Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices"

Transcription

1 Emerging Approaches in a -Connected Enterprise: Containers and Microservices Anil Karmel Co-Founder and CEO, C2 Labs Co-Chair, NIST Security Working

2 Emerging Technologies and Trends is Our Reality Evolving Models Private (IaaS) Public (SaaS, PaaS, IaaS) Hybrid is becoming the defacto norm What About Security? OPM Breach Experian Breach (T-Mobile Customers)

3 2013 Advanced Threat Report Courtesy of FireEye Relative to 2006, cyber crimes increased by 782%: A malware activity every 3 minutes 65% of attacks target financial services, healthcare, manufacturing and entertainment 89% of callback activities were linked with Advanced Persistent Threat (APT) tools made in China or by Chinese hacker groups

4 NIST Computing Reference Architecture SP Broker Broker Provider Provider Consumer Consumer Auditor Auditor Security Security Audit Audit Privacy PrivacyImpact Impact Audit Audit Performance Performance Audit Audit Orchestration Service Service Management Management Service ServiceLayer Layer SaaS SaaS Business Business Support Support PaaS PaaS Service Service Intermediation Intermediation IaaS IaaS Provisioning/ Provisioning/ Consumer Consumer Resource ResourceAbstraction Abstraction and andcontrol Control Configuration Configuration Layer Layer Physical PhysicalResource ResourceLayer Layer Hardware Hardware Portability/ Portability/ Interoperability Interoperability Facility Facility Service Service Aggregation Aggregation Service Service Arbitrage Arbitrage Carrier Carrier Cross Cutting Concerns: Security, Privacy, etc

5 Demystified What is a Ecosystem? Security / Control Software as a Service Platform as a Service Infrastructure as a Service

6 Distributed Architecture = Split Control / Responsibilities CLOUD ECOSYSTEM Clients (Browsers, Mobile Apps, etc.) CLOUD ENVIRONMENT Software as a Service (SaaS) (Application, Services) Platform as a Service (PaaS) (APIs, Pre-built components) Infrastructure as a Service (VMs, Load Balancers, DB, etc.) Physical Hardware (Servers, Storage, Networking)

7 What you can manage PaaS SaaS You manage IaaS Stack image source: Security Alliance specification, 2009

8 Organizational Challenges Modernizing IT Agility Organizations are struggling to deliver more in a fiscally and resource constrained environment Flexibility Existing IT investments are typically problematic to reconfigure or scale to meet new application demands Transparancy Difficult to quantify the cost of optimizing legacy infrastructure to support new applications

9 Organizational Challenges Modernizing IT, Mobile, Social, Big Data Powerful ROI story with real security challenges Mobile BYOD with Mobile Application Management result in security and privacy concerns Social Agency data inadvertently ends up on public social networks via geotagging Big Data Unstructured data unveils actionable intelligence but what about the Mosaic effect? How does you balance time to market, cost concerns, security, manageability and risk in the move to a cloud-connected enterprise?

10 How do we revolutionize our investments? Software-Defined IT REDEFINE CONTEXT Who is the user? What data are they trying to access? Where is the user and the data? How are they accessing the information? Context Aware IT Level of assurance of the data defines the required level of trust

11 Context Aware IT Data Centric Approach Understand your Data Identify and understand the value of the data in your organization Decompose Your Data Break down applications and data into building blocks Monitor Your Data Understand Risk to your Data using the Risk Management Framework for Employ Continuous Monitoring of your Systems to identify and limit the damage an adversary has to your data

12 Emerging Technologies and Trends Microservices and Containers Microservices Decompose Complex Applications into Small, Independent Processes communicating with each other using language-agnostic API s Highly Decoupled and Modular with services organized around capabilities (e.g. User Interface, Billing) Allows for Continuous Integration Containers Much like Virtualization abstracts the Operating System from Hardware, Containers abstracts to Applications from the Operating System Applications are isolated from other Applications on the same Operating System Allows for Portability and Scale Up/Out Security issues need to be evaluated and addressed in native container deployments

