Securing Cloud Services

  • View
    1.638

  • Download
    1

Embed Size (px)

DESCRIPTION

HP Technology Forum, June 2009, Las Vegas

Text of Securing Cloud Services

  • 1. Securing Cloud Services John Rhoton Distinguished Technologist HP EDS CTO Office June 2009

2.

  • Overview of Cloud
  • Security benefits
  • Security challenges
  • HP Solutions

Agenda 3.

  • Overview of Cloud
  • Security benefits
  • Security challenges
  • HP Solutions

Agenda 4. So, What is Cloud Computing?

  • The 451 Group:The cloud is IT as a Service, delivered by IT resources that are independent of location
  • Gartner:Cloud computing is a style of computing where massively scalable IT-related capabilities are provided as a service across the Internet to multiple external customers
  • Forrester:A pool of abstracted, highly scalable, and managed infrastructure capable of hosting end-customer applications and billed by consumption
  • Wikipedia:Astyle of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure "in the cloud" that supports them.

A large pool of easily usable and accessible virtualized resources (such as hardware, development platforms and/or services). These resources can be dynamically reconfigured to adjust to a variable load (scale), allowing also for an optimum resource utilization. This pool of re-sources is typically exploited by a pay-per-use model in which guarantees are offered by the Infrastructure Provider by means of customized SLAs. Vaquero, Rodero-Merino, Caceres, Lindner 5. Cloud Attributes

  • Off-premise
  • Outside Firewall
  • Delivered over Internet
  • Available on Demand
  • Scalable
  • Elastic
  • Utility billed
  • Multi-tenant
  • Virtualised
  • Available as Service
  • Location independent
  • SOA?
  • Grid?
  • Web 2.0?

Private versus Public Cloud 6. Innovation & Impact

  • Innovation
    • Incremental
    • Individually not impressive or not recent
    • Compare Internet
      • TCP/IP, HTTP, HTML, PC
  • Impact
    • IT: New platforms, Service delivery models
    • Business: Capex, Opex, Agility
    • Economic: Entry barriers, Startup speed, Startup numbers
    • Political: Regulation, Compliance

June 19, 2009 7. Massive Scale-out and the Cloud 17 Decmeber 2008

    • 2938:The Value of Cloud in the Business Technology Ecosystem

Enterprise Class Global class On-premise Hybrid/off-premise 100s -1000s of nodes 10,000+nodes Proprietary Commodity HW resiliency SW resiliency Max performance Max efficiency Siloed Resources Shared Resources Cost-Center Clusters Grids/Cloud Value/ Revenue-Center Static Elastic Shared storage Replicated storage Facility costs Power Usage Efficiency 8. Market context A service-centric perspective sheds light on all value chain constituents S S S External services In-houseservices Cloud services Massive scale-outinfrastructure Global-classsoftware Enterprise-class software Dedicated and shared infrastructure Enterprise-class software Dedicated and sharedinfrastructure

    • 2938:The Value of Cloud in the Business Technology Ecosystem

Business users Cloud service provider Hosted/ outsourcedservice provider IT organization internal service provider Businessoutcome 9. Cloud Model Integration Operation Governance Hardware Computation Storage Memory Colocation Real Estate Cooling Power Bandwidth Virtualisation Provisioning Billing Virtualisation Platform Programming Language Development Environment APIs Application CRM UC Email ....... ....... 10. Cloud Landscape Governance Operation Integration Infrastructure Platform Software 11. Why Cloud Computing?

  • Cost reduction
    • Benefit from economies of scale and experience curve
    • Predictability of spend
    • Avoids cost of over-provisioning
    • Reduction in up-front investment
  • Risk reduction
    • Offload risk or running the data-centre, data protection, and disaster recovery
    • Reduces risk of under-provisioning
  • Focus on core competency
    • Reduce effort and administration related to IT
    • Automatic service evolution
  • Flexibility
    • Roll-out new services, retire old
    • Scale up and down as needed; quickly
    • Faster time to market: Lower barriers to innovation
    • Access from any place, any device, any time

12.

  • Overview of Cloud
  • Security benefits
  • Security challenges
  • HP Solutions

Agenda 13. Security Benefits and Opportunities

  • Cloud providers undergo rigorous audits
  • Isolation of customer and employee data
  • Disaster Recovery extensions
  • Centralised monitoring
  • Forensic readiness
  • Password assurance testing
  • Pre-hardened builds
  • Security testing
  • Obfuscation of physical infrastructure

June 19, 2009 14.

  • Overview of Cloud
  • Security benefits
  • Security challenges
  • HP Solutions

Agenda 15. Challenges

  • Governance
  • Compliance
  • Data Privacy
  • Service Availability
    • Vendor Lock-in
    • Latency
  • Identity Management
  • Lock-in
  • Rogue Clouds

June 19, 2009 16. Governance June 19, 2009 17. Compliance

  • Sarbanes Oxley
  • HIPAA
  • FDA
  • Basel II
  • PCI
  • FISMA
  • GLBA
  • OSHA
  • ISO 27002

June 19, 2009 18. Data Privacy June 19, 2009 19. Resilience

  • Service Availability
  • Integration risks
  • Business Continuity
  • Latency
  • Fault Tolerance

June 19, 2009 20. Identity Management

  • Authentication
  • Authorisation
    • Access rights
  • Federation
    • Interoperability
    • Standards
      • XACML, SAML
  • Rapid provisioning
    • Immediate de-provisioning
  • Identity theft

June 19, 2009 21. Cloud Computing: Models Enterprise Data Storage Service Office Apps On Demand CPUs Printing Service CloudProvider #1 CloudProvider #2 Internal Cloud CRM Service Service 3 Backup ServiceILM Service Service Service Service Business Apps/Service Employee User TheInternet 22. Identity in the Cloud: Enterprise Case Enterprise Data Storage Service Office Apps On Demand CPUs Printing Service CloudProvider #1 CloudProvider #2 Internal Cloud CRM Service Service 3 Backup ServiceILM Service Service Service Service Business Apps/Service Employee TheInternet Identity & Credentials Identity & Credentials Identity & Credentials Identity & Credentials Identity & Credentials Identity & Credentials Identity & Credentials Authentication Authorization Audit Authentication Authorization Audit Authentication Authorization Audit Authentication Authorization Audit User Account Provisioning/ De-provisioning User Account Provisioning/ De-provisioning User Account Provisioning/ De-provisioning User Account Provisioning/ De-provisioning PII Data & Confidential Information PII Data & Confidential Information PII Data & Confidential Information PII Data & Confidential Information IAM Capabilitiesand Services Can beOutsourced in The Cloud 23. Lock-in

  • IaaS
    • Standard Hardware, Software
    • Low Risk
  • PaaS
    • Programming Language,
    • APIs
    • Data Extraction
  • SaaS
    • Data Extraction
    • Functionality, User retraining
  • Assess Vendor viability

June 19, 2009 24. Rogue Clouds

  • Shadow IT may circumvent Central IT
  • Suboptimal Resource allocation
  • Disregard Compliance
  • Compromise Information Security

June 19, 2009 25. Cloud Security Activity and Standards

  • Cloud Security