basics of cloud computing ibm
TRANSCRIPT
-
8/6/2019 Basics of Cloud Computing IBM
1/40
June 27, 2011
The Basics of Cloud Computing: FromGetting Started to Security- Get All YourBases Covered
-
8/6/2019 Basics of Cloud Computing IBM
2/40
Interactivity Tips
1. Ask A Question
2. Download a PDF copy of todays presentation
3. Group Chat
4. Social Networking Tools
-
8/6/2019 Basics of Cloud Computing IBM
3/40
Todays Agenda
Moderator: Elliot Markowitz - Vice President ofStrategic Content Development - Ziff Davis Enterprise
Guy Currier - Executive Director, Research - Ziff Davis
Enterprise
Joe Leonard - Security Practice Manager Presidio
Ric Telford - Vice President - IBM Cloud Services
-
8/6/2019 Basics of Cloud Computing IBM
4/40
Cloud Computing and ItsImplications: Infrastructure,
Operations, and Security
Guy Currier, Senior Editor / Research
-
8/6/2019 Basics of Cloud Computing IBM
5/40
Cloud computing
doesnt create atechnologyvacuum.
-
8/6/2019 Basics of Cloud Computing IBM
6/40
Cloud Computing: Why Were HereToday
The buzz around the cloud is quickly moving tosystem management and integration. Fornewly adopted cloud environments, how do you:
allocate resources?
provide security?
integrate existing operations?
integrate proliferating new apps, services, andfeatures?
-
8/6/2019 Basics of Cloud Computing IBM
7/40
Dissociation of the two halves of computing:1.the user interface
2.the data and its processing
Versatility:
low cost and high speed of entry and exit
particlization
broad range of customization
Integration: the key to the whole endeavor
Cloud Computing as a TemplateNot a Technology
-
8/6/2019 Basics of Cloud Computing IBM
8/40
-
8/6/2019 Basics of Cloud Computing IBM
9/40
Storage Cloud Computing Cloud
Have been lumped together as infrastructure asa service, or IaaS
But theyre fundamentally distinct
Storage: where to find the information
Computing: what to do with it
So there are different offerings for eachyoucan use different vendors or solutions for each
(More confusion: IaaS also stands for integrationas a service, which is actually PaaS )
-
8/6/2019 Basics of Cloud Computing IBM
10/40
Key Findings from Our CloudResearch
The attraction of cloud computing isnt cost-savings on equipmentits about versatility
Concerns about cloud computing deploymentshinge upon the loss of control adopters face
Infrastructure needs remain, and managementand integration needs grow Modern server, storage, client plant; robust network
Application infrastructure
Integration platforms and services RISK-MANAGEMENT (security, continuity/back-
up, compliance)
-
8/6/2019 Basics of Cloud Computing IBM
11/40
Both Public and Private CloudsProvide Flexibility, Speed
0% 5% 10% 15% 20% 25% 30%
Increased flexibility/versatility
Lower fixed costs for whole organization
Increased scalability
Reduced demand on IT staff
Reduced maintenance/migration costsReduced demand on hardware
Increased data security
Increased user productivity
Happier users
More user access to IT resources
Centralization of org.s fixed costs
Easier compliance
Top Benefits Expected, Next 2 Years
Public
Private
Source: Cloud-Computing Study, Baseline, May 2011 (N=320, 329)
-
8/6/2019 Basics of Cloud Computing IBM
12/40
Both Public and Private CloudsProvide Flexibility, Speed
0% 5% 10% 15% 20% 25% 30%
Increased flexibility/versatility
Lower fixed costs for whole organization
Increased scalability
Reduced demand on IT staff
Reduced maintenance/migration costsReduced demand on hardware
Increased data security
Increased user productivity
Happier users
More user access to IT resources
Centralization of org.s fixed costs
Easier compliance
Top Benefits Expected, Next 2 Years
Public
Private
Source: Cloud-Computing Study, Baseline, May 2011 (N=320, 329)
-
8/6/2019 Basics of Cloud Computing IBM
13/40
The Kinds of Flexibility and SpeedYou Get with Cloud Computing