13 Emerging Technologies and Trends Virtual Machines vs Containers Source: Docker.com

14 Container Security Challenges Increased Attack Surface Containers are far more complex than VM s wherein a single Application can consist of 1000 s of microservices Underlying Linux Operating System complexities can be exploited by attackers to compromise all containers on a host OS Runtime Compromise / Vulnerabilities / Misconfiguration Secure Software Development Containers can have code pushed to them from untrusted sources Log Management Big Data Problem: How do you view and manage logs across 1000 s of containers Orchestration Infrastructure now runs as code (Puppet/Chef/Ansible) Software developers, not infrastructure staff now run the data center

15 Container Security Solutions Increased Attack Surface Employ MicroVM s (Just Enough VM) Monitor Containers at Runtime / Real-time scan for Vulnerabilities and Misconfiguration and Remediate Secure Software Development Whitelist/Blacklist Containers Establish a secure container registry Sign containers and code (MD5) Log Management Centralize container logs including developer actions Orchestration Employ orchestration platform to manage containers across environments (DEV,TEST,QA,PROD) and across clouds \ Insource Security / Outsource Compute

16 Microservices Security Challenges and Solutions Decomposition of Applications Need to decompose applications into microservices correctly so they only do one thing well, driving development of secure code Monolithic code with a 1,000 DLL's needs to be decomposed into 1,000 microservices which makes it more secure and maintainable Interface-driven development Need to have well defined REST API s to ensure microservices talk consistently to each other Containers and Microservices will power the DevOps revolution and the next bowwave of technology innovation

17 Thank you! Anil Karmel, CEO, C2

Key Management Challenges in a Cloud Ecosystem

Key Management Challenges in a Cloud Ecosystem Key Management Challenges in a Cloud Ecosystem A Discussion Starter Based on the Cloud Security WG s Research - Dr. Michaela Iorga, NIST (presenting) Anil Karmel, C2 Lab, Inc. (presenting) Juanita Koilpilai,

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Cloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology

Cloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology Dr. Michaela Iorga, Senior Security Technical Lead for Cloud Computing Co-Chair, Cloud Security WG Co-Chair, Cloud Forensics Science WG Cloudy with Showers of Business Opportunities and a Good Chance of

More information

NIST Cloud Computing Security Reference Architecture (SP 500-299 draft)

NIST Cloud Computing Security Reference Architecture (SP 500-299 draft) NIST Cloud Computing Security Reference Architecture (SP 500-299 draft) NIST Cloud Computing Security Working Group Dr. Michaela Iorga, NIST Senior Security Technical Lead for Cloud Computing Chair, NIST

More information

RED HAT CONTAINER STRATEGY

RED HAT CONTAINER STRATEGY RED HAT CONTAINER STRATEGY An introduction to Atomic Enterprise Platform and OpenShift 3 Gavin McDougall Senior Solution Architect AGENDA Software disrupts business What are Containers? Misconceptions

More information

Cloud Computing Technology

Cloud Computing Technology Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures

More information

Considerations for Adopting PaaS (Platform as a Service)

Considerations for Adopting PaaS (Platform as a Service) Considerations for Adopting PaaS (Platform as a Service) Michael Dolan (mdolan@pivotal.io) Senior Field Engineer April 2015 1 Becoming The Agile Enterprise To effectively achieve its missions, the Department

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

Practical Guide to Platform as a Service. http://cloud-council.org/resource-hub.htm#practical-guide-to-paas

Practical Guide to Platform as a Service. http://cloud-council.org/resource-hub.htm#practical-guide-to-paas Practical Guide to Platform as a Service http://cloud-council.org/resource-hub.htm#practical-guide-to-paas October, 2015 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! Provide

More information

Trend Micro Cloud Protection

Trend Micro Cloud Protection A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

Secure Cloud Computing

Secure Cloud Computing Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for

More information

Private Cloud Database Consolidation with Exadata. Nitin Vengurlekar Technical Director/Cloud Evangelist

Private Cloud Database Consolidation with Exadata. Nitin Vengurlekar Technical Director/Cloud Evangelist Private Cloud Database Consolidation with Exadata Nitin Vengurlekar Technical Director/Cloud Evangelist Agenda Private Cloud vs. Public Cloud Business Drivers for Private Cloud Database Architectures for

