. 8
  • 9.
    Cloud Computing Prosand Cons Compliance/regulatory laws mandate on-site Pros ownership of data Reduced costs Resource sharing is more Security and privacy efficient Latency & bandwidth guarantees Management moves to Absence of robust SLAs cloud provider Uncertainty around Consumption based cost interoperability, portability & lock in Faster time to roll out new services Availability & reliability Dynamic resource availability for crunch Inhibitors periods Copyright © 2009 Juniper Networks, Inc. 9
  • 10.
    Who’s using Cloudstoday? Copyright © 2009 Juniper Networks, Inc. 10
  • 11.
    Example: Mogulus   Mogulus is a live broadcast platform on the internet. (cloud customer) •  Producers can use the Mogulus browser-based Studio application to create LIVE, scheduled and on-demand internet television to broadcast anywhere on the web through a single player widget.   Mogulus is entirely hosted on cloud (cloud provider)   On Election night Mogulus ramped to: •  87000 videos @500kbps = 43.5 Gbps •  http://www.mogulus.com Copyright © 2009 Juniper Networks, Inc. 11
  • 12.
    Example: Animoto   Animoto is a video rendering & production house with service available over the Internet (cloud customer) •  With their patent-pending technology and high-end motion design, each video is a fully customized orchestration of user-selected images and music in several formats, including DVD.   Animoto is entirely hosted on cloud (cloud provider)   Released Facebook App: users were able to easily render their photos into MTV like videos •  Ramped from 25,000 users to 250,000 users in three days •  Signing up 20,000 new users per hour at peak •  Went from 50 to 3500 servers in 5 days •  Two weeks later scaled back to 100 servers •  http://www.animoto.com Copyright © 2009 Juniper Networks, Inc. 12
  • 13.
    Example: New YorkTimes   Timesmachine is a news archive of the NY Times available in pdf over the Internet to newspaper subscribers (cloud customer)   Timesmachine is entirely hosted on cloud (cloud provider)   Timesmachine needed infrastructure to host several terabits of data •  Internal IT rejected due to cost •  Business owners got the data up on cloud for $50 over one weekend •  http://timesmachine.nytimes.com Copyright © 2009 Juniper Networks, Inc. 13
  • 14.
    Example: Eli Lilly   Eli Lilly is the 10th largest pharmaceutical company in the world (cloud customer)   Moved entire R&D environment to cloud (cloud provider)   Results: •  Reduced costs •  Global access to R&D applications •  Rapid transition due to VM hosting •  Time to deliver new services greatly reduced: •  New server: 7.5 weeks down to 3 minutes •  New collaboration: 8 weeks down to 5 minutes •  64 node linux cluster: 12 weeks down to 5 minutes Copyright © 2009 Juniper Networks, Inc. 14
  • 15.
    Who’s using Cloudstoday?   Startups & Small businesses •  Can use clouds for everything •  SaaS, IaaS, collaboration services, online presence   Mid-Size Enterprises •  Can use clouds for many things •  Compute cycles for R&D projects, online collaboration, partner integration, social networking, new business tools   Large Enterprises •  More likely to have hybrid models where they keep some things in house •  On premises data for legal and risk management reasons Copyright © 2009 Juniper Networks, Inc. 15
  • 16.
    Agenda   What is Cloud Computing?   Security Analysis of Cloud Computing   Conclusions Copyright © 2009 Juniper Networks, Inc. 16
  • 17.
    Information Security RiskManagement Process (ISO 27005)   Establish Context   Risk Assessment •  Identify Risks •  Identify Assets •  Identify Threats •  Identify Existing Controls •  Identify Vulnerabilities •  Identify Consequences •  Estimate Risks •  Evaluate Risks   Develop Risk Treatment Plan •  Reduce, Retain, Avoid, or Transfer Risks   Risk Acceptance   Implement Risk Treatment Plan   Monitor and Review Risks Copyright © 2009 Juniper Networks, Inc. 17
  • 18.
    Streamlined Security AnalysisProcess   Identify Assets •  Which assets are we trying to protect? •  What properties of these assets must be maintained?   Identify Threats •  What attacks can be mounted? •  What other threats are there (natural disasters, etc.)?   Identify Countermeasures •  How can we counter those attacks?   Appropriate for Organization-Independent Analysis •  We have no organizational context or policies Copyright © 2009 Juniper Networks, Inc. 18
  • 19.
    Identify Assets Copyright ©2009 Juniper Networks, Inc. 19
  • 20.
    Conventional Data Center Data Center Data Applications Enterprise LAN Office User Internet Remote User Copyright © 2009 Juniper Networks, Inc. 20
  • 21.
    Cloud Computing Model Enterprise 2 Cloud Provider Enterprise 1 Enterprise LAN Data Applications Enterprise LAN Office User Internet Remote User Copyright © 2009 Juniper Networks, Inc. 21
  • 22.
    Identify Assets   Customer Data   Customer Applications   Client Computing Devices Copyright © 2009 Juniper Networks, Inc. 22
  • 23.
    Information Security Principles(Triad)   C I A •  Confidentiality •  Prevent unauthorized disclosure •  Integrity •  Preserve information integrity •  Availability •  Ensure information is available when needed Copyright © 2009 Juniper Networks, Inc. 23
  • 24.