Elasticity(scalability up or
down)
Ease ofentry
and exit
Control point:where the cloud
begins
Scopeof
service
-
8/6/2019 Basics of Cloud Computing IBM
14/40
Kind of Cloud Service, Defined byIts Scope
-
8/6/2019 Basics of Cloud Computing IBM
15/40
The Cloud Computing TemplateHolds the Seeds of Its Own
Destruction
Elasticity (scalability up or down)
Ease of entry and exit
Control point: where the cloud begins
Scope of service
aspect of a cloud solution security verdict
-
8/6/2019 Basics of Cloud Computing IBM
16/40
The Consequences of Elasticity andEase of Entry
0% 5% 10% 15% 20% 25% 30%
Preventing unauthorized data access
Risk of occasional data unavailability
Preventing data loss
Service costs that are rising, or may rise
Uncertainty about cloud vendors future
Handling risk of slow applications
Possibility of offshore data storage
Less ability to customize
Makes compliance more difficult
Legal risk of losing document versions
Risk of higher migration costs
Top Challenges, Next Two Years
Public
Private
Source: Cloud-Computing Study, Baseline, May 2011 (N=320, 329)
S
S
S
S
-
8/6/2019 Basics of Cloud Computing IBM
17/40
The Consequences of Flexibility inControl Point and in Scope of
Service
Not sowidely
recognized.
-
8/6/2019 Basics of Cloud Computing IBM
18/40
Information Hardware Software Interface User
The Consequences of Flexibility inControl Point and in Scope of
Service
-
8/6/2019 Basics of Cloud Computing IBM
19/40
The Consequences of Flexibility inControl Point and in Scope of
Service
Risks
Uncertainty in dataaccess points
Greater variation insystem transparency,depending on solutionneeded
Opportunities
Better balance of securityand application
investment Ability to pick the cloud
scheme that fits withcurrent capabilities
-
8/6/2019 Basics of Cloud Computing IBM
20/40
The Consequences of Flexibility inControl Point and in Scope of
Service
Risks
More complexapplications and systems
Many more entry points Function
Portal
Device
Really, much much morecomplex systems!
Opportunity
Ability to target securitymeasures granularly
even by feature
-
8/6/2019 Basics of Cloud Computing IBM
21/40
Connecting the Dots
Cloud computing provides organizations withgreater versatility in building out capabilities
But it also presents key challenges:
Data loss or security breach (even for private clouds)
Lost productivity or other costs related tounavailability, slower performance, poor integration
Maintenance and management costs from holding itall together
Organizations still must seek, and can get,the control and performance theyre used
tothey just havent demanded it yet.
-
8/6/2019 Basics of Cloud Computing IBM
22/40
Paired for
Presidio Networked SolutionsBreaches are becoming complex and targeted
What do we do?
Joe Leonard, CISA, CISM, CRISC, CISSP, CCSK, CCSP, CEH
Secure Networks Practice Manager
June 27, 2011
-
8/6/2019 Basics of Cloud Computing IBM
23/40
Agenda
Security in the News
Security Consulting Portfolio
Presidio Typical Assessment Findings Recommendations to protect your
organization
SANS Consensus Audit Guidelines
23
-
8/6/2019 Basics of Cloud Computing IBM
24/40
Security in the News
RSA SecureID breach Daily news articles Cost of breach TBD
Sony Network 77M records compromised Network down 1 week
Minimum damage estimate $170MLockheed Martin Cyber incident
Replaced 90,000 SecureID Tokens
InternationalMonetaryFund
Economic Espionage Theft of large quantities of data Spear fishing attack (digital insider) Not detected for months
Citigroup 360,000 accounts compromised
SonyUS SenateCIA
Hacktivists Multiple attacks Sites inaccessible (DoS)
Organization Details MAR APR MAY JUN
http://www.privacyrights.org/data-breach 24
-
8/6/2019 Basics of Cloud Computing IBM
25/40
Security Consulting Portfolio
25
Portfolio BenefitsSecurity Strategy Design and implement information security
program to protect data.
