Cloud Computing: Security Overview

Cloud Computing
Security Overview
Glenn Brunette
Distinguished Engineer
Sun Microsystems, Inc.
Copyright © 2009 Sun Microsystems, Inc.
What Do People See in the Clouds?
Gartner:
SC Magazine: 7 cloud-computing
Head in the clouds: Cloud security risks
computing security issues
InfoWorld: IT Business Edge:

The Dangers of Cloud Computing Security
Cloud Computing Concerns Linger
Enterprise IT Planet: PC Magazine:

Will Cloud Computing, The Darker Side
Virtualization Become of Cloud Computing
Hacker Heaven?

One Thing is Missing...
CONTEXT
Which is “Best”?

One Cloud Computing Model
Application Domains
Faster time-to-market
ce
al
tic
C
eb
dic
an
aly
HP
Me
Fi n
An Reduction of custom
Private
software
Software as a Service
Hybrid
Cloud Computing Layers
Pay only for what you
Public
Platform as a Service
use
Grow infrastructure
Infrastructure as a Service
el
od
M
with business
s
es
in
us
B
ud
lo
C

Cloud Computing Characteristics
On-demand Self Service

Ubiquitous Network Access
Location Independent Resource Pooling
Rapid Elasticity
Measured Service
Reference: “Working Definition of Cloud Computing”. National Institute of Standards and Technology
http://csrc.nist.gov/groups/SNS/cloud-computing/index.html

Cloud Computing is Multifaceted
Reference: “Rational Survivability Blog”. Chris Hoff. http://www.rationalsurvivability.com/blog/?p=743

Focusing the Discussion
Public Infrastructure as a Service environment
used to perform a one-time conversion
of 10,000 images.
VS
Hybrid Infrastructure as a Service environment

used to analyze the results of human clinical
drug trials.
Equilibrium Must Be Achieved
Manage Business Efficiency

Risk & Agility

IaaS: Who is responsible for what?
Facilities
Network Fabric
Reduction
Hypervisors and Compute of custom
Resources
software
Virtual Machine Images
Storage Resources
use
APIs and Infrastructure
GrowServices
infrastructure
with business
Control and Monitoring
Performance (SLAs)
Accreditation
Transparency
BUT
trust must
Open and
be earned Compatible
IaaS Concerns - Storage
Physical Location
Customer Isolation
Unauthorized Access
Disclosure, Alteration,
and Destruction
Encryption and Key Mgmt
Copies and Remanence
IaaS Recommendations - Storage
Confidentiality – Encryption, Sanitization

Integrity – Digital Fingerprints and Signatures
Reduction of custom
Authenticity – Digital Signatures
software
Availability – LKSS, Pay
P2P, only for what you
Multi-Cloud
use
Accountability – IAM, Audit Trails
Grow infrastructure
with business
IaaS Concerns - Compute
Physical Location
Customer Isolation
Unauthorized Access
Disclosure, Alteration,
and Destruction
Encryption and Key Mgmt
Copies and Remanence
IaaS Recommendations - Compute
Secured, Fit for Purpose VM Images

Compartmentalized Execution
Reduction of custom
Encrypted Swap and Local File Systems
software
Pay only
Encrypted Data Transit for what you
(In/Out)
use
Hardened Applications and Services
Grow infrastructure
Active Monitoringwith
and business
Logging
IaaS Recommendations - Management
Strong Authentication
Authenticated Communications
Reduction of custom
Encrypted Communications
software
Restricted Pay only for what you
Access
use
Least Privilege, Separation of Duty
Grow infrastructure
Active Monitoringwith
and business
Logging
Ongoing Concerns
• Transparency
• Operational Maturity
• Trust and
Key Management
• “Rogue” Environments
Emerging Concerns
• Security at Scale
• Ephemeral Deployments
• Forensic Pathology
• Economic Attacks
Managing Risk
NEED A NEW IMAGE
INCLUDING: POLICY/LEGAL,
PEOPLE, PROCESS, and
TECHNOLOGY
INTERTWINED
Take
Takea aSystemic Approach
Systemic Approach
IT Security Must Evolve
New Technologies and Business Models Drive Constant Change

Cloud Security Big Rules
Embrace “Secure by Default” Systemically

Design for Survivability and Self-Preservation
Reduction of custom
software
Compartmentalize Failures Modes
use (but no less)
Trust as Little as Possible
Grow infrastructure
Challenge the Status Quo!
with business
Trends – Industry Collaboration

Trends – Open Innovation

Trends – Pre-Integration

Today: Immutable Service Containers

Segmenting Instances in the Cloud

Get Started Today
• Participate in the Development of
our Open Cloud APIs, Immutable
Service Containers and more
• Join the Cloud Security Alliance
• Let Sun Consulting experts help you
take advantage of Cloud Computing
sun.com/cloud
Q&A
THANK YOU!
sun.com/cloud
29

Cloud Computing: Security Overview

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Cloud Computing: Security Overview

Hochgeladen von

Copyright:

Verfügbare Formate

Cloud Computing

InfoWorld: IT Business Edge:

Enterprise IT Planet: PC Magazine:

Copyright © 2009 Sun Microsystems, Inc.

Copyright © 2009 Sun Microsystems, Inc.

Pay only for what you

Copyright © 2009 Sun Microsystems, Inc.

On-demand Self Service

Copyright © 2009 Sun Microsystems, Inc.

Reference: “Rational Survivability Blog”. Chris Hoff. http://www.rationalsurvivability.com/blog/?p=743

Hybrid Infrastructure as a Service environment

Manage Business Efficiency

Copyright © 2009 Sun Microsystems, Inc.

Confidentiality – Encryption, Sanitization

Secured, Fit for Purpose VM Images

New Technologies and Business Models Drive Constant Change

Embrace “Secure by Default” Systemically

Copyright © 2009 Sun Microsystems, Inc.

Copyright © 2009 Sun Microsystems, Inc.

Copyright © 2009 Sun Microsystems, Inc.

Copyright © 2009 Sun Microsystems, Inc.

Copyright © 2009 Sun Microsystems, Inc.

Das könnte Ihnen auch gefallen