Post on 04-Nov-2014
description
Cloud Computing 101Kevin Riggins
Wednesday, 2:45
Just the Facts Ma’am.
Welcome to secure360 2012 Did you remember to scan your badge for CPE
Credits? Ask your Room Volunteer for assistance.
Please complete the Session Survey front and back (this is Room 12), and leave on your seat.
Note: “Session” is Tuesday or Wednesday
Are you tweeting? #Sec360
What the &^%$ is Cloud?Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.
~ NIST SP800-145
What the &^%$ is Cloud?Broad
Network Access
RapidElasticity
MeasuredService
On-DemandSelf-Service
Resource Pooling
Software as aService (SaaS)
Platform as aService (PaaS)
Infrastructure as a
Service (IaaS)
Community
HybridPrivatePublic
NIST Visual Model of Cloud Computing
Essential Characteristics
Service Models
Deployment Models
Essential Characteristics
Cloud
Wait! Over
Here Too!
Yup,Here Too
FromHere
FromHere
Broad Network Access
Essential Characteristics
Little Cloud
Bigger Cloud
Little Cloud
Rapid Elasticity
Zoom
Zoom
Essential Characteristics
Measured Service
A Little
Middlin’
A Lot
Time
Essential Characteristics
On-Demand Self-Service
I want to do
it. NOW!
Essential Characteristics
Resource Pooling
Everybody uses the same water.
Service Models
Facilities
Hardware
Abstraction
Core Connectivity & DeliveryAPIs
Integration and Middleware
IaaS
(Infr
ast
ruct
ure
as
a S
erv
ice)
PaaS
(Pla
tform
as
a S
erv
ice)
Data ContentMetadata
APIs
Applications
Presentation Modality
Presentation Platform
SaaS
(Soft
ware
as
a S
erv
ice)
Service Models
Here’s a bunch of logs, have at it.
IaaS
Service Models
Here’s a foundation, some tools, and more materials. Knock yourself out.
PaaS
Service Models
It’s all in there. Just move in.
SaaS
Who’s In Control?
Less ControlAs We Go Up
IaaS
PaaS
SaaS
Deployment Models
Private
Community
Public
Hybrid
Deployment Models
Private
Source: http://dogs.icanhascheezburger.com/2012/03/16/funny-dog-pictures-mine-all-mine-2/
Deployment Models
Public
Source: http://popupcity.net/2009/11/on-moscows-public-toilets/
Deployment Models
Community
Deployment Models
Hybrid
http://www.coolfunnycomments.com/funnypictures/dogs_041.html
Actors
Consumer
Provider Broker Auditor Carrier
Things to Think About
Backups Encryption Logging Authenticatio
n Access
control Monitoring
Visibility Compliance Availability Audit Disaster Rec. Monitoring
Great! But…. should I use the Cloud?
Questions to Ask Yourself
How would we be harmed if
the asset became widely
public and widely distributed?
Questions to Ask Yourself
How would we be harmed if an
employee of our cloud provider
accessed the asset?
Questions to Ask Yourself
How would we be harmed if
the process or function were
manipulated by an outsider?
Questions to Ask Yourself
How would we be harmed if the
process or function failed to
provide expected results?
Questions to Ask Yourself
How would we be harmed if
the information/data were
unexpectedly changed?
Questions to Ask Yourself
How would we be harmed if
the asset were unavailable for
a period of time?
References
NIST SP800-145 Cloud Definitionhttp://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
NIST SP800-146 Cloud Computing Synopsis and Recommendations http://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdf
NIST SP500-292 Cloud Computing Reference Architecturehttp://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505
Cloud Security Alliance Guidancehttps://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf
ENISA Cloud Risk Assessmenthttp://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment
Australian DoD Cloud Security Considerationshttp://www.dsd.gov.au/publications/Cloud_Computing_Security_Considerations.pdf
Jericho Cloud Cubehttps://collaboration.opengroup.org/jericho/cloud_cube_model_v1.0.pdf
Cloud Security Ruleshttp://www.amazon.com/The-Cloud-Security-Rules-Technology/dp/1463691785
Questions?
Twitter: @kriggins, @infosecramblinsEmail: kriggins@infosecramblings