More information

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST Future of Cloud Computing Irena Bojanova, Ph.D. UMUC, NIST No Longer On The Horizon Essential Characteristics On-demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service

More information

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted. Cloud Computing Topics 1. What is the Cloud? 2. What is Cloud Computing? 3. Cloud Service Architectures 4. History of Cloud Computing 5. Advantages of Cloud Computing 6. Disadvantages of Cloud Computing

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs Eric Simmon January 28 th, 2014 BACKGROUND Federal Cloud Computing Strategy Efficiency improvements will shift resources towards higher-value

More information

Shared Services Canada. Cloud Computing

Shared Services Canada. Cloud Computing Shared Services Canada Cloud Computing Architecture Framework Advisory Committee Transformation, Service Strategy and Design January 28, 2013 1 Agenda TIME TOPICS PRESENTER(S) 09:00 9:15 Opening Remarks

More information

Security Lessons Learned: Enterprise Adoption of Cloud Computing

Security Lessons Learned: Enterprise Adoption of Cloud Computing SESSION ID: CDS-R03 Security Lessons Learned: Enterprise Adoption of Cloud Computing Jim Reavis Chief Executive Officer Cloud Security Alliance @cloudsa Agenda What we are going to cover The current &

More information

Cloud Security Specialist Certification Self-Study Kit Bundle

Cloud Security Specialist Certification Self-Study Kit Bundle Cloud Security Specialist Certification Bundle CloudSchool.com CLOUD CERTIFIED Technology Professional This certification bundle provides you with the self-study materials you need to prepare for the exams

More information

Private Cloud Management

Private Cloud Management Private Cloud Management Speaker Systems Engineer Unified Data Center & Cloud Team Germany Juni 2016 Agenda Cisco Enterprise Cloud Suite Two Speeds of Applications DevOps Starting Point into PaaS Cloud

More information

SaaS, PaaS & TaaS. By: Raza Usmani

SaaS, PaaS & TaaS. By: Raza Usmani SaaS, PaaS & TaaS By: Raza Usmani SaaS - Introduction Software as a service (SaaS), sometimes referred to as "on-demand software. software and its associated data are hosted centrally (typically in the

More information

Dynamic Security for the Hybrid Cloud

Dynamic Security for the Hybrid Cloud Dynamic Security for the Hybrid Cloud Marc van Zadelhoff, VP Strategy, Marketing and Product Management, IBM Security Nataraj Nagaratnam, Distinguished Engineer and CTO Security Solutions, IBM Security

More information

Cloud Design, Enabling Fast IT! Stefan Ruoss Business Consultant Fast IT! Datacenter Technology Team

Cloud Design, Enabling Fast IT! Stefan Ruoss Business Consultant Fast IT! Datacenter Technology Team Cloud Design, Enabling Fast IT! Stefan Ruoss Business Consultant Fast IT! Datacenter Technology Team The InterCloud Marketplace Enabling Customers exploit the Cloud Enterprise Private Clouds INTERCLOUD

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

The Future Of Cloud Computing. Thursday, September 1, 11

The Future Of Cloud Computing. Thursday, September 1, 11 1 The Future Of Cloud Computing 2 ::Setting Some Context Cloud Computing is a natural, disruptively innovative and timely opportunistic response to a converging set of socioeconomic, political, cultural

More information

Don't outsource IT! Bring your own Cloud with SDN

Don't outsource IT! Bring your own Cloud with SDN Don't outsource IT! Bring your own Cloud with SDN Education Session 19 Herman Chao Systems Engineering Manager, Cisco State of CA Government May 2015 Agenda Industry Need and Trends The Network Challenge

More information

The NIST Cloud Computing Program

The NIST Cloud Computing Program The NIST Cloud Computing Program Robert Bohn Information Technology Laboratory National Institute of Standards and Technology October 12, 2011 Information Technology Laboratory Cloud 1 Computing Program