Security Assessments VulnerabilityRiskNetworkVirtualizationCloud
Security Integration Implement industry leading security controlsAssessments are snapshots in time
-
8/6/2019 Basics of Cloud Computing IBM
26/40
Presidio Typical Assessment Findings
Poor patch management Anti-virus software out-of-date
Security controls not tested
SNMP weaknesses
Password management
No logging and alerting
Hardware vulnerable
Reconnaissance (map network)
Network available to intruders
Poor change control Applications vulnerable to attack
No security awareness training
26
-
8/6/2019 Basics of Cloud Computing IBM
27/40
Recommendations
Security Strategy - Senior management develop,implement, and enforce a comprehensive informationsecurity program that defines security policies, standardsand procedures that are part of culture.
Education & Training - Educate users on securitypolicies and threats to the organization.
Continuous Monitoring - Test systems regularly andperform remediation. (Quarterly and Annual vulnerability
assessments use to be recommended, however it is nowrecommended to perform daily monitoring.)
Controls - Deploy strong perimeter controls FW, IPS,Web/Email and Web Application Firewalls.
27
-
8/6/2019 Basics of Cloud Computing IBM
28/40
Recommendations (cont.)
Segmentation - Segment sensitive data and systemsfrom the general network.
Configuration Management - Develop, implement, andenforce configuration management policies and
procedures for all systems.
Authentication - Utilize strong authentication for alladministrative and remote access connections.
Least Privilege - Control user access based on least
privilege and need to know.
Endpoint security controls Deploy AV/AS/MDM/HIPS
Incident Response Plan - Develop and test incidentresponse plan.
28
SANS C A di G id li (CAG)
-
8/6/2019 Basics of Cloud Computing IBM
29/40
SANS Consensus Audit Guidelines (CAG)20 Critical Security Controls
1. Inventory of authorized and unauthorized
devices2. Inventory of authorized and unauthorized
software
3. Secure configurations for hardware andsoftware for laptops, workstations andservers
4. Secure configurations for networkdevices such as firewalls, routers andswitches
5. Boundary defense
6. Maintenance, monitoring and analysisof audit logs
7. Application software security
8. Controlled use of administrationprivileges
9. Controlled access based or need to know
10. Continuous vulnerability assessmentand remediation
11. Access monitoring and control
12. Malware defenses13. Limitation and control of network ports,
protocols and services
14. Wireless device control
15. Data Loss Prevention (DLP)
29
Can be automated
Cannot be automated
http://www.sans.org/critical-security-controls/
16. Secure networking engineering17. Penetration tests and red team exercises.
18. Incident response capability
19. Data recovery capability
20. Security skills assessment andappropriate training to fill gaps
-
8/6/2019 Basics of Cloud Computing IBM
30/40
Thank you for joining us today!
Presidio Networked Solutions
7601 Ora Glen [email protected]
Voice: (301) 313.2058
Mobile (301) 704.5037
30
-
8/6/2019 Basics of Cloud Computing IBM
31/40
2011 IBM Corporation
Basics of Cloud Computing
Ric TelfordJune 27, 2011
-
8/6/2019 Basics of Cloud Computing IBM
32/40
2011 IBM Corporation32
CIO visionary plans are evolving: business intelligence andanalytics remain at the top, with cloud computing moving into the
top four
Source: 2011 CIO Study, Q12: Which visionary plans do you have to increase competitiveness over the next 3 to 5 years? (n=3,018)
IBM Institute for Business Value
2009 2011
Business Intelligence and analytics83%
83%
Mobility solutions 74%
68%
Virtualization 68%75%
Cloud computing 60%33%
Business process management 60%64%
Risk management and compliance 58%71%
Self-service portals57%
66%
Collaboration and Social Networking55%
54%
Most important visionary plan elements(Interviewed CIOs could select as many as they wanted)
-
