Beruflich Dokumente
Kultur Dokumente
Security Issues
5 Cloud Essentials
On-demand self service Users able to provision, monitor, manage computing resources without administrators help Broad network access Computing services are delivered over standard networks and heterogeneous devices Rapid elasticity IT resources are able to scale out and in quickly and on an as needed basis Resource pooling IT resources are shared across multiple applications and tenants in a non-dedicated manner Measured service IT resource utilization is tracked for each application and tenant
3 Service Models
Software as a Service (SaaS) Applications delivered as a service to end-users typically through a Web
Platform as a Service (PaaS) An application development and deployment platform delivered as a service to developers who use the platform to build, deploy and manage SaaS applications Infrastructure as a Service (IaaS) Compute servers, storage, networking hardware delivered as a service
4 Deployment Process
Private Clouds Exclusively use by a single organization and typically controlled, managed and hosted in private DC Public Clouds Use by multiple organizations (tenants) on a shared basis hosted managed 3rd party service provider
Community Clouds Use by a group of related organizations who wish to make use of common cloud
Hybrid Clouds A single organization adopts both private and public clouds for an application to maximize advantage
Public Benefit
Low upfront costs Faster and cheaper to get started, provide low barrier to entry, no need to procure, install and configure hardware Economic of scale No equipment purchase, maintenance free/management efficiencies
Private Benefit
Greater control of security, compliance and quality of service Enable IT to maintain control of security (data loss, privacy), compliance (data handling policies, data retention, audit, regulations governing data location), QoS (optimize networks in ways that public clouds not allow) Easier integration Apps in private clouds are easier to integrate with other in-house applications, such as identity management systems Lower total costs May be cheaper over the long term (owning vs renting). According to several analyses, the breakeven period is 2-3 yrs Capital expense and operating expense Private clouds are funded by a combination of capital (with depreciation) and operating expense
Optimizing Benefit
Unlimited infrastructure and capacity
Minimized CAPEX and OPEX Location and Device independence
Overall Benefit
Faster, simpler, cheaper to use cloud apps
No upfront capital required for servers and storage No ongoing operational expenses for running DC
Management move to cloud provider Latency and bandwidth guarantees, availability and reliability Faster time to roll out new services Absence of robust SLAs (depending on many uncertain factors/controlled by another 3rd party providers) Uncertainty around interoperability, portability and lock in Cant switch from existing legacy apps, no equivalent cloud apps exist
Major Concern
Both data and source code are in provider premises
Security concern on Open System Architecture Dangers: disruption, data/privacy theft, data damage
Streamline Analysis
Identify Assets
Which assets are we trying to protect? What properties of these assets must be maintained?
Identify Threats
What attacks can be mounted? What other threats are there (natural disasters, etc.)?
Identify Countermeasures
How can we counter those attacks?
Virtualization Security
Instance isolation within VMM and root secure
VMM Vulnerability and Risk Prevention / Inspection Ensure security standard compliance and audit
Cloud espionage, data lock in, transitive nature in order the cloud provider might have another sub contractor that provide another technology and services not 100% controllable by the users
Bottom Line
Engage in full risk management process for each case For small and medium organizations
Cloud security may be a big improvement! Cost savings may be large (economies of scale)
Employ countermeasures
Thank You
Ravindo Tower 17th Floor
Kebon Sirih Raya, Kav. 75 Central Jakarta, 10340