Lifting the Fog Around Cloud Computing. Eric A. Hibbard, CISSP-ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems



Similar documents
Latest in Cloud Computing Standards. Eric A. Hibbard, CISSP, ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems

6 Cloud computing overview

Cloud Computing Standards: Overview and first achievements in ITU-T SG13.

Attacking the roadblocks preventing aggressive adoption of Cloud Standards:

Cloud Computing Standards: Overview and ITU-T positioning

ca IT Leaders Forum Working in the Cloud using the new ISO/IEC/ITU-T Cloud Computing Standards Dr David Ross, Chief Information Security Officer,

ITU- T Focus Group Cloud Compu2ng

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

Informationsteknologi Cloudcomputing Oversigt og ordliste

Comparative Analysis of SOA and Cloud Computing Architectures using Fact Based Modeling

This document is a preview generated by EVS

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP HP ENTERPRISE SECURITY SERVICES

White Paper on CLOUD COMPUTING

CHAPTER 8 CLOUD COMPUTING

ISO/IEC & ediscovery (ISO/IEC 27050) Eric A. Hibbard, CISSP-ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems

ISO/IEC JTC 1/SC 38 N 282

Public Cloud Workshop Offerings

Comparative Analysis of SOA and Cloud Computing Architectures Using Fact Based Modeling

Cloud Computing Technology

Why Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB

ISO/IEC JTC 1 SC 38 Cloud Works & Issues

Cloud Computing and Standards

Session 4 Cloud computing for future ICT Knowledge platforms

Cloud Standards - A Telco Perspective

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University

CLOUD COMPUTING. A Primer

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Cloud Storage Security with a Focus on CDMI. Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems

Private Cloud Database Consolidation with Exadata. Nitin Vengurlekar Technical Director/Cloud Evangelist

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security Introduction and Overview

Architecting the Cloud

NATO s Journey to the Cloud Vision and Progress

Orchestrating the New Paradigm Cloud Assurance

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs


OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Cloud Computing An Elephant In The Dark

Lecture 02b Cloud Computing II

Copyright 2010 NTT DATA AgileNet L.L.C. 12/06/2010 NTT DATA Agilenet L.L.C. Kenji Motohashi

Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner. 23 February 2012

Cloud Computing; What is it, How long has it been here, and Where is it going?

Enterprise Architecture and the Cloud. Marty Stogsdill, Oracle

Fundamental Concepts and Models

The Road to Cloud Standards via a Reference Architecture

CSO Cloud Computing Study. January 2012

Clinical Trials in the Cloud: A New Paradigm?

Key Considerations of Regulatory Compliance in the Public Cloud

The NIST Cloud Computing Program

CLOUD COMPUTING OVERVIEW

Enterprise Architecture and the Cloud. Marty Stogsdill, Oracle

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST

Cloud Storage: Where Does It Fit Into Tomorrow s IT?

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

How To Understand Cloud Usability

Cloud Computing in the Czech Republic

Storage Clouds. Enterprise Architecture and the Cloud. Author and Presenter: Marty Stogsdill, Oracle

Information Security ISO Standards. Feb 11, Glen Bruce Director, Enterprise Risk Security & Privacy

Cloud Computing: Advantages and Security Challenges

IT Audit in the Cloud

NIST Cloud Computing Security Reference Architecture (SP draft)

CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS

Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago

Certified Cloud Computing Professional VS-1067

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT

Professional Cloud Solutions and Service Practices

Storage Clouds. Karthik Ramarao. Director of Strategy and Technology and CTO Asia Pacific, NetApp Board Director SNIA South Asia

CLOUD COMPUTING DEMYSTIFIED

Standardised SLAs: how far can we go? DIHC, Euro-Par 2013, Aachan John Kennedy Intel Labs Europe

Transcription:

Lifting the Fog Around Cloud Computing Eric A. Hibbard, CISSP-ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems 1

Straw Poll Cloud Awareness A. To truly understand clouds one should have a solid background in meteorology B. Cloud is the latest marketing buzz used by IT vendors to push their wares C. Cloud is a new business model to only pay for what you use D. New paradigm for using IT resources E. All of the above 2

Cloud Computing paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with on-demand self-service provisioning and administration Terminology Source: ISO/IEC 2ndCD 17788 (Cloud computing Overview and vocabulary) 3

