4. Cloud Computing
ďŤ Not a new technology but a new approach in the provisioning and consumption of
information technology
ďŤ A services oriented architecture (SOA) implemented typically on a virtualized infrastructure
(compute, storage, networks) using commodity components coupled with highly automated
controls enable the five essential characteristics of cloud computing.
Key Benefits Key Concerns
ďŤ Significant cost reductions ďŤ Standards
ďŤ Reduced time to capability ďŤ Portability
ďŤ Increased flexibility ďŤ Control/Availability
ďŤ Elastic scalability ďŤ Security
ďŤ Increase service quality ďŤ IT Policy
ďŤ Increased security ďŤ Management /
ďŤ Ease of technology refresh Monitoring
ďŤ Ease of collaboration ďŤ Ecosystem
ďŤ Increased efficiency
5. Cloud Computing: Value and Capabilities
ďŤ Time
ď§ Reduce time to deliver/execute mission
ď§ Increased responsiveness/flexibility/availability
ďŤ Cost
ď§ Optimizing cost to deliver/execute mission
ď§ Optimizing cost of ownership (lifecycle cost)
ď§ Increased efficiencies in capital/operational expenditures
ďŤ Quality
ď§ Environmental improvements
ď§ Experiential improvements
6. Relational Databases and the Cloud
German, BMW,
Truck
Truck The economics of data
storage led to the use of
BMW Car content addressable German, BMW,
Car
storage, flat storage
SUV architectures and internet
German, BMW,
scaling. SUV
Germany âŚ
Volkswagen ⌠German
Volkswagen, Truck
Audi âŚ
Search âŚ
Toyota
Country
Japan Honda
âŚ
Mazda
Database design,
Ford database tuning no âŚ
longer required with
US Chrysler
infinite scalability and
consistent âŚ
GM âŚ
responsiveness
US, GM, SUV
3t 1t 6
7. Traditional Analytics
Traditionally, lexical searches, filtering or
Boolean search attributes are used to
â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘ reduce data to a âworking setâ.
Analytical tools are then applied to this
âworking setâ.
â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘
â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘
â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘
â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘ Tools/Analysis Reports/Conclusions
â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘
All Data Sources / Types
7
8. Cloud Enables Searching All the Data, All the Time
â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘
â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘
â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘
â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘
â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘ Reports/Conclusions
â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘â˘
8
9. Computing
Malicious Insiders
Data Loss or Leakage
Unknown Risk Profile
Shared Technology Issues
Insecure Interfaces and APIs
Account or Service Hijacking
Abuse and Nefarious Use of Cloud
Top Threats to
Cloud Computing
Governance and
Enterprise Risk
Management
Legal and
Electronic Discovery
Compliance and Audit
Governance
Information
Lifecycle Management
Portability and
Interoperability
Traditional
Security, Business
Continuity,
Data Center
and Disaster Recovery
Operations
Incident Response,
Notification and
Remediation
Application
Security
Operational
Encryption and
Key Management
Identity and
Access Management
Virtualization
10. IT Auditing
Collecting and evaluating evidence to determine weather a computer system
(information system) safeguards asset, maintains data integrity, achieves
organizational goals effectively and consumes resources efficiently.
ďŤ Finance and Commercial
ď§ PCI
ď§ Gramm-Leach-Bliley Act
ďŤ Social and Labor
ď§ Sarbanes-Oxley (SOX)
ď§ SAS70
ď§ HIPAA
ďŤ Public Safety
ď§ Data Protection Act (UK)
ď§ Federal Information Security Management Act (FISMA)
ďŤ Security
ď§ ISO27000
11. Auditing the Cloud
ďŤAreas for Audit
ď§ Compliance
ď§ Governance and Risk
ď§ Security
ďŤAuditing Challenges
ď§ 1:1 mapping no longer exists
ď§ Dynamic, global environments
ď§ Requirement to retrieve, correlate and extract meaningful data
from an ever increasing number of data sources
ď§ Auditing as a service spreads the audit trail across multiple
domains
12. Data Confidentiality, Privacy, Integrity
ďŤData stored, transmitted and processed outside of
the organization
ďŤShared computing environments
ďŤNo physical control of data
ďŤPhysical and logical access managed by provider
ďŤNo controls to prevent data modification
ďŤNo logging events on data (access, modification,
transmission)
13. Regulation and Compliance
ďŤData subject to new laws
ďŤExposure to foreign governments and subpoenas
ďŤRetention requirements vay among jurisdictions
ďŤAudit of providerâs environment
ďŤIncreased complexity to comply with standards
16. Summary
ďŤ Cloud computing is a technological evolution
ďŤ âDrive for scaleâ (Internet) and âDrive for cheapâ (Commodity
components, Extensive automation) and the economics of Mooreâs Law
(Cheap storage) led to a business model revolution
ďŤ Fiscal realities and business model economics are driving rapid adoption
of cloud computing
ďŤ Cloud computing can enable significant application enhancements
ďŤ Security: Same threat vectors. Same attacks but faster, broader and
automated using âresource concentration
ďŤ Audit issues still need to be addressed.
ďŤ A Prediction: âFedRAMP for Financeâ is coming
16
17. Thank You !
Kevin L. Jackson
Vice President
General Manager
NJVC Cloud Services
(703) 335-0830
Kevin.jackson@NJVC.com
http://www.NJVC.com
http://kevinljackson.blogspot.com
http://govcloud.ulitzer.com