Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2009 Juniper Networks, Inc. 1 Cloud Computing: Finding the Silver Lining Steve Hanna, Juniper Networks.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2009 Juniper Networks, Inc. 1 Cloud Computing: Finding the Silver Lining Steve Hanna, Juniper Networks."— Presentation transcript:

1 Copyright © 2009 Juniper Networks, Inc. 1 Cloud Computing: Finding the Silver Lining Steve Hanna, Juniper Networks

2 Copyright © 2009 Juniper Networks, Inc. 2 Agenda  What is Cloud Computing?  Security Analysis of Cloud Computing  Conclusions

3 Copyright © 2009 Juniper Networks, Inc. 3 Agenda  What is Cloud Computing?  Security Analysis of Cloud Computing  Conclusions

4 Copyright © 2009 Juniper Networks, Inc. 4 Cloud Computing Defined  Dynamically scalable shared resources accessed over a network Only pay for what you use Shared internally or with other customers Resources = storage, computing, services, etc. Internal network or Internet  Notes Similar to Timesharing Rent IT resources vs. buy New term – definition still being developed

5 Copyright © 2009 Juniper Networks, Inc. 5 Office User Enterprise LAN Conventional Data Center Internet Remote User Data Center Data Applications

6 Copyright © 2009 Juniper Networks, Inc. 6 Office User Enterprise LAN Cloud Computing Model Internet Cloud Provider Remote User Applications Data Enterprise 1 Enterprise LAN Enterprise 2

7 Copyright © 2009 Juniper Networks, Inc. 7 Many Flavors of Cloud Computing  SaaS – Software as a Service Network-hosted application  DaaS – Data as a Service Customer queries against provider’s database  PaaS– Platform as a Service Network-hosted software development platform  IaaS – Infrastructure as a Service Provider hosts customer VMs or provides network storage  IPMaaS – Identity and Policy Management as a Service Provider manages identity and/or access control policy for customer  NaaS – Network as a Service Provider offers virtualized networks (e.g. VPNs)

8 Copyright © 2009 Juniper Networks, Inc. 8 Cloud Computing Providers NaaS IaaS (DC/server) DaaSSaaSPaaS IPMaaS IPM Software\ & Data Infrastructure

9 Copyright © 2009 Juniper Networks, Inc. 9 Security and privacy Compliance/regulatory laws mandate on-site ownership of data Availability & reliability Inhibitors Uncertainty around interoperability, portability & lock in Latency & bandwidth guarantees Absence of robust SLAs Cloud Computing Pros and Cons Management moves to cloud provider Dynamic resource availability for crunch periods Consumption based cost Resource sharing is more efficient Pros Faster time to roll out new services Reduced costs

10 Copyright © 2009 Juniper Networks, Inc. 10 Who’s using Clouds today?

11 Copyright © 2009 Juniper Networks, Inc. 11 Example: Mogulus  Mogulus is a live broadcast platform on the internet. (cloud customer) Producers can use the Mogulus browser-based Studio application to create LIVE, scheduled and on-demand internet television to broadcast anywhere on the web through a single player widget.  Mogulus is entirely hosted on cloud (cloud provider)  On Election night Mogulus ramped to: 87000 videos @500kbps = 43.5 Gbps http://www.mogulus.com

12 Copyright © 2009 Juniper Networks, Inc. 12 Example: Animoto  Animoto is a video rendering & production house with service available over the Internet (cloud customer) With their patent-pending technology and high-end motion design, each video is a fully customized orchestration of user-selected images and music in several formats, including DVD.  Animoto is entirely hosted on cloud (cloud provider)  Released Facebook App: users were able to easily render their photos into MTV like videos Ramped from 25,000 users to 250,000 users in three days Signing up 20,000 new users per hour at peak Went from 50 to 3500 servers in 5 days Two weeks later scaled back to 100 servers http://www.animoto.com

13 Copyright © 2009 Juniper Networks, Inc. 13 Example: New York Times  Timesmachine is a news archive of the NY Times available in pdf over the Internet to newspaper subscribers (cloud customer)  Timesmachine is entirely hosted on cloud (cloud provider)  Timesmachine needed infrastructure to host several terabits of data Internal IT rejected due to cost Business owners got the data up on cloud for $50 over one weekend http://timesmachine.nytimes.com

14 Copyright © 2009 Juniper Networks, Inc. 14 Example: Eli Lilly  Eli Lilly is the 10th largest pharmaceutical company in the world (cloud customer)  Moved entire R&D environment to cloud (cloud provider)  Results: Reduced costs Global access to R&D applications Rapid transition due to VM hosting Time to deliver new services greatly reduced: New server: 7.5 weeks down to 3 minutes New collaboration: 8 weeks down to 5 minutes 64 node linux cluster: 12 weeks down to 5 minutes

