Cloud computing present

Copyright 2011 The Word & Brown Companies

Cloud ComputingWhat are you afraid of?


Agenda

Review the basics At the “Peak of inflated expectations” -- Gartner’s Hype Cycle for Emerging Technologies

#1 Strategic Technology for 2010

– Technologies You Can’t Afford to Ignore, Gartner

So what is it with Cloud Computing?

EMC shuts down online cloud storage service

Iron Mountain Becomes Third Provider to Exit Public Cloud Storage Market

Gartner predicts less than one-third of cloud investments will reach ROI by 2011

60% of IT decision-makers see cloud computing as helpful to the business

By 2015 Cloud Computing will make up 17% of all IT expenditure worldwide

U.S. Government Adopts “Cloud-first” Policy

Fortune 1000 firms shun public cloud

Feds Shy Away From Public Cloud, Call For Security


At its most promising, Cloud Computing is about evolving IT to enable greater responsiveness to business needs while at the same time driving greater efficiencies.

Successful Cloud computing requires a re-thinking of IT in a way that’s fundamentally different from how we’ve approached IT over the last 30 years.

There are some reasons to be cautious and you can’t simply move existing applications to a cloud infrastructure without understanding the significant differences in the environments.

Maturity of Key Elements has made Cloud Computing viable


• Virtualization• Service Oriented Architecture (SOA)• Broadband Networks• Browser as a Platform• Open Source Software• Horizontal Scaling/“Fail in place computing”


Reasons to Embrace Cloud Computing

Costs – Low start up costs, low cost for sporadic use, moves Capex to Opex

Consolidation Scalability, rapid provisioning/deprovisioning Simplification Reliability Ease of management Ubiquity of access/Device and location independence Disaster Recovery Improve Agility/Innovation Security & Compliance



Optimizing Cost of Capacity

SOURCE: The Open Group, May 2011


Reason to be Wary of Cloud Computing

Costs – especially the predictability of costs Access Performance & Reliability Management Vendor Lock in Ownership Security & Compliance

74% of respondents of a recent survey of senior management, IT operations and security professionals don’t believe the cost savings of cloud computing outweigh the security considerations for their organization*

*SOURCE: nCircle Information Security & Compliance Trend Study, 2010


Reason to be Wary of Cloud Computing


Response to the question: “What is your biggest concern with Cloud Computing?”


Deployment Models

Private Cloud•Accessed by a single enterprise (On or Off-premise)•Not a commercial offering

Private Cloud•Accessed by a single entity - on or off premise•Operated solely for that entity

Public Cloud•Open to use by multiple organizations•Location of data and resources “unknown”

Hybrid Cloud •“Bursting” from Private to Public•Split by tier

Community Cloud •Supports several organizations in a specific community with like interests.•e.g. security, policy, compliance


Five Key Characteristics

1) On-demand Self-service- Individuals can set themselves up with little of no help

2) Ubiquitous Network Access - Available through standard Internet-enabled devices

3) Location Independent Resource Pooling- Processing and storage demands are balanced across a common

infrastructure, with no particular resource assigned to any individual user

4) Rapid Elasticity- Consumers can increase or decrease capacity at will

• Pay Per Use- Consumers are charged fees based on their usage of a combination of

computing power, bandwidth use and/or storage


Delivery Models

Target: Developers, Sys Admins•Server, Storage, Network•OS, Virtualization, File system

Target: Developers •Development tools•Database, Middleware•Infrastructure software

Target: End users• Collaborative applications• ERM, CRM, Supply chain apps• Ops and manufacturing apps• Engineering applications

Infrastructureas a Service

Platformas a Service

Softwareas a Service

Delivery Models


= Managed for You

SaaS PaaS IaaS

Applications

Runtimes

Database

Operating System

Virtualization

Server

Storage

Networking

Cloud Concepts & Terminology


Concerns about Security


Customer Admin

Users

Tenant Tenant

External Web Site

Threats

1. Brute force attacks.

2. Buffer overflows.

3. Canonicalization attacks.

4. Cookie manipulation.

5. Cookie replay attacks.

6. Credential theft.

7. Cross-Site Request Forgery (CSRF).

8. Cross-site scripting (XSS).

9. Connection pooling.

10. Data tampering.

11. Denial of service.

12. Dictionary attack.

13. Disclosure of sensitive/confidential data.

14. Elevation of privilege.

15. Encryption.

16. Information disclosure.

17. Luring attacks.

18. Man-in-the-middle attacks.

19. Network eavesdropping.

20. Open Redirects.

21. Password cracking.

22. Repudiation.

23. Session hijacking.

24. Session replay.

25. Session fixation.

26. Spoofing.

27. SQL injection.

28. Throttling


.

SOURCE: Securing Microsoft's Cloud Infrastructure

Countermeasures1. Assume all input is malicious.

