cloud security - cloud arena - tim willoughby
DESCRIPTION
Presentation at CloudArena - on Cloud SecurityTRANSCRIPT
My name is Tim
I explain technology…
to people who don’t understand it…
people who think they do understand it…
people who despise it…
and people who worship it.
…that help people understand how technology might help their Organisation…
I rese
arch
,
pilot a
nd
writ
e
thin
gs...
I live here... According to Google Streetmaps
8
In Technical Terms
•I’m a Webservice –•Sitting between the Technical Teams and the Business Teams, translating and relating between them..•With Plenty of SOAP and REST....
Turn that noise off, can’t you see I’m busy…
keep your silly ideas to yourself - I’ve got a job to do!
I live in Naas…
• NAAS– Network as a Service
• Used to be a Nice place to shop!
Can Cloud Computing transform
Government?
Not all Clouds are good!
Open Government?
“If people don’t know what you’re doing, they don’t know what you’re doing wrong”
“Jim Hacker” Open Government (I980)
Cloud is forcing ChangeWith or Without the Owners / Shareholders
So far ICT has not fundamentally changed government
• 1990s: lCT expected to make government more transparent, efficient and user oriented
• 2005+: disillusion as bureaucracy still in existence
• Can Cloud Help?
Jane E. Fountain – Gov 1.0 – Just Replicating the Silos on the Internet
Goverment dont always Understand What the people Want?
What governments often Deliver
Why have we not done so well?
Taking theego out of
egovernment
It is unfortunate that the first 3 letters of eGovernment are…
Security is changing
• Security has to be appropriate• Security has to be measured • Can have things so secure that they are
unusable.
CIO Priorities…
Source: “ Gartner Scenario: The Current State and Future Directions of the IT Industry”
What is Cloud
• Vendors – Whatever you want / Need it to be…
• Its too Vague – • Talking about Cloud Security – when Cloud is
defined as everything you ever wished for…
Moving to the Cloud?
1. Leaving your apartment!
2. Moving your Data
BarriersPsychological Barriers
Platform Lock-In, Dependence, Governance
Security Compliance Costs
Application Architecture How do we design applications lo take advantage of the cloud? Grow and shnnk on-demand (scalability) Data affinity Portability Efficiency Performance Fault-tolerance and self-healing
Positives
Scale Cost
CAPEX OPEX
Advance Architecture Agility Cost - Clouds are renowned for being dirt cheap
for storage and burst-y processing. Elasticity - Growth and shrinkage
Negatives
Security & Privacy . Conflicts with international laws?
Where is my Data - Is it safe? For Whom and at what level? Regulatory compliance: Interoperability Lack of control Standardisation SLA ( Model T Ford)
Dark Cloud?
Letter from CSSO
Challenges
Organisational barriers (Silo mentality) Reliability (service outage) Definition of SLAs (Service Level Agreement) Service management, Monitoring Customisation / Integration with other
applications
If you are going to do it..
1. Understand the options and technologies2. Have a look at what you do..3. If its complex inside the firewall…Rationalize
infrastructure & applications4. leverage SOA for applications, appropriate
standards, governance5. Identify the costs per user - Compare costs with
internal hosting. 6. Start with Open Data… no arguments here….
…We have come a long way...
Understanding the Adoption Curve
Pilot for Success
Watch for
Identity
• Still not fixed in the Enterprise…• Or on the Internet..
Legal
• Cross Border data Transfer, etc
why is Crowd and Cloud sourcing important?
Crowd Source – Group Collaboration is more powerful than individual achievement
Typical Individual effort
many hours, one map
OpenStreetMap, 2012
200,000 contributors, one map
What is Cloud?
DON’T WORRY, TRUST US, WE HAVE IT ALL UNDER CONTROL
49
What has Cloud ever done for us?
Apart from Scale, Speed, Agility, Low Cost, Enterprise Mapping, Open Data, Standards, Google, API’s, Open Street Maps, Map Servers,
GIS - More than just Location, Spatial Analysis and wider adoption now possible
Mashup
Why this is so compelling: It’s a disruptive technology
• Does it meet enterprise needs
• Easy to control• SLA / Support• Good enough for
startups and SME• “Cheap” compute• Pilot and trial…
Source: upcoming research, Cloud Computing: Not Ready For The Enterprise...Yet.
