Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
The Future Of Cloud Computing
1
Thursday, September 1, 11
::Setting Some Context
Cloud Computing is a natural, disruptively innovative and timely opportunistic response to a converging set of socio-economic, political, cultural and technological stimuli*
*It’s also a really good marketing job...
2
Thursday, September 1, 11
::Setting Some Context
Cloud is an adaptive operational model, not a particular technology and there are lots of different types of Clouds.
3
Thursday, September 1, 11
::The Technician’s Definition
Public Private Hybrid CommunityDeployment
Models
So5wareasa
Service(SaaS)
Pla:ormasa
Service(PaaS)
Infrastructureasa
Service(IaaS)
Delivery
Models
Essen2al
Characteris2cs
Broad
NetworkAccess
ResourcePooling
RapidElasEcity MeasuredServiceOn‐Demand
Self‐Service
VisualModelOfNISTWorkingDefiniEonOfCloudCompuEng
h7p://www.csrc.nist.gov/groups/SNS/cloud‐compu2ng/index.html
Thursday, September 1, 11
:: The Consumer’s Definition
Everything Is Cloud...Thursday, September 1, 11
::Key Ingredients In Cloud
Abstraction of Infrastructure
Resource Democratization
Services Oriented
Self-Service
On-Demand Elasticity/Dynamism With a Utility Model Of Consumption & Allocation
6
Thursday, September 1, 11
Centralized
Distributed
Mostly Distributed
Unreliable/Slow
Reliable/Fast More Reliable/Faster
Compute
Data
Bandwidth
Mostly Reliable/Fast
Mostly Centralized
Display
:: We’ve Been Here Before...Mainframes
Client/Server
Web1.0
Web2.0
The Cloud
Mobility
Thursday, September 1, 11
Three delivery models that people talk about about when they say “Cloud”:
:: The “SPI” Model
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
End Users
Developers
System Adminstrators
What Do TheseLook Like?}
Thursday, September 1, 11
IaaS Security :: Guest/Host-Based
Hardware
APIs
Facilities
Infr
as
tru
ctu
re a
s a
Se
rvic
e (
Iaa
S)Core Connectivity & Delivery
Abstraction
IaaS
Provider secures “their” infrastructure to maximize availability & multi-tenancy
Remainder of the stack (and confidentiality, integrity) is your problem
General focus is on VM’s & Guest-Based
Provider
ConsumerVMs/Containers
OS & Applications
Data
Thursday, September 1, 11
Provider owns the compute, network, storage layers & programmatic interface security
The consumer creates the applications based upon supported development environment
Writing secure applications and ensuring your data is safe is your responsibility
PaaS Security :: Programmatic
PaaS
Hardware
APIs
Integration & Middleware
Facilities
Infr
astr
uctu
re a
s a
Serv
ice (
IaaS
)
Pla
tfo
rm a
s a
Serv
ice (
PaaS
)Core Connectivity & Delivery
Abstraction
Applications
Provider
ConsumerData
Thursday, September 1, 11
SaaS Security :: All or Nothing
Hardware
APIs
Integration & Middleware
Applications
PresentationModality
Facilities
Infr
as
tru
ctu
re a
s a
Se
rvic
e (
Iaa
S)
Pla
tfo
rm a
s a
Se
rvic
e (
Pa
aS
)
So
ftw
are
as
a S
erv
ice
(S
aa
S)Core Connectivity & Delivery
Abstraction
APIs
PresentationPlatform
Data Metadata Content
SaaS
Provider
The Provider Owns the Entire Stack
Security (C, I and A) Become A Contract Negotiation
Traditional Security & Compliance Functions Are More Administrative & Policy-Focused
Thursday, September 1, 11
:: What This Means To Security
Hardware
APIs
Facilities
Infr
as
tru
ctu
re a
s a
Se
rvic
e (
Iaa
S)Core Connectivity & Delivery
Abstraction
IaaS
Provider
Consumer
VMs/Containers
OS & Applications
Data
PaaS
Hardware
APIs
Integration & Middleware
Facilities
Infr
astr
uctu
re a
s a
Serv
ice (
IaaS
)
Pla
tfo
rm a
s a
Serv
ice (
PaaS
)Core Connectivity & Delivery
Abstraction
Applications
Provider
ConsumerData
Hardware
APIs
Integration & Middleware
Applications
PresentationModality
Facilities
Infr
as
tru
ctu
re a
s a
Se
rvic
e (
Iaa
S)
Pla
tfo
rm a
s a
Se
rvic
e (
Pa
aS
)
So
ftw
are
as
a S
erv
ice
(S
aa
S)Core Connectivity & Delivery
Abstraction
APIs
PresentationPlatform
Data Metadata Content
SaaS
Provider
Build It In Contract It In
Thursday, September 1, 11
:: The PunchlineIn The Simplest Of Terms, Using Cloud Means Imagining Applications & Information Across All Tiers Have The Potential To Be Connected Directly To The Internet...
