yvette@yvetteagostini.it yvette@yvetteagostini.it

Similar documents
Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

IS PRIVATE CLOUD A UNICORN?

The NIST Definition of Cloud Computing (Draft)

White Paper on CLOUD COMPUTING

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

The NIST Definition of Cloud Computing

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

Cloud Computing: The Next Computing Paradigm

Capability Paper. Today, aerospace and defense (A&D) companies find

Kent State University s Cloud Strategy

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE

Cloud Computing; What is it, How long has it been here, and Where is it going?

Soft Computing Models for Cloud Service Optimization

OVERVIEW Cloud Deployment Services

Technology & Business Overview of Cloud Computing

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Cloud Security Introduction and Overview

Cloud Computing An Elephant In The Dark

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era ( ) Workstation Era ( ) Xerox Star 1981!

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Private Cloud 201 How to Build a Private Cloud

CHAPTER 8 CLOUD COMPUTING

An Introduction to Cloud Computing Concepts

Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges.

Introduction to Cloud Computing

Analysis and Strategy for the Performance Testing in Cloud Computing

Cloud Computing Service and Legal Issues

Cloud computing is a marketing term for technologies that provide servers, outside of the firewall, for:

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH Agenda. Security Cases What is Cloud? Road Map Security Concerns

Managing Cloud Computing Risk

Certified Cloud Computing Professional Sample Material

Radware Cloud Solutions for Enterprises. How to Capitalize on Cloud-based Services in an Enterprise Environment - White Paper

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com

AskAvanade: Answering the Burning Questions around Cloud Computing

Mobile Cloud Computing Security Considerations

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Future of Cloud Computing in India

Enhancing Operational Capacities and Capabilities through Cloud Technologies

The Cloud vs. the Back-Office. Which is right for you?

ITSM in the Cloud. An Overview of Why IT Service Management is Critical to The Cloud. Presented By: Rick Leopoldi RL Information Consulting LLC

CSO Cloud Computing Study. January 2012

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Getting Familiar with Cloud Terminology. Cloud Dictionary

Cloud Computing & Hosting Solutions

Cloud Panel Draft Statement of Requirement

CLOUD COMPUTING, TRADE SECRET / KNOW-HOW & EUROPEAN LEGAL FRAMEWORK

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

Sriram Krishnan, Ph.D.

CLOUD COMPUTING GUIDELINES FOR LAWYERS

Cloud Computing Technology

CLOUD COMPUTING DEMYSTIFIED

Where in the Cloud are You? Session Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)

Capturing the New Frontier:

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner. 23 February 2012

Vormetric Data Security Securing and Controlling Data in the Cloud

Cloud Models and Platforms

Security Considerations for Public Mobile Cloud Computing

Tutorial on Client-Server Architecture

Towards the Cloud! Ian Osborne Director, Digital Systems KTN, Intellect

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

Introduction to Cloud Services

agility made possible Steven Romero Robert E Stroud

PRIVATE CLOUD PLATFORM OPTIONS. Stephen Lee CEO, ArkiTechs Inc.

Flying into the Cloud: Do You Need a Navigator? Services. Colin R. Chasler Vice President Solutions Architecture Dell Services Federal Government

How To Get A Cloud Based System In Your Country

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

Cloud Computing. Bringing the Cloud into Focus

Viswanath Nandigam Sriram Krishnan Chaitan Baru

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

SCADA Cloud Computing

Chapter 2 Cloud Computing

CLOUD COMPUTING SECURITY ISSUES

Security & Trust in the Cloud

CLOUD COMPUTING OVERVIEW

Architectural Implications of Cloud Computing

Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer

Cloud Computing for SCADA

Plant Software in the Cloud

CLOUD COMPUTING PHYSIOGNOMIES A 1.1 CLOUD COMPUTING BENEFITS

Student's Awareness of Cloud Computing: Case Study Faculty of Engineering at Aden University, Yemen

Performance in the cloud

CLOUD COMPUTING. A Primer

THE CLOUD- CHANGING THE INDIAN HEALTHCARE SYSTEM

Addressing Data Security Challenges in the Cloud

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Compliant Cloud Computing Managing the Risks

Compliant Cloud Computing Managing the Risks

The HIPAA Security Rule: Cloudy Skies Ahead?

CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS

Transcription:

1

The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work is licensed under Creative Commons Attribution-Share Alike License No warranties on accuracy. Use it at your own risk, under the license terms. Feel free to drop me a line if you want to discuss the content of this document. My email address is 2

economies of scale for all the resources involved with computing services optimal resource use = computing resources abstracted from underlying hardware Computing, content storage and processing are massively distributed content is delivered and received as close to customers as possible = global distribution and redundancy = resources managed in bulk, both physically and logically 3

2013: 2008: 6,005m 971m IDC s European market for cloud services forecast as cited in Cloud Computing Benefits, risks and recommendations for information security by ENISA 4

on-demand service model for IT provision, often based on virtualization and distributed computing technologies a new way of delivering computing resources Computing services (from data storage and processing to software) available instantly, commitment-free and on-demand. not a new technology 5

Hybrid Clouds Deployment Models Private Cloud Community Cloud Public Cloud Service Models Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Essential Characteristics On Demand Self-Service Broad Network Access Rapid Elasticity Resource Pooling Measured Service Massive Scale Resilient Computing Common Characteristics Homogeneity Virtualization Geographic Distribution Service Orientation Low Cost Software Advanced Security 6

On-demand self-service A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service s provider Broad network access Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs) Resource pooling The provider s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines Rapid elasticity Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time Measured service Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service 7

Application/Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Security note: Risks and benefits associated with each model are different The same is true for key considerations in contracting for this type of service 8

ENISA definition is software offered by a third party provider, available on demand, usually via the Internet configurable remotely. Examples include online word processing and spreadsheet tools, CRM services and web content delivery services (Salesforce CRM, Google Docs, etc). NIST definition The capability provided to the consumer is to use the provider s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings 9

ENISA definition allows customers to develop new applications using APIs deployed and configurable remotely. The platforms offered include development tools, configuration management, and deployment platforms. Examples are Microsoft Azure, Force and Google App engine. NIST definition The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. 10

ENISA definition provides virtual machines and other abstracted hardware and operating systems which may be controlled through a service API. Examples include Amazon EC2 and S3, Terremark Enterprise Cloud, Windows Live Skydrive and Rackspace Cloud NIST definition The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls) 11

Private cloud The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. Community cloud The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. Public cloud The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Hybrid cloud The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds). 12

Cloud Infrastructure SaaS Cloud Infrastructure PaaS SaaS Cloud Infrastructure IaaS PaaS SaaS Software as a Service (SaaS) Architectures Cloud Infrastructure PaaS Cloud Infrastructure IaaS PaaS Platform as a Service (PaaS) Architectures Cloud Infrastructure IaaS Infrastructure as a Service (IaaS) Architectures 13

Benefits SCALE MARKET DIFFERENTIATOR STANDARDIZED INTERFACES FOR MANAGED SECURITY SERVICES RAPID, SMART SCALING OF RESOURCES AUDIT AND EVIDENCE-GATHERING MORE TIMELY AND EFFECTIVE AND EFFICIENT UPDATES AND DEFAULTS BETTER RISK MANAGEMENT RESOURCE CONCENTRATION Risks LOSS OF GOVERNANCE LOCK-IN ISOLATION FAILURE COMPLIANCE RISKS MANAGEMENT INTERFACE COMPROMISE DATA PROTECTION INSECURE OR INCOMPLETE DATA DELETION MALICIOUS INSIDER 14

Cloud Computing Benefits, risks and recommendations for information security [http://ww.enisa.europa.eu/act/rm/files/deliverables/cl oud-computing-riskassessment/at_download/fullreport] The NIST Definition of Cloud Computing [http://csrc.nist.gov/groups/sns/cloudcomputing/cloud-def-v15.doc] Effectively and Securely Using the Cloud Computing Paradigm [http://csrc.nist.gov/groups/sns/cloudcomputing/cloud-computing-v26.ppt] 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information