Andy Malone
The Cloud: One small step for man. One giant leap for IT
Microsoft MVP (Enterprise Security)
Microsoft Certified Trainer (18 years)
Founder: Cybercrime Security Forum!
International Event Speaker
Winner: Microsoft Speaker Idol 2006
Andy Malone(United Kingdom)
Follow me on Twitter @AndyMalone
Agenda
The futureThe
Snowden Effect
Privacy & Surveillance
Security & Identity
What drives the cloud
Revolution or Evolution
The Journey from Revolution to Evolution
The Industrial Revolution
1760 - 1840
The Internet Revolution
1980 - 2005
The Industrial Internet
2005 - Present
The Mainframe Era
The Home Computer Revolution
The PC Dream
The Internet Age
The Mobile Era
The Cloud Era
Revolution or Evolution
The Personal Computer Revolution
Storage Driven Revolution
Punched Tape
Magnetic Tape
Floppy Disk
Compact Disk &
Variants
Hard Drive
HDD & Variants
USB Portable Storage
Cloud Storage
The Explosion of Data• Challenges• Anytime, anywhere, any
device connectivity• Explosion of data in all areas• Discover, search, and analyze
information in near real-time
• Responses
• Massive build-out of data centers
• Innovations in technologies• From infrastructure-focused to
user-centric deployment • New business models
Doubling every
2 years
What drives the cloud?
Consumerism High Speed Connections
Elastic Data Storage
Data center Reliability
99.9% SLASimple
ManagementSafe & Secure
The magic of Smart Innovation
The magic of software
Cisco Confidential
Execution Platforms at Scale
(Developers)
Infrastructure at Scale
(System Administrators)
Cloud Service Delivery at Scale (Public / Private Cloud Providers)
Applications at Scale
(End users)
Cloud Solutions
SaaS (Software as a Service (End users)
PaaS (Platform as a Service) Developers
IaaS (Infrastructure as a Service (Administrators
Enabling Technology (Cloud Service Delivery at Scale(Public / Private Cloud Providers)
Cloud Deployment Models
Public Cloud
Private Cloud
Hybrid Cloud
Virtual Private Cloud
Personal Cloud
Hybrid IT
• Hybrid Support & the Commons• First-party Applications• Total Cost of Ownership
Private • Hybrid Support & the Commons • First-party Applications• Higher-level Services
PublicMicrosoft Solutions
• Firstly many vendors are moving to cloud hosted software
• As such…– Smaller entities expected to migrate
fully to the cloud (e.g. Office 365)
– Medium entities will typically look at a cloud or Hybrid solutions
– Larger entities may typically use Private or Hybrid solutions
In the Cloud World: Size Matters
• Separate credential from on-premises credential
• Authentication occurs via cloud directory service
• Password policy is stored in Office 365
• Does not require on-premises server deployment
• Same credential as on-premises credential
• Authentication occurs via on-premises directory service
• Password policy is stored on-premises
• Requires on-premises DirSync server
• Solutions include Dirsync & Password Sync
• Or Dirsync & On-premises ADFS server
Single Sign On!
Identity & the Microsoft Cloud
What is Windows Azure Active Directory?
• Customized Version of ADLDS / ADAM
• Every Office 365 Customer is an Azure AD Tennant
• Designed primarily to meet the needs of cloud applications
• Extends Customers Active Directory into the cloud
• Think of it as a Fish on a Hook!
• Identity as a service: essential part of Platform as a Service
Relationship to Windows Server AD
• On-premises and cloud Active Directory managed as one
• Directory information synchronized to cloud, made available to cloud apps via roles-based access control
• Federated authentication enables single sign on to cloud applications
Why is WAAD So important
While enterprises work to consolidate identity system on-premises, cloud apps are fragmenting identity… again
Knowing where your data is stored
10 – 100 Datacenters (DCs) worldwide
Multiple Content Delivery Network (CDN) “edge nodes” around the world
Datacenter network conn
Know where your Data is Stored
Microsoft Cloud PrinciplesOr the Gotcha’s you need to understand!
Microsoft Cloud compliance
Data Processing Agreement
EU Model Clauses
ISO27001
US Health Insurance Portability and Accountability Act
EU Safe Harbor
Service Level Agreements (SLAs)
• Contract between customers and service providers of the level of service to be provided
• Contains performance metrics (e.g., uptime, throughput, response time)
• Problem management details• Documented security
capabilities• Contains penalties for non-
performance
Choices to keep Office 365 Customer Data separate from consumer services.