15 Copyright © 2009 Juniper Networks, Inc. 15 Who’s using Clouds today?  Startups & Small businesses Can use clouds for everything SaaS, IaaS, collaboration services, online presence  Mid-Size Enterprises Can use clouds for many things Compute cycles for R&D projects, online collaboration, partner integration, social networking, new business tools  Large Enterprises More likely to have hybrid models where they keep some things in house On premises data for legal and risk management reasons

16 Copyright © 2009 Juniper Networks, Inc. 16 Agenda  What is Cloud Computing?  Security Analysis of Cloud Computing  Conclusions

17 Copyright © 2009 Juniper Networks, Inc. 17 Information Security Risk Management Process (ISO 27005)  Establish Context  Risk Assessment Identify Risks Identify Assets Identify Threats Identify Existing Controls Identify Vulnerabilities Identify Consequences Estimate Risks Evaluate Risks  Develop Risk Treatment Plan Reduce, Retain, Avoid, or Transfer Risks  Risk Acceptance  Implement Risk Treatment Plan  Monitor and Review Risks

18 Copyright © 2009 Juniper Networks, Inc. 18 Streamlined Security Analysis Process  Identify Assets Which assets are we trying to protect? What properties of these assets must be maintained?  Identify Threats What attacks can be mounted? What other threats are there (natural disasters, etc.)?  Identify Countermeasures How can we counter those attacks?  Appropriate for Organization-Independent Analysis We have no organizational context or policies

19 Copyright © 2009 Juniper Networks, Inc. 19 Identify Assets

20 Copyright © 2009 Juniper Networks, Inc. 20 Office User Enterprise LAN Conventional Data Center Internet Remote User Data Center Data Applications

21 Copyright © 2009 Juniper Networks, Inc. 21 Office User Enterprise LAN Cloud Computing Model Internet Cloud Provider Remote User Applications Data Enterprise LAN Enterprise 1 Enterprise 2

22 Copyright © 2009 Juniper Networks, Inc. 22 Identify Assets  Customer Data  Customer Applications  Client Computing Devices

23 Copyright © 2009 Juniper Networks, Inc. 23 Information Security Principles (Triad)  C I A Confidentiality Prevent unauthorized disclosure Integrity Preserve information integrity Availability Ensure information is available when needed

24 Copyright © 2009 Juniper Networks, Inc. 24 Identify Assets & Principles  Customer Data Confidentiality, integrity, and availability  Customer Applications Confidentiality, integrity, and availability  Client Computing Devices Confidentiality, integrity, and availability

25 Copyright © 2009 Juniper Networks, Inc. 25 Identify Threats

26 Copyright © 2009 Juniper Networks, Inc. 26 Office User Enterprise LAN Cloud Computing Model Internet Cloud Provider Remote User Applications Data Enterprise LAN Enterprise 1 Enterprise 2

27 Copyright © 2009 Juniper Networks, Inc. 27 Identify Threats  Failures in Provider Security  Attacks by Other Customers  Availability and Reliability Issues  Legal and Regulatory Issues  Perimeter Security Model Broken  Integrating Provider and Customer Security Systems

28 Copyright © 2009 Juniper Networks, Inc. 28 Failures in Provider Security  Explanation Provider controls servers, network, etc. Customer must trust provider’s security Failures may violate CIA principles  Countermeasures Verify and monitor provider’s security  Notes Outside verification may suffice For SMB, provider security may exceed customer security

29 Copyright © 2009 Juniper Networks, Inc. 29 Attacks by Other Customers  Threats Provider resources shared with untrusted parties CPU, storage, network Customer data and applications must be separated Failures will violate CIA principles  Countermeasures Hypervisors for compute separation MPLS, VPNs, VLANs, firewalls for network separation Cryptography (strong) Application-layer separation (less strong)

30 Copyright © 2009 Juniper Networks, Inc. 30 Availability and Reliability Issues  Threats Clouds may be less available than in-house IT Complexity increases chance of failure Clouds are prominent attack targets Internet reliability is spotty Shared resources may provide attack vectors BUT cloud providers focus on availability  Countermeasures Evaluate provider measures to ensure availability Monitor availability carefully Plan for downtime Use public clouds for less essential applications

31 Copyright © 2009 Juniper Networks, Inc. 31 Legal and Regulatory Issues  Threats Laws and regulations may prevent cloud computing Requirements to retain control Certification requirements not met by provider Geographical limitations – EU Data Privacy New locations may trigger new laws and regulations  Countermeasures Evaluate legal issues Require provider compliance with laws and regulations Restrict geography as needed