    Identify Assets &Principles   Customer Data •  Confidentiality, integrity, and availability   Customer Applications •  Confidentiality, integrity, and availability   Client Computing Devices •  Confidentiality, integrity, and availability Copyright © 2009 Juniper Networks, Inc. 24
  • 25.
    Identify Threats Copyright ©2009 Juniper Networks, Inc. 25
  • 26.
    Cloud Computing Model Enterprise 2 Cloud Provider Enterprise 1 Enterprise LAN Data Applications Enterprise LAN Office User Internet Remote User Copyright © 2009 Juniper Networks, Inc. 26
  • 27.
    Identify Threats   Failures in Provider Security   Attacks by Other Customers   Availability and Reliability Issues   Legal and Regulatory Issues   Perimeter Security Model Broken   Integrating Provider and Customer Security Systems Copyright © 2009 Juniper Networks, Inc. 27
  • 28.
    Failures in ProviderSecurity   Explanation •  Provider controls servers, network, etc. •  Customer must trust provider’s security •  Failures may violate CIA principles   Countermeasures •  Verify and monitor provider’s security   Notes •  Outside verification may suffice •  For SMB, provider security may exceed customer security Copyright © 2009 Juniper Networks, Inc. 28
  • 29.
    Attacks by OtherCustomers   Threats •  Provider resources shared with untrusted parties •  CPU, storage, network •  Customer data and applications must be separated •  Failures will violate CIA principles   Countermeasures •  Hypervisors for compute separation •  MPLS, VPNs, VLANs, firewalls for network separation •  Cryptography (strong) •  Application-layer separation (less strong) Copyright © 2009 Juniper Networks, Inc. 29
  • 30.
    Availability and ReliabilityIssues   Threats •  Clouds may be less available than in-house IT •  Complexity increases chance of failure •  Clouds are prominent attack targets •  Internet reliability is spotty •  Shared resources may provide attack vectors •  BUT cloud providers focus on availability   Countermeasures •  Evaluate provider measures to ensure availability •  Monitor availability carefully •  Plan for downtime •  Use public clouds for less essential applications Copyright © 2009 Juniper Networks, Inc. 30
  • 31.
    Legal and RegulatoryIssues   Threats •  Laws and regulations may prevent cloud computing •  Requirements to retain control •  Certification requirements not met by provider •  Geographical limitations – EU Data Privacy •  New locations may trigger new laws and regulations   Countermeasures •  Evaluate legal issues •  Require provider compliance with laws and regulations •  Restrict geography as needed Copyright © 2009 Juniper Networks, Inc. 31
  • 32.
    Perimeter Security ModelBroken Copyright © 2009 Juniper Networks, Inc. 32
  • 33.
    Perimeter Security Model Data Center Data Applications Safe Zone Enterprise LAN Office User Internet Remote User Copyright © 2009 Juniper Networks, Inc. 33
  • 34.
    Perimeter Security withCloud Computing? Enterprise 2 Cloud Provider Enterprise 1 Enterprise LAN Data Applications Enterprise LAN Office User Internet Remote User Copyright © 2009 Juniper Networks, Inc. 34
  • 35.
    Perimeter Security ModelBroken   Threats •  Including the cloud in your perimeter •  Lets attackers inside the perimeter •  Prevents mobile users from accessing the cloud directly •  Not including the cloud in your perimeter •  Essential services aren’t trusted •  No access controls on cloud   Countermeasures •  Drop the perimeter model! Copyright © 2009 Juniper Networks, Inc. 35
  • 36.
    Integrating Provider andCustomer Security   Threat •  Disconnected provider and customer security systems •  Fired employee retains access to cloud •  Misbehavior in cloud not reported to customer   Countermeasures •  At least, integrate identity management •  Consistent access controls •  Better, integrate monitoring and notifications   Notes •  Can use SAML, LDAP, RADIUS, XACML, IF-MAP, etc. Copyright © 2009 Juniper Networks, Inc. 36
  • 37.
    Agenda   What is Cloud Computing?   Security Analysis of Cloud Computing   Conclusions Copyright © 2009 Juniper Networks, Inc. 37
  • 38.
    Bottom Line onCloud Computing Security   Engage in full risk management process for each case   For small and medium organizations •  Cloud security may be a big improvement! •  Cost savings may be large (economies of scale)   For large organizations •  Already have large, secure data centers •  Main sweet spots: •  Elastic services •  Internet-facing services   Employ countermeasures listed above Copyright © 2009 Juniper Networks, Inc. 38
  • 39.
    Security Analysis SkillsReviewed Today   Information Security Risk Management Process •  Variations used throughout IT industry •  ISO 27005, NIST SP 800-30, etc. •  Requires thorough knowledge of threats and controls •  Bread and butter of InfoSec – Learn it! •  Time-consuming but not difficult   Streamlined Security Analysis Process •  Many variations •  RFC 3552, etc. •  Requires thorough knowledge of threats and controls •  Useful for organization-independent analysis •  Practice this on any RFC or other standard •  Become able to do it in 10 minutes Copyright © 2009 Juniper Networks, Inc. 39
  • 40.
    Discussion Copyright © 2009Juniper Networks, Inc. 40
  • 41.
    Copyright © 2009Juniper Networks, Inc. 41