Post on 17-Jan-2016
Cloud Computing
Definition
The Cloud is a metaphor for the Internet Cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction1
Five characteristics Three service models Four deployment models
Essential Characteristics
On-demand self-service Broad network access Resource pooling Rapid elasticity Measured service
Service Models
Software as a Service (SaaS) Capability provided is to use the provider’s applications running on a
cloud infrastructure Applications accessible from various client devices and interfaces (e.g.
web browser, thin client) Consumer does not manage or control the underlying cloud infrastructure
including network, servers, operating system, storage or application capabilities, with the possible exception of user-specific settings.
Examples Google
Salesforce
GoTo Meeting
WebEx
Picasa
Service Models
Platform as a Service (PaaS) The capability provided is to deploy onto the cloud infrastructure
consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider.
The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage.
The consumer has control over the deployed applications and possibly configuration settings for the application-hosting environment.
Examples
Force.com
Google App Engine
Heroku
Service ModelsInfrastructure as a Service (IaaS)
The capability provided is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.
The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).
Examples Rackspace
Amazon Web Services
Microsoft Azure
2
Deployment Models
Private cloud The cloud infrastructure is provisioned for exclusive use by a
single organization comprising multiple consumers (e.g., business units).
It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
Community cloud The cloud infrastructure is provisioned for exclusive use by a
specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations).
It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.
Deployment Models
Public cloud The cloud infrastructure is provisioned for open use by the
general public. It may be owned, managed, and operated by a business,
academic, or government organization, or some combination of them.
It exists on the premises of the cloud provider.
Hybrid cloud The cloud infrastructure is a composition of two or more
distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
Public Cloud
Private Cloud
Hybrid Cloud
Contro
l/Govern
ance
Eco
nom
ies
of
Sca
le
Economies of Scale vs Control and Governance
Pros
Scale and Cost Next Generation
Architecture Choice and Agility Environmentally Friendly Improved Disaster Recovery Ubiquitous Device, OS and Browser
Independent Lower Software Costs Lower Hardware Costs
Cons
Internet Connection Dependent Reliability Lack of Control Security Ongoing Costs Non-negotiable Agreements No Hard Drive Lack of Full Support Software Incompatibility Multiple Logon IDs
and Passwords
Security and Logon Management
Know who is supposed to have access to each resource and service
Limit data access based on user context Take a risk-based approach to securing assets used in the
cloud Extend security to the device Add intelligence to network protection Have internal processes to deactivate ALL user accounts upon
termination Single Sign On (SSO) and AD Integration are not necessarily
the Holy Grail
Contracts
Read and understand the entire contract Know your rights May be expensive to break and result in data
loss
Backups
Typically handled by the vendor Verify the process
How are backups stored? Frequency Can you restore data or do you rely on the vendor? Level of restoration
Server
File/Mailbox
Vendor Security and Availability
Data Center Verify physical location and hardware Verify security
Who comes and goes
How and when your information is updated
AvailabilityGuaranteed up timeFailover and redundancyColocation center (see Data Center above)Bandwidth available
Interaction with Organization Resources Data feeds
Format and type Frequency Downtime Who develops
Direct Connection Terminology Ensure desired results
Active Directory More than user credentials
Non-Business Use or Interaction
Corporate Devices BYOD
BYOD
Allure Staff bear the cost of device Staff know how to use the device Carry only one phone
Reality Costs may be higher More complex to manage
Access Considerations
Email HRIS Network Resources Financial Data Protected Health Information (PHI)
Security Considerations
Device Password Protection Encryption
Device/OS Specific 3rd Party (e.g. TouchDown)
Malware Apps Stolen or Lost Devices Can you wipe the device?
If so, what about personal information?
BYOD Security Approaches
Mobile Device Management – MDM MobileIron Airwatch (VMWare) JAMF Software iOS MDM Good Technology
Identity Management – IDM Meru Identity Manager (Meru Networks) IDSentrie (A10 Networks)
Network Access Control – NAC Stealthwatch (Lancope) ClearPass (Aruba) Aerohive Hive Manager
Resources/References
Four IT shops, four approaches to BYOD network security, David Geer, TechTarget.com, January 2013
1http://www.nist.gov/
2Introduction to Cloud Computing, ProfEdge Solutions Pvt Ltd., Jul 6, 2013, http://www.slideshare.net/ProfEdge/introduction-to-cloud-computing-23970527
http://www.merunetworks.com
http://www.mobileiron.com
http://www.aerohive.com
http://www.air-watch.com
https://www1.good.com
http://www.jamfsoftware.com
http://www.a10networks.com
https://www.lancope.com
http://www.arubanetworks.com