infosecurity conference 2011 the challenges of cloud computing john r. robles john r. robles and...
TRANSCRIPT
InfoSecurity Conference 2011
The Challenges of Cloud Computing
John R. RoblesJohn R. Robles and Associates
787-647-3961
Cloud Computing - Challenges• Cloud Computing - A new computing paradyn
which NIST (National Institute of Standards and Technology) defines as having the following elements:– Characteristics:
• On-demand self-service• Broad network access• Resource pooling• Rapid elasticity• Measured Service
– Service Models:• Cloud Software as a Service (SaaS) • Cloud Platform as a Service (PaaS)• Cloud Infrastructure as a Service (IaaS)
Cloud Computing - Challenges• Deployment Models:
– Private cloudThe cloud infrastructure is operated solely for an organization.
– Public cloudThe cloud infrastructure is made available to the general public or a
large industry group
– Community cloudThe cloud infrastructure is shared by several organizations and
supports a specific community
- Hybrid cloudThe cloud infrastructure is a composition of two or more clouds
(private, community, or public) that remain unique entities but are bound together
Cloud Computing - Challenges
• Why migrate your Information System to the Cloud?
• Benefits – Pros (Marketed by Service Providers)– Lower capital expenditures since you don’t
necessarily own the HW and Infrastructure– Lower recurrent costs since you pay as you
use HW, SW, and Infrastructure– Need less technical personnel, such as,
programmers, operations personnel, security personnel, and IT AUDITORS, Ouch!!
Cloud Computing - Challenges
• Risks – Cons (Analysis requested by IT Governance, Security, and Auditors)– To be evaluated and determined, but information
security is a main issue– Your risks could outweigh your benefits– Do an exhaustive evaluation of all risks.
Cloud Computing - Challenges
• First, identify the assets (parts of your Information System) selected for the cloud deployment – A normal Information System has• Hardware• Software (Operating System and application)• Networks• Databases• Policies and Procedures–Operational– Network– Database– User
Cloud Computing - Challenges
• Identify the assets selected for the cloud deployment
• People, and finally,• Security (over HW, SW, Networks, Databases,
Procedures, and People)– Usually, you would migrate HW, SW, and
Infrastructure– You could migrate procedures or business
processes, but not people.– Security will remain inside and outside the
cloud
Cloud Computing - Challenges
• Second, evaluate the risks to the assets - For each asset, ask the following questions:– How would we be harmed if the asset ( in the Cloud)
became widely public and widely distributed? – How would we be harmed if an employee of our cloud
provider accessed the asset (in the Cloud)? – How would we be harmed if the process or function (in
the Cloud) were manipulated by an outsider?
Cloud Computing - Challenges
• Evaluate assets - For each asset, ask the following questions:– How would we be harmed if the process or function (in the
Cloud) failed to provide expected results? – How would we be harmed if the information/data (in the
Cloud) were unexpectedly changed? – How would we be harmed if the asset (in the Cloud) were
unavailable for a period of time?
• That is why the experts say, offload to the Cloud your least risky assets. – Little effect if they are compromised
Cloud Computing - Challenges• Map assets to potential cloud deployment models
– Public– Private– Community– Hybrid
• Evaluate potential cloud service models and providers
• Document the potential data flow within the Cloud
• Present your Risk Analysis to management
Cloud Computing: Now What?
• The Puerto Rico Cloud Computing (and Green Computing) User Group was established to further the knowledge and use of Cloud and Green Computing in Puerto Rico.
• We have had 3 vendor meetings at the facilities of our corporate sponsors:• IBM• HP• Microsoft
• Next meeting on April 6, 2011
Cloud Computing: Now What?
• During the year, PRCCUG will:– Have periodic meetings to discuss Cloud Computing
and Green Computing challenges and risks– Review solutions from 1st Tier vendors– Discuss solutions in Implementation, Green
Computing, Security, and Audit– Provide networking among professionals interested in
Cloud Computing– Establish a Certification Program– Establish, in Puerto Rico, a group of experts in Cloud
Computing– Offer expertise beyond Puerto Rico!!
Cloud Computing: The Future!
• Join us and the Puerto Rico Cloud Computing and Green Computing User Group!
Answers and Questions!!