Major Cloud Computing Roles Cloud Service Customer party which is in a business relationship for the purpose of using cloud services Sub-roles: Cloud Service User, Customer Cloud Service Administrator, Customer Business Manager, and Customer Cloud Service Integrator Cloud Service Provider party which makes cloud services available Sub-roles: Cloud Service Manager, Development Manager, Cloud Service Administrator, Customer Support & Care Representative, Business Manager, Security & Risk Administrator, Inter-cloud Provider Cloud Service Partner party which is engaged in support of, or auxiliary to, activities of either the cloud service provider or the cloud service customer Sub-roles: Cloud Service Developer, Auditor, and Cloud Broker 4

Cloud Deployment Models Private Cloud cloud deployment model that is shared exclusively by a single cloud service customer and resources are controlled by the cloud service customer Public Cloud cloud deployment model that is potentially available to any cloud service customer and resources are controlled by the cloud service provider Hybrid Cloud deployment model of cloud computing using at least two different cloud deployment models Community Cloud cloud deployment model that exclusively supports and is shared by a specific collection of cloud service customers and resources are controlled by at least one member of this collection 5

NIST View of the Cloud 6

Cloud Service Capabilities Cloud Capabilities Type classification of the functionality, based on resources used, provided by a cloud service to the cloud service customer Application Capabilities Type cloud capabilities type in which the cloud service customer can use the cloud service provider s applications Platform Capabilities Type cloud capabilities type in which the cloud service customer can deploy, manage and run customercreated or customer-acquired applications using programming language specific execution environment supported by the cloud service provider Infrastructure Capabilities Type cloud capabilities type in which the cloud service customer can provision and use processing, storage and networking resources so that they are able to deploy and run arbitrary software 7

Common Cloud Service Categories Infrastructure as a Service (IaaS): a cloud service category in which the cloud capabilities type provided to the cloud service customer is an infrastructure capabilities type Platform as a Service (PaaS): a cloud service category in which the cloud capabilities type provided to the cloud service customer is a platform capabilities type Software as a Service (SaaS): a cloud service category in which the cloud capabilities type provided to the cloud service customer is an application capabilities type Network as a Service (NaaS): a cloud service category in which the capability provided to the cloud service customer is transport connectivity and related network functionalities. 8

Common Cloud Service Categories Communications as a Service (CaaS): a cloud service category in which the capability provided to the cloud service customer is real time communication and collaboration. Data Storage as a Service: (DSaaS): a cloud service category in which the capability provided to the cloud service customer is the provision and use of data storage and related capabilities Compute as a Service: (CompaaS): a cloud service category in which the capabilities provided to the cloud service customer are the provision and use of processing resources needed to deploy and run arbitrary software. 9

Building Cloud Service Categories Network as a Service (NaaS) Cloud Cross-cutting Aspects Cloud Service Capabilities Application Capabilities Type Platform Capabilities Type Infrastructure Capabilities Type Public Hybrid Private 10

Service Categories vs. Capability Types Cloud Service Categories Software as a Service Platform as a Service Infrastructure as a Service Cloud Capabilities Types Infrastructure Platform Application X Network as a Service X X X Data Storage as a Service X X X Compute as a Service X Communication as a Service X X... X X Washing-machine as a Service (WaaS) 11

Take Aways 12

Background Slides 13

Sample Cloud SDO Relationships CSA ITU-T CT-CC ENISA ISO/IEC SC27 ISO/IEC SC38 TCG INCITS/ CS1 INCITS/ DAPS38 Formal Informal IEEE NIST SNIA DMTF 14

Standards Alphabet Soup CSA = Cloud Security Alliance DMTF = Distributed Management Task Force ENISA = European Network and Information Security Agency ETSI = European Telecommunications Standards Institute IEC = International Electrotechnical Commission IEEE = Institute of Electrical and Electronics Engineers INCITS = International Committee for Information Technology Standards ISO = International Organization for Standardization ITU-T = International Telecommunication Union Telecom NIST = National Institute for Standards and Technology OASIS = Organization for the Advancement of Structured Information Standards SNIA = Storage Networking Industry Association TCG = Trusted Computing Group 15

ISO/IEC 17789 Cloud Computing Reference Architecture (Functional Components) 16

eric.hibbard@hds.com THANK YOU 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information