More information

Protecting the Cloud from Inside

Protecting the Cloud from Inside Protecting the Cloud from Inside Intra-cloud security intelligence Protection of Linux containers Mitigation of NoSQL injections Alexandra Shulman-Peleg, PhD Cloud Security Researcher, IBM Cyber Security

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

Cloud Computing Training

Cloud Computing Training Cloud Computing Training TechAge Labs Pvt. Ltd. Address : C-46, GF, Sector 2, Noida Phone 1 : 0120-4540894 Phone 2 : 0120-6495333 TechAge Labs 2014 version 1.0 Cloud Computing Training Cloud Computing

More information

Before we can talk about virtualization security, we need to delineate the differences between the

Before we can talk about virtualization security, we need to delineate the differences between the 1 Before we can talk about virtualization security, we need to delineate the differences between the terms virtualization and cloud. Virtualization, at its core, is the ability to emulate hardware via

More information

Cloud Computing in the Enterprise: A Question of Control.. And who has it. INF5210 Ben Eaton 12/11/2013

Cloud Computing in the Enterprise: A Question of Control.. And who has it. INF5210 Ben Eaton 12/11/2013 Cloud Computing in the Enterprise: A Question of Control.. And who has it. INF5210 Ben Eaton 12/11/2013 1 The Cloud We all use it as consumers But I m going to talk about cloud computing in an enterprise

More information

Fundamental Concepts and Models

Fundamental Concepts and Models Fundamental Concepts and Models 1 1. Roles and Boundaries Could provider The organization that provides the cloud based IT resources Cloud consumer An organization (or a human) that has a formal contract

More information

When Security, Privacy and Forensics Meet in the Cloud

When Security, Privacy and Forensics Meet in the Cloud When Security, Privacy and Forensics Meet in the Cloud Dr. Michaela Iorga, Senior Security Technical Lead for Cloud Computing Co-Chair, Cloud Security WG Co-Chair, Cloud Forensics Science WG March 26,

More information

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35

More information

Assessing Risks in the Cloud

Assessing Risks in the Cloud Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research

More information

From the Bottom to the Top: The Evolution of Application Monitoring

From the Bottom to the Top: The Evolution of Application Monitoring From the Bottom to the Top: The Evolution of Application Monitoring Narayan Makaram, CISSP Director, Security Solutions HP/Enterprise Security Business Unit Session ID: SP01-202 Session 2012 Classification:

More information

SDN/Virtualization and Cloud Computing

SDN/Virtualization and Cloud Computing SDN/Virtualization and Cloud Computing Agenda Software Define Network (SDN) Virtualization Cloud Computing Software Defined Network (SDN) What is SDN? Traditional Network and Limitations Traditional Computer

More information

Bringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com

Bringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Bringing Cloud Security Down to Earth Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Cloud Dynamics and Adoption Assessing Risk of Cloud Services

More information

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com Secure Multi Tenancy In the Cloud Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com At-a-Glance Trends Do MORE with LESS Increased Insider Threat Increasing IT spend on cloud

More information

CHAPTER 8 CLOUD COMPUTING

CHAPTER 8 CLOUD COMPUTING CHAPTER 8 CLOUD COMPUTING SE 458 SERVICE ORIENTED ARCHITECTURE Assist. Prof. Dr. Volkan TUNALI Faculty of Engineering and Natural Sciences / Maltepe University Topics 2 Cloud Computing Essential Characteristics

More information

Bimodal IT. PaaS and Containers, what are they all about? By Rhys Sharp Chief Technology Officer. August 2015

Bimodal IT. PaaS and Containers, what are they all about? By Rhys Sharp Chief Technology Officer. August 2015 Bimodal IT PaaS and Containers, what are they all about? By Rhys Sharp Chief Technology Officer August 2015 Bimodal IT - Paas and Containers, what are they all about? www.fedr8.com 1 Introduction The IT

More information

Container Clusters on OpenStack

Container Clusters on OpenStack Container Clusters on OpenStack 和 信 雲 端 首 席 技 術 顧 問 孔 祥 嵐 / Brian Kung brian.kung@gigacloud.com.tw Outlines VMs vs. Containers N-tier Architecture & Microservices Two Trends Emerging Ecosystem VMs vs.