In how many years…
Cloud Computing Challenges
4) Cost 5) Security
2) Availability
3) Maintenance
End User
1) Scalability
Mind the Gap…
What How Where Who When Why
DataInformationKnowledge
Wisdom
BusinessProcessesAnalysis
Collaboration
Distributed Geography
UsersAgencies
Organisations
EventsTimes
PolicyStrategy
Databases Applications NetworksSecured
UserInterfaces
Event Processing
TraceableModels
Technology Stuff
Our Stuff
G Cloud – UK…• Distributed Cloud• Work like a Network• Everyone
• Can See• Can Play• Can Add Value (Within
Limits)• Shared Data Centres• App Store
• Issues – • Support• Code Base• Open Source Push
• My View – 3 Models• Car Boot Sale• Charity Shop• Department Store
Virtually Unlimited Storage
For storing data
Smart CitiesGartner: “networked sensors in everything we own will form a new Web (the Internet of Things). But it will only be of value if the ‘terabyte torrent’ of data it generates could be collected, analysed and interpreted”
… and .. just because we can….
Smart Local Government?
Confusion or Hype
• Public Cloud• Private Cloud• Hybrid Cloud• IAAS• PAAS• NAAS• SAAS• Etc AAS
Gcloud
Cloud
SAAS
Core
HEG
SharePoint
Planning
Fix Your Street
Open Data
PAAS
SDCC
Carlow
Wicklow
LGMA 1
LGMA 2
NAAS
IAAS
Cloud
Services
Private
Hybrid
Sharing!
BIG DATA?
Massive network of services: water, sewage, drains … Need to know asset location for planning and maintenance Many databases, varying accuracy and provenance Context
Ongoing street openings p.a. Safety!
Its all about where..
GIS Geographic Information
System• We have come a long way
Or Wizards
GIS is now Mainstream
DOE
DOT
Central Reporting Framework
Health
SFA
LA
LA
LALA LA LA LA LA
LA
LA
eReturns
Future use of Cloud!
Water Meters
• Read the Meter• View or Pay the Bill• Compare the Usage to the
Local or National Averages
• Look for areas of Savings
My Water Usage
• Smart Metering• Change my practise
Environment
• Advice and Tips on Money
• Energy• Recycling (locations of
Centres)• Refuse• Water• Energy Design
Bring Banks App
Parking
• Select County• Select Zone• Select Price willing to
pay?• Where is the Cheapest
Tourism
• History• Old Maps• Business Interests• Tourist Sites
Traffic
• Maps• Plan a Route• Feedback• GPS• Accidents• Salt• Weather alert
Roadworks
• Link to System – Online Road Works Control (OLRWC)
• License for Road Opening
• Cost of Reinstatement (Local Authority Usage)
• License for any Street usage.
Planning Applications
• View Applications• Get notified of Changes• Make Comments• Make a Submission• Notify Local Authority
of Issues?
Check the Register
• Map the Polling Stations• Where is the Nearest• Map the Route• Check the Register
Blue Flag Beaches
• Location• Nearest• Water Quality• History• Tides• Weather• Things to do…
Sports
• What is available now• How do I get there• What if I have to Cancel• Pay for it now
Parking
• Select County• Select Zone• Select Price willing to
pay?• Where is the Cheapest
Tourism
• History• Old Maps• Business Interests• Tourist Sites
Opportunity - Unfinished EstatesQR Codes for Public Participation
QR Codes
But all of these are static…..
But… would you cross the road based on 5 min old information
Where next - Augmented Reality
Bring together Big Data, Visualisation, GIS, GPS -
A problem that needs cloud to work…
What is Augmented Reality?
Water Meter
Water Meter
What do Clouds currently not do?
• Anything subject to compliancy– Includes PCI-compliant applications
• Apps that call back to performance sensitive services in your data centre
• Apps that require tight coupling between instances
• Sensitive Data• Large applications that don’t fit inside VMs
Is there anything they can’t do?
Cloud conclusions
• Government cannot ignore cloud• Public Cloud and Big Data• Public Cloud and Open Data• SLA needs to be more Open• Future is Cloudy