32 Copyright © 2009 Juniper Networks, Inc. 32 Perimeter Security Model Broken

33 Copyright © 2009 Juniper Networks, Inc. 33 Office User Enterprise LAN Perimeter Security Model Internet Remote User Data Center Data Applications Safe Zone

34 Copyright © 2009 Juniper Networks, Inc. 34 Office User Enterprise LAN Perimeter Security with Cloud Computing? Internet Cloud Provider Remote User Applications Data Enterprise LAN Enterprise 1 Enterprise 2

35 Copyright © 2009 Juniper Networks, Inc. 35 Perimeter Security Model Broken  Threats Including the cloud in your perimeter Lets attackers inside the perimeter Prevents mobile users from accessing the cloud directly Not including the cloud in your perimeter Essential services aren’t trusted No access controls on cloud  Countermeasures Drop the perimeter model!

36 Copyright © 2009 Juniper Networks, Inc. 36 Integrating Provider and Customer Security  Threat Disconnected provider and customer security systems Fired employee retains access to cloud Misbehavior in cloud not reported to customer  Countermeasures At least, integrate identity management Consistent access controls Better, integrate monitoring and notifications  Notes Can use SAML, LDAP, RADIUS, XACML, IF-MAP, etc.

37 Copyright © 2009 Juniper Networks, Inc. 37 Agenda  What is Cloud Computing?  Security Analysis of Cloud Computing  Conclusions

38 Copyright © 2009 Juniper Networks, Inc. 38 Bottom Line on Cloud Computing Security  Engage in full risk management process for each case  For small and medium organizations Cloud security may be a big improvement! Cost savings may be large (economies of scale)  For large organizations Already have large, secure data centers Main sweet spots: Elastic services Internet-facing services  Employ countermeasures listed above

39 Copyright © 2009 Juniper Networks, Inc. 39 Security Analysis Skills Reviewed Today  Information Security Risk Management Process Variations used throughout IT industry ISO 27005, NIST SP 800-30, etc. Requires thorough knowledge of threats and controls Bread and butter of InfoSec – Learn it! Time-consuming but not difficult  Streamlined Security Analysis Process Many variations RFC 3552, etc. Requires thorough knowledge of threats and controls Useful for organization-independent analysis Practice this on any RFC or other standard Become able to do it in 10 minutes

40 Copyright © 2009 Juniper Networks, Inc. 40 Copyright © 2009 Juniper Networks, Inc. 40 Discussion

41 Copyright © 2009 Juniper Networks, Inc. 41 Copyright © 2009 Juniper Networks, Inc. 41

Download ppt "Copyright © 2009 Juniper Networks, Inc. 1 Cloud Computing: Finding the Silver Lining Steve Hanna, Juniper Networks."

Similar presentations

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.
Public cloud definition Public cloud is a cloud in which Cloud infrastructure is available to the general public. Public cloud define cloud computing.

Public cloud definition Public cloud is a cloud in which Cloud infrastructure is available to the general public. Public cloud define cloud computing.
Cloud Computing 1100101 (101).

Cloud Computing (101).
Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.

Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.
Cloud Computing Security

Cloud Computing Security
Cloud Usability Framework

Cloud Usability Framework
Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Wally Kowal, President and Founder Canadian Cloud Computing Inc.
M.A.Doman 2011. Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Engineering the Cloud Andrew McCombs March 10th, 2011.

Engineering the Cloud Andrew McCombs March 10th, 2011.
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
Addition to Networking.  There is no unique and standard definition out there  Cloud Computing is a general term used to describe a new class of network.

Addition to Networking.  There is no unique and standard definition out there  Cloud Computing is a general term used to describe a new class of network.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
INTRODUCTION TO CLOUD COMPUTING Cs 595 Lecture 5 2/11/2015.

INTRODUCTION TO CLOUD COMPUTING Cs 595 Lecture 5 2/11/2015.
SOFTWARE AS A SERVICE PLATFORM AS A SERVICE INFRASTRUCTURE AS A SERVICE.

SOFTWARE AS A SERVICE PLATFORM AS A SERVICE INFRASTRUCTURE AS A SERVICE.
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.

VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.
1 © 2009 Cisco Systems, Inc. All rights reserved.Cisco PublicC97-541444-00 Cloud Computing: What’s on the Horizon Daniel Bogda Channel SE.

1 © 2009 Cisco Systems, Inc. All rights reserved.Cisco PublicC Cloud Computing: What’s on the Horizon Daniel Bogda Channel SE.
Introduction to Cloud Computing

Introduction to Cloud Computing
“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

Similar presentations

Ads by Google