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public. Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM

More information

Cloud Computing A NIST Perspective & Beyond. Robert Bohn, PhD Advanced Network Technologies Division

Cloud Computing A NIST Perspective & Beyond. Robert Bohn, PhD Advanced Network Technologies Division Cloud Computing A NIST Perspective & Beyond Robert Bohn, PhD Advanced Network Technologies Division ISACA National Capital Area Chapter Arlington, VA, USA 17 March 2015 Cloud Program Overview Launch &

More information

Table of Contents. Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined.

Table of Contents. Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined. Table of Contents Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined. 1.1 Cloud Computing Development... Error! Bookmark not

More information

Assuring Application Security: Deploying Code that Keeps Data Safe

Assuring Application Security: Deploying Code that Keeps Data Safe Assuring Application Security: Deploying Code that Keeps Data Safe Assuring Application Security: Deploying Code that Keeps Data Safe 2 Introduction There s an app for that has become the mantra of users,

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

CoIP (Cloud over IP): The Future of Hybrid Networking

CoIP (Cloud over IP): The Future of Hybrid Networking CoIP (Cloud over IP): The Future of Hybrid Networking An overlay virtual network that connects, protects and shields enterprise applications deployed across cloud ecosystems The Cloud is Now a Critical

More information

Cloud and Regulations: A match made in heaven, or the worst blind date ever?

Cloud and Regulations: A match made in heaven, or the worst blind date ever? Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing

More information

IT AS A SERVICE BROKER

IT AS A SERVICE BROKER IT AS A SERVICE BROKER MIT Sloan CIO Symposium May 21, 2014 Thomas P. Roloff Senior Vice President EMC Global Services twitter: @TRoloff 1 Why Transformation? Business is Changing Faster Than IT Business

More information

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization

More information

Cloud Computing Actionable Standards An Overview of Cloud Specifications

Cloud Computing Actionable Standards An Overview of Cloud Specifications Computing Actionable Standards An Overview of Specifications Computing Broker Inter- Computing IaaS PaaS SaaS IaaS PaaS SaaS Web Data Web Data Michael Behrens, CTO, R2AD, LLC Eugene Luster, Standards Architect,

More information

The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com

The Magazine for IT Security. May 2010. issue 3. sör alex / photocase.com The Magazine for IT Security May 2010 sör alex / photocase.com free digital version made in Germany issue 3 Luiz Fotolia.com Clouds or storm clouds? Cloud Computing Security by Javier Moreno Molinero Gradually,

More information

Cloud Data Security. Sol Cates CSO @solcates scates@vormetric.com

Cloud Data Security. Sol Cates CSO @solcates scates@vormetric.com Cloud Data Security Sol Cates CSO @solcates scates@vormetric.com Agenda The Cloud Securing your data, in someone else s house Explore IT s Dirty Little Secret Why is Data so Vulnerable? A bit about Vormetric

More information

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber

More information

LESSON 13 VIRTUALIZATION AND CLOUD COMPUTING

LESSON 13 VIRTUALIZATION AND CLOUD COMPUTING LESSON 13 VIRTUALIZATION AND CLOUD COMPUTING 2 WARNING The Hacker High School Project is a learning tool and as with any learning tool there are dangers. Some lessons, if abused, may result in physical

More information

Oracle Applications and Cloud Computing - Future Direction

Oracle Applications and Cloud Computing - Future Direction Oracle Applications and Cloud Computing - Future Direction February 26, 2010 03:00 PM 03:40 PM Presented By Subash Krishnaswamy skrishna@astcorporation.com Vijay Tirumalai vtirumalai@astcorporation.com

More information

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment

More information

Modern App Architecture for the Enterprise Delivering agility, portability and control with Docker Containers as a Service (CaaS)

Modern App Architecture for the Enterprise Delivering agility, portability and control with Docker Containers as a Service (CaaS) Modern App Architecture for the Enterprise Delivering agility, portability and control with Docker Containers as a Service (CaaS) Executive Summary Developers don t adopt locked down platforms. In a tale