2. Audit and log activity through all of the application tiers

3. Avoid storing secrets.

4. Avoid storing sensitive data in the Web space

5. Back up and regularly analyze log files.

6. Be able to disable accounts.

7. Be careful with canonicalization issues.

8. Catch exceptions.

9. Centralize your input and data validation.

10. Consider a centralized exception management framework.

11. Consider authorization granularity.

12. Consider identity flow.

13. Constrain input.

14. Constrain, reject, and sanitize your input.

15. Cycle your keys periodically.

16. Disable anonymous access and authenticate every principle.

17. Do not develop your own cryptography.

18. Do not leak information to the client. 19. Do not log private data such as passwords.

20. Do not pass sensitive data using the HTTP-GET protocol.

21. Do not rely on client-side validation.

22. Do not send passwords over the wire in plaintext.

23. Do not store credentials in plaintext.

24. Do not store database connections, passwords, or keys in plaintext

25. Do not store passwords in user stores.

26. Do not store secrets in code.

27. Do not store sensitive data in persistent cookies.

28. Do not trust fields that the client can manipulate.

29. Do not trust HTTP header information

30. Encrypt communication channels to protect authentication tokens

31. Encrypt sensitive cookie state

32. Encrypt the contents of the authentication cookies

33. Encrypt the data or secure the communication channel.

34. Enforce separation of privileges.

35. Enforce unique transactions.

36. Identify malicious behavior.



Countermeasures – con’t.

37. Keep unencrypted data close to the algorithm.

38. Know what good traffic looks like.

39. Limit session lifetime.

40. Log detailed error messages.

41. Log key events.

42. Maintain separate administration privileges.

43. Make sure that users do not bypass your checks.

44. Pass Forms authentication cookies only over HTTPS connections.

45. Protect authentication cookies.

46. Provide strong access controls on sensitive data stores.

47. Reject known bad input.

48. Require strong passwords.

49. Restrict user access to system-level resources.

50. Retrieve sensitive data on demand.

51. Sanitize input.

52. Secure access to log files.

53. Secure the communication channel for remote administration

54. Secure your configuration store.

55. Secure your encryption keys.

56. Separate public and restricted areas.

57. Store keys in a restricted location.

58. Support password expiration periods.

59. Use account lockout policies for end-user accounts.

60. Use application instrumentation to expose behavior that can be monitored:

61. Use authentication mechanisms that do not require clear text credentials to be passed over the network:

62. Use least privileged accounts.

63. Use least privileged process and service accounts.

64. Use multiple gatekeepers.

65. Use SSL to protect session authentication cookies.

66. Use strong authentication and authorization on administration interfaces.

67. Use structured exception handling.

68. Use the correct algorithm and correct key length.

69. Use tried and tested platform features.

70. Validate all values sent from the client.

71. Validate data for type, length, format, and range.



Security Models have to change for the Cloud


Security is a shared responsibility


PhysicalPhysical

NetworkNetwork

HostHost

ApplicationApplication

DataData

PhysicalPhysical

NetworkNetwork

HostHost

ApplicationApplication

DataData

Customer Responsibilities Cloud provider Responsibilities

On Premises In The Cloud

Security – on premise


Security – in the Cloud






Ten

an

t Insta

nce

Ten

an

t Insta

nce

Ten

an

t Insta

nce

Ten

an

t Insta

nce

Ten

an

t Insta

nce

Ten

an

t Insta

nce

Ten

an

t Insta

nce

Network

Gues

t A

ge

nt

Guest

Ag

ent

Gues

tA

ge

nt

Gues

tA

ge

nt

Gues

t A

ge

nt

Gues

tA

ge

nt

Gues

t A

ge

nt

Fabric Controll

er

Root VM

Hypervisor

Fire

wall

Fire

wall

Fire

wall

Fire

wall

Fire

wall

Fire

wall

VLANFirewall

Packet Filter

Packet Filter

Fire

wall

Packet FilterFabric Agent

Fabric Agent

Cloud Security is a Paradigm Shift


Much of the traditional infrastructure security moves to the platform and application layers

Network Access Control Lists and Firewalls become host packet filters and virtual firewalls

Reduction of attack surface, least privilege, user authentication and input sanitization are key concerns

Platform and network level encryption play a role, but the developer has increased responsibility for application encryption design



Security Advantages of a Public Cloud

Lives behind enterprise-class firewallLives in very secure facilityThieves may not know where your data livesYour gear is not at risk from disgruntled employeeYou may gain security expertise from your vendorYou vendor may have more rigorous practices around patching, updating and data center managementYou are not alone when defending against DDoSYou are protected from hardware failures



Security Disadvantages of a Public Cloud

Access can be granted from anywhereYour data must travel “in the wild” to the cloudYou are dependent on responsiveness, whims & quality of vendorYou often don’t know where your data resides or how it is comingled with other tenants Attacks on others can have an effect on youYou have limited transparency regarding security controlsAuditing can be difficultYou may be subject to jurisdictional issuesThere is very little established case lawVendor could shut you down suddenly

Cloud computing involves an inherent transfer of control, which creates issues around security and privacy.