We Can’t Trust The Provider, So We Must Engineer Security Into Design Patterns Across The Entire Stack
Any “Dumb” Component In The Stack Compromises The Integrity Of the Entire Stack...
APIs, Intelligence and Automation EVERYWHERE
13
Thursday, September 1, 11
All About Gracefully Giving Up Direct Operational Control Over Infrastructure
Thursday, September 1, 11
It All Comes Down To Trust...
Thursday, September 1, 11
Toward A Secure Cloud Future...
16
Thursday, September 1, 11
Journey To the Cloud Made Simple
Virtual Private Cloud
Stand-AloneData Centers
VirtualizedData Centers
Cloud Brokers
Hybrid Clouds
Intercloud
Federation / Workload Portability / Interoperability
Public Cloud
Private Cloud
Thursday, September 1, 11
Simple, Right?
18
Thursday, September 1, 11
Let’s Ask The Magic Cloud 8-Ball
19
Thursday, September 1, 11
Is This A Major Shift?
20
Is Cloud A Major Shift In IT?
Thursday, September 1, 11
Will Everything Move To The Cloud?
21
Thursday, September 1, 11
Is All We Know & Do Today In Security Worthless In Cloud?
22
Thursday, September 1, 11
Is The Cloud More Secure?
23
Thursday, September 1, 11
Without Context, Silly Question
24
Thursday, September 1, 11
More Secure Than What?
25
Thursday, September 1, 11
Can We Trust The Cloud?
26
Thursday, September 1, 11
So I Have Options Today?
27
Thursday, September 1, 11
So, What’s The Future Of Cloud?
28
Thursday, September 1, 11
So, What’s The Future Of Cloud?
29
Thursday, September 1, 11
So, What’s The Future Of Cloud?
30
Thursday, September 1, 11
So, What’s The Future Of Cloud?
31
Thursday, September 1, 11
::The Internet Of Things
Cisco 2010 Mid-Year Security ReportThursday, September 1, 11
There Are ~4,100,000,000 Of These....
33
Thursday, September 1, 11
...and 6,797,100,000 Of These
34
*http://en.wikipedia.org/wiki/List_of_countries_by_number_of_mobile_phones_in_use
Thursday, September 1, 11
So While Mega Data Centers Re-Centralize Our Apps & Data In Fewer & Fewer Locations Thanks to Cloud...
35
Thursday, September 1, 11
These Little devices -- Distributed Everywhere -- Have Amazingly Powerful Processors, Lots Of Memory, Near-Ubiquitous Connectivity and Native Apps & Data...
36
Thursday, September 1, 11
The Consumption Modality Will Ultimately Become More Important Than The Back-End Delivery
Mechanism
37
Thursday, September 1, 11
How Will You Choose What To Protect & Where Will You Choose To Invest To Protect It?
38
Thursday, September 1, 11
The Eight Things That Matter (Again)
39
Open Standards & APIs
Programmability & Automation
Evolution of Name Spaces & Registries
Transparency & Visibility
{Id}Entity and Authentication
Mobility
Privacy & Law
Information Centricity & System Survivability
Thursday, September 1, 11
What Does That Mean?
40
Thursday, September 1, 11
Abstraction As Distraction
41
Cloud is a fantastic forcing function, let’s embrace it!
Stay grounded: think globally, act locally
The Cloud is De-Perimeterization...amplified
Plan for FAIL | Re-architecting Means: Information Centricity & Survivability
Public, Private, Hybrid? : All comes down to trust models
Cloud is an iteration of a platform and an operational model, approach it as such and manage risk appropriately
Focus on the data. It’s what we’re all concerned with in the first place.
Thursday, September 1, 11
So What Will Cloud Bring Tomorrow?
42
Thursday, September 1, 11
Does It Really Matter?
43
Thursday, September 1, 11
What Are You Doing To Secure What You
Have Today?
44
Thursday, September 1, 11
So, Can We Trust The Cloud?
45
Thursday, September 1, 11
Can You Afford Not To?
46
Thursday, September 1, 11
Find Out:
47
www.cloudsecurityalliance.org http://www.enisa.europa.eu
Thursday, September 1, 11