More information

CIO SUMMIT l LAS VEGAS

CIO SUMMIT l LAS VEGAS CIO SUMMIT l LAS VEGAS Copyright 2014 EMC Corporation. All rights reserved. 1 IT Transformation Facilitator: Tom Roloff, SVP Global Services, EMC Many Industries Face Structural Change 3 Today s Business

More information

Cloud Computing 101 Dissipating the Fog 2012/Dec/xx Grid-Interop 2012

Cloud Computing 101 Dissipating the Fog 2012/Dec/xx Grid-Interop 2012 Cloud Computing 101 Dissipating the Fog 2012/Dec/xx Why the interest in Clouds? A method to avoid/defer CAPEX/OPEX and possibly accelerating implementation 2 It all started here - Timeshare Computers and

More information

White Paper. Cloud Vademecum

White Paper. Cloud Vademecum White Paper Cloud Vademecum Cloud is the new IT paradigm this document offers a collection of thoughts, internal and external discussions and information. The goal is to inspire and stimulate the route

More information

The Cloud, Virtualization, and Security

The Cloud, Virtualization, and Security A Cloud: Large groups of remote servers that are networked to allow centralized, shared data storage and online access to computer services or resources A Cloud: Large groups of remote servers that are

More information

STRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape

STRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape STRATEGIC WHITE PAPER The next step in server virtualization: How containers are changing the cloud and application landscape Abstract Container-based server virtualization is gaining in popularity, due

More information

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure

More information

Securing the Physical, Virtual, Cloud Continuum

Securing the Physical, Virtual, Cloud Continuum Securing the Physical, Virtual, Cloud Continuum By Ted Ritter, CISSP Senior Research Analyst Executive Summary The data center is undergoing a radical shift, from virtualization towards internal cloud

More information

Effective End-to-End Cloud Security

Effective End-to-End Cloud Security Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of

More information

CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS

CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS April 2014 Cloud Conceptual Reference Model The ease of use a Cloud Consumer experiences results from a complex, behind-the-scenes, orchestration of interchangeable,

More information

Applying Business Architecture to the Cloud

Applying Business Architecture to the Cloud Applying Business Architecture to the Cloud Mike Rosen, Chief Scientist Mike.Rosen@ WiltonConsultingGroup.com Michael Rosen Agenda n What do we mean by the cloud? n Sample architecture and cloud support

More information

NIST Cloud Computing Reference Architecture

NIST Cloud Computing Reference Architecture NIST Cloud Computing Reference Architecture Version 1 March 30, 2011 2 Acknowledgements This reference architecture was developed and prepared by Dr. Fang Liu, Jin Tong, Dr. Jian Mao, Knowcean Consulting

More information

Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014

Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014 Cloud Security Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014 Agenda Introduction Security Assessment for Cloud Secure Cloud Infrastructure

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

Networks and Services

Networks and Services Networks and Services Dr. Mohamed Abdelwahab Saleh IET-Networks, GUC Fall 2015 TOC 1 Infrastructure as a Service 2 Platform as a Service 3 Software as a Service Infrastructure as a Service Definition Infrastructure

More information

Cloud Infrastructure Security

Cloud Infrastructure Security Cloud Infrastructure Security Dimiter Velev 1 and Plamena Zlateva 2 1 University of National and World Economy, UNSS - Studentski grad, 1700 Sofia, Bulgaria dvelev@unwe.acad.bg 2 Institute of Control and

More information

Cisco Cloud Architecture for the Microsoft Cloud Platform

Cisco Cloud Architecture for the Microsoft Cloud Platform Solution Overview Cisco Cloud Architecture for the Microsoft Cloud Platform BENEFITS Deliver complete cloud services with confidence: Offer best-in-class hybrid, IaaS, PaaS, and SaaS services enabled by

More information

Consumption IT. Michael Shepherd Business Development Manager. Cisco Public Sector May 1 st 2014

Consumption IT. Michael Shepherd Business Development Manager. Cisco Public Sector May 1 st 2014 Consumption IT Michael Shepherd Business Development Manager Cisco Public Sector May 1 st 2014 Short Bio Cloud BDM in Public Sector (SLED + FED) Cisco for 14 + years Focused on cloud for 4 + years Awareness,