Why a public cloud vendor might shut you down…

Decides your customer mailing is spamGoes out of businessIs sold off to your competitorDidn’t properly build in disaster recoveryDidn’t properly plan for appropriate scalingOne of its co-tenants is investigated by the government

Sometimes, just that tenant's servers seized Sometimes, all servers on premises seized Because of resource pooling, any seizure could negatively

affect you


Organizations are moving forward

Question: “What best describes where Cloud Computing fits into yourorganization’s IT roadmap?”



How does a cloud deployment change my risk profile?A cloud computing deployment means you are no longer in complete control of the environment, the data, or the people. A change in control creates a change in risk. Ultimately the data and its sensitivity level will dictate if a cloud model makes sense.

What do I need to do to ensure my existing security policy accommodates the cloud model?A shift to a cloud paradigm is an opportunity to improve your overall security posture and your security policies. Ideally you can extend your existing security policies to accommodate this additional platform.

Will a cloud deployment compromise my ability to meet regulatory mandates?Cloud deployments shift your risk profile and could affect your ability to meet various regulations. Some cloud applications give you strong reporting and are tailored to meet specific regulatory requirements, others are more generic and cannot or will not meet detailed compliance requirements.

Cloud Security: Questions to Ask Before You Jump In

What happens if a breach occurs? How are incidents handled?This is a critical component to your overall agreement with the cloud service provider. The cloud provider (as a service provider), and you as a company may have breach notification policies or regulations you must meet. You must ensure that a cloud provider can support your notification requirements should the need arise.

How do I ensure only authorized employees, partners and customers can access data and applications?Identity and access management is an existing security challenge that is amplified by cloud deployments.

How are my data and applications hosted, and what security technologies are in place?This information can directly affect an organization's ability to comply with certain regulations. Transparency is necessary for you to make informed decisions.


Cloud Security: Questions to Ask Before You Jump In

Expectations are high


The Scale is amazing - Microsoft


The Scale is amazing - Google


Each Container has 1160 servers and power consumption that can reach 250 kilowatts


Some lessons from Amazon's outage (or Microsoft’s or Google’s)

Read your cloud provider’s SLA very carefullyAmazingly, this almost four-day outage has not breached Amazon’s EC2 (Elastic Compute Cloud) SLA, which “guarantees 99.95% availability of the service within a Region over a trailing 365 period.” Since it has been the EBS (Elastic Block Storage) and RDS (Relational Database Services) rather than EC2 itself that failed the SLA has not been breached, legally speaking. Don’t take your provider’s assurances for grantedMany of the affected customers were paying extra to host their instances in more than one Availability Zone (AZ) which are supposed to be physically separate and protect from virtually any failure. Unfortunately, this turned out to be a technical specification rather than a contractual guarantee. There are ways you can supplement a cloud provider’s resilience Decompose resources into independent pools, build in support for quick timeouts and retries, and have interfaces that allow multiple retries of failed requests. Can be difficult if all your experience is in designing tightly-coupled enterprise application stacks that assume a resilient local area network. Successful cloud apps are not your in house apps simply hosted in the cloud.


Some lessons from Amazon's outage (or Microsoft’s or Google’s)

Building in extra resilience comes at a cost Choices about the length of outage you can tolerate have cost consequences. Understanding the trade-offs helps you frame what to ask A good question to ask Cloud vendors — “Do you take down production infrastructure to test your failover?” (Amazon apparently didn’t and it didn’t work as expected)Amazon’s lack of transparency made recovery harder Several affected customers complained of the lack of useful information coming from Amazon during the outage - “Our people can’t read from the tea-leaves how to organize our systems for performance, scalability and most importantly disaster recovery. The difference between ‘reasonable’ SLAs and ‘five-9s’ is the difference between improvisation and the complete alignment of our respective operational processes …” Remember - an inherent transfer of controlMost customers will still forgive Amazon its failingsHowever badly they’ve been affected, providers have sung Amazon’s praises in recognition of how much it’s helped them run a powerful infrastructure at lower cost and effort. In many cases their businesses might not be able to exist at all without a similar infrastructure.

Cloud computing represents virtualization supercharged by automation, and automation always threatens jobs—especially those of lower-skilled employees.

Simply put, cloud computing will displace the jobs of those who perform routine operations tasks. Asking these folks what they think of public cloud computing is like asking a turkey what it thinks of Thanksgiving.

How can the CIO justify sticking with an existing system when SaaS and infrastructure alternatives are (or at least appear to business to be) so much cheaper?

IT organizations will come under pressure to meet the cost structures of the best-of-breed public providers.

Failing to rethink the delivery of services—and the organization necessary to deliver

them—poses a threat to the job tenure of even the most senior IT executives.

Successful IT executives in the future will be those who recognize that their job is infrastructure management at market rates, not asset ownership.


There may be a significant risk in not adopting a Public Cloud model

QuestionsAnd

Discussion


Links


Education

Cloud computing present