Office 365 Customer Data belongs to the customer.
Customers can export their data at any time.
The Microsoft strategy for privacy is to set a “high bar” around privacy practices that support global standards for data handling and transfer
Privacy in Office 365 & Windows Azure
No Mingling
Data Portability
No advertising products out of Customer Data.
No scanning of email or documents to build analytics or mine data.
No Advertising
Cisco Confidential
...Everything is Cloud
Comparison to the Consumer Cloud
• Facebook, Google, Skype, Twitter, LinkedIn etc are all US BASED Companies. Who have access to your data?
• Social-networking sites allow seemingly trivial gossip to be distributed to a worldwide audience, sometimes making people the butt of rumours shared by millions of users across the Internet
• Public sharing of private lives has led to a rethinking of our current conceptions of privacy
The Consumer CloudThe Privacy Dilemma
Facebook Privacy…Confusing!
The Consumer / Public Cloud Privacy Dilemma
Linked In
Additionally, you grant LinkedIn a nonexclusive, irrevocable, worldwide, perpetual, unlimited, assignable, sublicenseable, fully paid up and royalty-free right to us to copy, prepare derivative works of, improve, distribute, publish, remove, retain, add, process, analyze, use and commercialize, in any way now known or in the future discovered, any information you provide, directly or indirectly to LinkedIn, including but not limited to any user generated content, ideas, concepts, techniques or data to the services, you submit to LinkedIn, without any further consent, notice and/or compensation to you or to any third parties. Any information you submit to us is at your own risk of loss.
“You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion
thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b)
to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the FacebookService or the promotion thereof. You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.”
Government Surveillance
Edward Snowden
• Revealed classified NSA details of a global surveillance apparatus run by the NSA and its Five Eyes partners, and numerous commercial and international partners
• Release was called the most significant leak in US history
Room 641A
Boundless Informant
• Powerful data mining tool for recording and analysing of intelligence
• Uses Big Data capture technology & provides near real time business intelligence to tactical & strategic decision makers
• Looks for visible trends, Deep metadata extraction
• Raw blob data analytics & back end processing (MapReduce, HDFS, Cloudbase)
The Technology behind Boundless Informant
• CloudBase is an open source data warehouse system for upto Pb scale analytics
• Built on top of Map-Reduce architecture
• Analyses using ANSI SQL to directly query large-scale log files arising in web site, telecommunications or IT operations
• Allows you to query flat log files using ANSI SQL
• Visit CloudBase home page for details-http://cloudbase.sourceforge.net
The Technology behind Boundless Informant
• MapReduce is based upon Intel’s Predictive Analytics platform for the capture and analysis of Big blob data
• Combines Hardware & Apache Hadoop Software
• Many applications including commercial, military, energy management etc
Project PRSIM
A word about NSA Suite B Encryption
Current NSA / CIA Surveillance Programs • Aircap
• BlackPerl
• Boundless Informant
• Cineplex
• XKeyscore
• PRISM
• Creek
• Crossbones
• Cultwave
• Cultweave
• Cybertrans
• Dishfire
• Double Arrow
• Dragonfly
• Wealthy Cluster
• Hightide
• Skywriter
• Jolly Rodger
• Kingfish
• Liquid fire
• Messiah
• Night surf
• Normal Run
• Mailorder
• Pinwale
• Taperplay
• Tarotcard
• Twisted Path
• Yellowstone
“I have nothing to hide”
“For to be free is not merely to cast off one's
chains, but to live in a way that respects and
enhances the freedom of others”
Nelson Mandela
“If there is no right to privacy then there can be
no true freedom of expression and therefore
no true democracy”
Dilma Vana Rousseff
Is it right that the foundational Technologies of the Internet, Cryptographic
Algorithms, Domain names, IP Address backbone be dominated by the One
Nation? Perhaps Is it time for this infrastructure to be internationally managed
Independently of any one Country?
Finding the Correct Balance!
A Bill in Everyone’s Home
Announcing:Microsoft Bill V2.0…
Now Everyone Can Have One….
"The world as we have created it is a process of our thinking. It cannot be changed without changing our thinking."
“It’s not about the destination. It’s about the journey”
Join me for my other NIC sessions…
Migrating to Office
365
The new Office 365 for IT Pro's
Office 365 Security
Deep Dive
Thank you
Please evaluate the session before you leave