More information

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways

More information

Data Centers and Cloud Computing. Data Centers

Data Centers and Cloud Computing. Data Centers Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing 1 Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data Used by Enterprises

More information

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security

More information

Dell Active System, Enabling service-centric IT, the path to the Cloud. Pavlos Kitsanelis Enterprise Solutions Lead Greece, Cyprus, Malta

Dell Active System, Enabling service-centric IT, the path to the Cloud. Pavlos Kitsanelis Enterprise Solutions Lead Greece, Cyprus, Malta Dell Active System, Enabling service-centric IT, the path to the Cloud Pavlos Kitsanelis Enterprise Solutions Lead Greece, Cyprus, Malta Delivery Deployment Cloud models & approaches Private Operated and

More information

PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION

PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION White Paper May 2012 Abstract Whether enterprises choose to use private, public or hybrid clouds, the availability of a broad range

More information

Addressing Security for Hybrid Cloud

Addressing Security for Hybrid Cloud Addressing Security for Hybrid Cloud Sreekanth Iyer Executive IT Architect IBM Cloud (CTO Office) Email : sreek.iyer@in.ibm.com Twitter: @sreek Blog: http://ibm.co/sreek July 18, 2015 Cloud is rapidly

More information

Sacha Dubois RED HAT TRENDS AND TECHNOLOGY PATH TO AN OPEN HYBRID CLOUD AND DEVELOPER AGILITY. Solution Architect Infrastructure

Sacha Dubois RED HAT TRENDS AND TECHNOLOGY PATH TO AN OPEN HYBRID CLOUD AND DEVELOPER AGILITY. Solution Architect Infrastructure RED HAT TRENDS AND TECHNOLOGY PATH TO AN OPEN HYBRID CLOUD AND DEVELOPER AGILITY Sacha Dubois Solution Architect Infrastructure sadubois@redhat.com 13. März 2015 - Seite 1 / 25 I.T. CHALLENGES 13. März

More information

Cloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013

Cloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013 Cloud Computing in the Enterprise An Overview For INF 5890 IT & Management Ben Eaton 24/04/2013 Cloud Computing in the Enterprise Background Defining the Cloud Issues of Cloud Governance Issue of Cloud

More information

Introduction to Cloud Computing

Introduction to Cloud Computing Introduction to Cloud Computing Cloud Computing I (intro) 15 319, spring 2010 2 nd Lecture, Jan 14 th Majd F. Sakr Lecture Motivation General overview on cloud computing What is cloud computing Services

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

Application Containers

Application Containers Application Containers Transcending the private-public cloud frontier Digital Ecosystem platform provides manufacturers new channels for customer engagement and monetization of product ideas Today s digital

More information

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013

More information

Management for the Mobile-Cloud Era

Management for the Mobile-Cloud Era Management for the Mobile-Cloud Era Sajai Krishnan VP Product Marketing Cloud Management Business Unit September 10, 2014 2014 VMware Inc. All rights reserved. Mobile-cloud Era - The CIO paradox New expectations

More information

CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST

CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST CENTER FOR ADVANCED SECURITY TRAINING 618 Designing and Implementing Cloud Security About EC-Council Center of Advanced Security Training () The rapidly evolving information security landscape now requires

More information

Security of Cloud Computing for the Power Grid

Security of Cloud Computing for the Power Grid ANNUAL INDUSTRY WORKSHOP NOVEMBER 12-13, 2014 Security of Cloud Computing for the Power Grid Industry Panel November 12, 2014 UNIVERSITY OF ILLINOIS DARTMOUTH COLLEGE UC DAVIS WASHINGTON STATE UNIVERSITY

More information

Virtualization Impact on Compliance and Audit

Virtualization Impact on Compliance and Audit 2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance

More information

Cloud, where are we? Mark Potts, HP Fellow, CTO Cloud November 2014

Cloud, where are we? Mark Potts, HP Fellow, CTO Cloud November 2014 Cloud, where are we? Mark Potts, HP Fellow, CTO Cloud November 2014 What do the experts say? 3 4 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated

More information