Cloud Computing: The Basics, Benefits and Risks
-
Upload
cally-reynolds -
Category
Documents
-
view
45 -
download
1
description
Transcript of Cloud Computing: The Basics, Benefits and Risks
Cloud Computing:The Basics, Benefits and Risks
Image: http://www.dralnux.com/wp-content/uploads/2010/05/cloud.jpg
What is the Cloud?National Institute of Standards and Technology• “Cloud computing is a model for enabling convenient, on-
demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
National Archives and Records Administration• “Cloud computing is a technology that allows users to access
and use shared data and computing services via the Internet or a Virtual Private Network. It gives users access to resources without having to build infrastructure to support these resources within their own environments or networks.”
Cloud Image: http://bgilmore.net/wp-content/uploads/2009/02/cloud1.png
Resource pooling: The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand
Broad network access: Capabilities are available over the network and accessed through standard mechanisms (e.g., laptops, mobile devices, etc.)
Rapid elasticity: Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in
On-demand self-service: A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service's provider
Measured Service: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts)
Through the internet, many services can be accessed, including Software, Platform, or Infrastructure
Software as a Service (SaaS)
Software as a Service is the most common form of Cloud Computing. It is the capability to use the provider’s applications running on a cloud
infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based
email).
Platform as a Service is the capability to deploy onto the cloud infrastructure consumer-created or acquired applications created using
programming languages and tools supported by the provider.
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Infrastructure as a Service is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to
deploy and run arbitrary software, which can include operating systems and applications. With virtualization techniques it is packaged into small units that
are delivered like water or electricity
There are several different ways of deploying the Cloud. Each different way has its own group of standard users and service levels.
Different Types of Clouds
•Public cloud: The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Applications like Gmail are part of the public cloud.
•Community cloud: The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). A municipality may make use of community clouds.
•Private cloud: The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. Most Used.
•Hybrid cloud: The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds). Think Google and Amazon.
Levels of Deployment
What is the Cloud Used For?
• Backup• Collaboration• Distribution• Archiving
• Email storage is number one.
Cloud Examples
• Toyota uses Microsoft for tracking roadside assistance.
• LAPD may use Google for email. Problem with Federal Security requirements for storing law enforcement records.
• General Services Administration in US uses IaaS and is looking at PaaS and SaaS.
• NARA has directed agencies on how to comply with federal records regulations while using cloud.
Who Gets the Most Out of the Cloud?
• A small to medium sized organization/company with small IT budget, or inefficient IT department.
Benefits of the Cloud• Reduce CostsNo owning of hardware/software, so no huge
upfront costs.Save energy costs.Reduce IT costs, as they don’t have to implement
or maintain. Just maintain the cloud, not each computer. This is like in 60s when had dummy terminals and mainframe.
Shared so pool resources to get more for less-better hardware/software and network.
Benefits of the Cloud
• ScalabilityYou can get whatever you need, and only pay
for what you use. Can track use.
Benefits of the Cloud
• ReliabilityAlways there on demand, big or small.Available from anywhere, using a browser.
Benefits of the Cloud
• SecuritySecurity can be robust and more than a
company could afford otherwise-both physical and virtual.
Centralized data easier to secure.
Benefits of the Cloud
• Improve CollaborationAllows for easy collaboration as all files are in
consistent format, viewed in web browser.Can collaborate and distribute information
over geographic areas. Think Google Docs.
Image: http://www.globalnerdy.com/wordpress/wp-content/uploads/2008/09/grandpa_simpson_yelling_at_cloud.jpg
Risks of the Cloud
• Cost IssuesCalculate transfer, implementation and
subscription costs. Can get unexpected license fees (Google/LA City).
Variability of costs-no set monthly fee.
Risks of the Cloud
• Reliability IssuesCloud can go bankrupt, disappear or be sold.
Documents might be gone.Cloud can lose documents, and sometimes
can’t get them back or backups fail.
Risks of the Cloud• Security Issues You have to trust completely. Unauthorized access-cloud, sub contractors, hackers,
etc. Are you told? Documents can be stored anywhere and can be moved
at any time-without you knowing. Encryption might not be done-in transit or in cloud. Shared server could intermingle information. FBI seized servers at Dallas Data Center for 1 person-50
businesses used it, and it took days to get servers back up.
Risks of the Cloud
• Control You have no real control over cloud. No control over who shares your cloud. Terms of service or privacy policy may change. Backup can be done without you knowing. RM? Documents might be deleted without you knowing or
can’t be deleted if needed. RM? What happens when cloud hardware no longer useful? Can’t always move documents. Audit not usually allowed.
Risks of the Cloud
• Integrity/AuthenticityChain of custody and control issues.How maintain trustworthy electronic
document system?Tampering possible in cloud, so can one create
or maintain authentic electronic documents?Can these documents have integrity and
admissibility as evidence?
Risks of the Cloud
• Privacy RisksEU Data Protection Directive deals with privacy. It
regulates processing of personal data in EU. Can’t transfer personal information (or process) of EU residents to countries that don’t have similar privacy protection (like the US).
• Canada-Federal court ruled that a US organization transferring data to Canada must comply with PIPEDA. Also BC and NS restrict cross border data transfer.
Risks of the Cloud
• Legal Risks Geographic location of information-jurisdiction issues. Trade secrets-are they still secret in cloud? Legal privilege-is it still applicable if cloud can access
it? Patriot Act-FBI gets court order under Section 215. HIPAA (US health information) and Gramm-Leach Bliley
Act (US financial information) have to be protected through specific agreement.
Risks of the Cloud
• E-discoveryCan you isolate documents for legal hold? Are documents preserved properly? Can they
be accessed? Are there multiple copies in different locations, and which is used?
Good Contract Avoids RisksGoogle and LA
• Los Angeles will be equipping 34,000 city employees with Google Apps for email and collaboration in the cloud.
Unlimited damages for breach.Audits allowed.Data only stored in 48 states.If service down more than 5 min/month-penalty.Encrypt documents and break them into pieces.Non disclosure agreements on both sides.
Other Important Things
• Do risk assessment.• Compare vendors and review policies.• Figure out responsibility.• Get everyone together-legal, IT, RM.• Disaster recovery contingency plan.• Read the Cloud Security Alliance Guidelines.• Read the Cloud Service Agreement!
Final Thought
• Google now has online operating system called Chrome OS-no hard drive needed.
• Going back to the 60’s...but in this case it isn’t the company mainframe, it is Google!