8/6/2019 Basics of Cloud Computing IBM
33/40
2011 IBM Corporation
Appl Appl
Cloud Computing should be part of overall IT Strategy
Consolidate hardwareinfrastructure
Eliminate redundantsoftware and data
Improve service
delivery
Optimize the overall IT environment
Compress Deduplicate Integrate Archive
Appl Appl Appl Appl SOA
Cloud Computing
Integrated Service Management
Visibility AutomationControl
Modernize theenterprise
IT Systems
ManualTasks
Automated Process
Information
33
-
8/6/2019 Basics of Cloud Computing IBM
34/40
2011 IBM Corporation34
Readyfor Cloud
Evaluate the IT services you provide for Cloud readiness
SensitiveData
ComplexProcesses &Transactions
Regulation
Sensitive
Not yetVirtualized
3rd Party SW
HighlyCustomized
Analytics
Collaboration
Development& Test
Workplace, Desktop& Devices
InfrastructureStorage
Infrastructure
Compute
BusinessProcesses
IndustryApplications
Pre-ProductionSystems
InformationIntensive
IsolatedWorkloads
MatureWorkloads
BatchProcessing
Maynot yet
be readyfor migration
-
8/6/2019 Basics of Cloud Computing IBM
35/40
2011 IBM Corporation35
Decide which of the Cloud deployment options is right for each ITservice
EnterpriseData Center
PrivateCloud
ManagedPrivate Cloud
HostedPrivate Cloud
SharedCloud Services
PublicCloud Services
EnterpriseData Center
Third-partyoperated
Enterprise
Third-partyhosted andoperated
Enterprises Users
Free Register Credit Card Click to contract
HybridInternal and external service deliverymethods are integrated
Private Public
IT capabilities are provided as aservice, over an intranet, within theenterprise and behind the firewall
IT activities / functions areprovided as a service, overthe Internet
-
8/6/2019 Basics of Cloud Computing IBM
36/40
2011 IBM Corporation
Have an architecture for your private cloud
Define the
services you willdeliver
Define the
components of acommon deliveryplatform
Common Cloud Management Platform
Virtualized Infrastructure Server, Storage, Network, Facilities
CloudServices
Software-as-a-Service
Platform-as-as-Service
Infrastructure-as-a-Service
Business-Process-as-a-Service
Metering, Analytics & Reporting
Configuration Mgmt
Offering Mgmt
Order Mgmt
Accounting & Billing
Customer Mgmt
Entitlements
Contract Mgmt SLAReporting
Pricing & Rating
Peering & Settlement
Subscriber Mgmt
Service OfferingCatalog
Invoicing
Service Automation Management
Virtualization Mgmt
Provisioning
Monitoring &Event Mgmt
IT Asset & License Mgmt
Service Request Mgmt
IT Service Level Mgmt
Image Lifecycle Mgmt
Capacity &Performance Mgmt
Incident, Problem &Change Management
BSSBusinessSupportSystem
API
ServiceDeliveryPortal
OSSOperationalSupportSystem
Service Delivery Catalog
Service Templates
-
8/6/2019 Basics of Cloud Computing IBM
37/40
2011 IBM Corporation37
Have a roadmap for evolving your private cloud services
Integrated Middleware Platform& Image ManagementIndividualDeployment
Middleware
Application
Hardware
Today Tomorrow
Operating System
Shared Hardware
Shared Hardware & VirtualizedApplications
MW
App
OS
MW
App
OS
MW
App
OS
Benefits Increased utilization of infrastructure Location independent deployment
BenefitsStandardized middleware Increased utilization of software Improved deployment speedSimplified applications
management
Shared Infrastructure
Integrated Middleware Platform
App App App App
Image
Management
Challenges
Low hardwareutilization
Heavilycustomizedinfrastructure
Challenges
Building images Image proliferationGovernance of changesCreation of composite applicationsConnectivity to legacy and off
premises applications
Yesterday
-
8/6/2019 Basics of Cloud Computing IBM
38/40
2011 IBM Corporation38
-
8/6/2019 Basics of Cloud Computing IBM
39/40
Thank You,
QUESTIONS?
-
8/6/2019 Basics of Cloud Computing IBM
40/40
Attendee Services
Download a copy of todays presentation
Provide your feedback! Please complete our
survey.
A recorded version of this seminar will be
available at www.eSeminarsLive.com
View a calendar of our Upcoming Events