CAN NUCLEAR INSTALLATIONS AND RESEARCH CENTERS ADOPT CLOUD COMPUTING?

Transcription

1 CAN NUCLEAR INSTALLATIONS AND RESEARCH CENTERS ADOPT CLOUD COMPUTING? Ameer Pichan School of Electrical Engineering & Computing Curtin University, Australia

2 What is it? Similar to other services net r e t in Consumed as service and we do not own it Data Centre Major Providers 2

3 Cloud characteristics On demand self service The ability for consumer to provision computing services Resource Pooling (multitenancy) Multiple tenants sharing same physical resources Broad network access connect and access services any time from anywhere Rapid Elasticity Scale up or down the computing needs rapidly Measured service Metering one s own usage Pay as you go 3

4 Cloud Deployment Models Public cloud Private Cloud Mega scale infrastructure owned Enterprise owned or leased and operated by large Can reduce capital expenditure corporations Intended only for single user Shifts Capex->OpEx Complete control for the Multiple Tenants owner/organisation Pay as you go, low cost Lacks flexibility, scalability etc. Less or no control for the features that public cloud offers customer Offers very high reliability, availability, scalability Community Cloud Allows sharing by a community of organisations with similar goals or mandate Allows cost reduction More control than public cloud, but less cost efficient. 4

5 Cloud Computing vs. Nuclear Research Cloud computing is complex system Cloud security is a function of unique characteristics of cloud computing exhibits Nuclear research or classified data security requirements are stipulated by the organisation, regulatory authority and Govt. laws Confidentiality, integrity and availability Jurisdictional laws, access control Cloud computing offers both security advantages and challenges Majors vendors security mature and they are always in the forefront. 5

6 Analyzing Cloud Security - the challenges Data locality and data duplication Data loss/data breach Malicious insider Multi-tenancy Account Hijacking Amazon public cloud service regions: - 3 in US (Virginia, Oregon, California) - Isolation and containment - 1CSPs in EU (Ireland) deploy multiple levels of Protection due to virtualisation - 3access in Asiacontrols, (Singapore, Tokyo and and - High level ofauditability redundancy and Beijing) they take insider threat Riskcapacity due to misconfiguration of to scale Australia Trust & Loss (Sydney) of physical control - 1seriously. inshared No visibility into resources High value target Encryption - 1virtual South America (Sao Paulo) instances, data centre Single tenancy option available Abuse of Cloud Services - multi-factor GovCloud Cloudunknown specific malware AWS location Use Vendors having inadequate facilities authentication services Closure of cloud services 6

7 Analyzing Cloud Security - the advantages On demand security controls, In scalable, short - There is lot to gain in terms of automated security by using cloud, though there are issues business to consider. High availability, Fault tolerance, reliability, resiliency The security benefits which cloud Shifting public data to cloud reduces the exposure of continuity/disaster sensitive data for offers is hard to have and maintain Perimeter protection (IDS, firewall, authentication, recovery facilities a normal IT department ofvlan) a typical Real time detection of system tampering Rapid reconstitution of organisation services Dedicated security team Encryption & IAM services 7

8 Due Diligence Process (cloud evaluation criteria) Task Description Provider evaluation Security controls, certification, track record, competency, longevity, industry presence Data locations Data locations, and cross border data flow (if any) meets your compliance Third party usage Trading services among cloud providers Governance & Compliance Meets your organisational specific requirements are met. Put in place an audit mechanism. Trust Establish a mechanism to allow visibility to their security controls and performance over time Access Management That the provider has proper safeguards in place for system access (authentication, authorisation, IAM) 8

9 Due Diligence Process (cloud evaluation criteria) Task Description Incident Response Assess the incident response process and the extend of support by the provider. Human Resources Assess the recruitment and vetting process of the provider (especially for those with sys admin rights). Service Level Agreement Create a negotiable SLA where all, where all contractual requirements are explicitly stated. Be cautious to non negotiable SLA. Availability Ensure that the provider has the capability and means to provide continuous service. Back out plan Negotiate a back out plan, avoid a vendor lock situation. Upon exiting ensure that all data storage in the providers locations are properly expunged. 9

10 Cloud Migration is a Risk Management exercise Outsourcing IT services to cloud is a major risk management exercise. Outsourcing of services doesn t transfer accountability 10

11 Conclusion Cloud computing is here to stay and it is the future. We strongly recommend that nuclear installations, research centres or similar institutions should approach cloud adoption seriously. More control More security Options Concerns? 11

12 Conclusion Service provider s accreditations and compliance Provides much needed assurances to customers 12

13 Finally.. Why shouldn t we consider moving to cloud? CapEX OpEX 13

14 QUESTIONS? 14