SlideShare uma empresa Scribd logo
1 de 15
Baixar para ler offline
Future of
Cloud Computing
Irena Bojanova, Ph.D.
UMUC, NIST
No Longer On The Horizon
Essential Characteristics

• Pay/charge-per-use access to applications,
software development & deployment
environments, and computing infrastructure.
• Optimized, efficient computing through
enhanced collaboration, agility, scalability, and
availability.

• On-demand Self-Service
• Broad Network Access
• Resource Pooling
• Rapid Elasticity
• Measured Service

Service models (SPI)

Natural evolution of the Web:

• Software as a Service (SaaS)
• Platform as a Service (PaaS)
• Infrastructure as a Service (IaaS)

Web Sites

Applications

Deployment models
•
•
•
•

Private
Community
Public
Hybrid

 Next logical step for IT industry
 Strategic weapon in enterprise computing
 Norm in every sector of society.

SaaS

Developer
Platforms

PaaS
Compute
and Store

IaaS

Governments, organizations, and individuals adopt
cloud computing 
to manage information instead of infrastructure.
Now Focus On
• Initial Risks Evaluation – using CSA’s framework
•
•
•
•

Importance of data and applications/functions/processes to be moved to Cloud
Risk tolerance of organization
Acceptable deployment and service models combinations
Potential exposure points for sensitive information and operations.

• Multi-Tenancy – the True Cloud solution
•
•
•




Data and applications of different consumers share platforms, storage, and networks
Tightly related to resource pooling  Economies of scale, passed to costumers
Use of newest technology and the latest software versions
Logical separation is a suitable substitute for physical separation.
Main risks come from not knowing the architecture
One of top 6 questions to ask: Is it hosted or a true Cloud solution?

• Cloud-Based Integration – iPaaS
• Silos –- applications and data cannot interact with on-premise systems.
• iPaaS –- development, execution and governance of integration flows
• Connecting on-premise and cloud-based processes, services, applications, and data
• Within individual or across multiple organizations.
Now Focus On (Cont.)
• Cloud Portability, Interoperability, and Federation
•
•
•
•
•



Applications and data are easily moved between platforms and providers
Scaling one service across disparate providers , while appearing and operating as one system
Interoperability is closely related to rapid elasticity and multi-tenancy
Connecting clouds through network gateways  hybrid Cloud environment
Interconnecting services of providers from disparate networks
Providers wholesale or rent resources to balance workloads and handle spikes in demand
Standard, pre-negotiated set of contracts.; Federation agreements.
Benefits for Consumers
 Choose best provider by flexibility, cost, and availability of services
 Use most appropriate infrastructure environment
 Distribute workloads around globe ;move data between disparate networks.
Benefits for Providers
 Earn revenue from idle or underutilized resources
 Expand geographic footprints without building new points of presence.

 Considerable effort: IEEE CS P2302 –
Standard for Intercloud Interoperability and Federation.
New Trends
Nexus of Forces –evolving through convergence and mutual reinforcement of:
 Social
 Mobile

 Cloud
 Big Data

• Social media and mobile apps provide platform for
effective social and business interactions.
• Cloud offers convenient and cost effective computational
and information delivery infrastructure.

• New digital economy is being built upon this Nexus in combination with the Internet of Things,
unlocking an incredible opportunity to connect everything together.
The gap between ideas and actions is being rapidly reduced through:
Near-global connectivity
Pervasive mobility
Industrial-strength compute services
Access to vast amounts of information

Without Cloud
•
•
•

Social interactions – no place to happen at scale
Mobile – no connection to data and functions
Information – stuck inside internal systems.
New Trends (Cont.)
• Personal Clouds (PC’s)
•
•
•
•

PC idea reborn -- control on data, apps, terms of service
Personal devices  Personal services; self-hosted, provider-hosted, or hybrid
Interoperable and addressable through XDI
p2p marketplace – Find and engage with anyone with PC’ – trust, reputation.

• Hybrid Clouds Evolution
• From integration of internal private clouds & public services 
Towards bringing together personal clouds & external private services
• Will have to be design with interoperability and federation in mind.

• Private Clouds Evolution
• Will have to be designed with hybrid future in mind to be able to handle future
aggregation, integration, interoperability, and customization of services
• Organizations implementing such clouds will have to:
• Handle overdrafting and cloudbursting
• Take role of cloud service brokers.
New Trends (Cont.)
From
• Cloud ~ provides ubiquitous, on-demand, elastic, selfconfigurable, cost effective computing.
and
• Mobile ~ convenient gadgets, with regional wireless
communication and limited data services and
computing and power resources.

Flyables

Drivables

To
• Cloud-Based Mobile Augmentation (CMA) ~ employs
Cloud to increase, enhance, and optimize computing
capabilities of mobile devices.
and
• Cloud Mobility ~ low-end mobile devices access cloud
computing resources and globally connected mobile
enabled resources.

Wearables

Scannables
Speaker Presention by Irena Bojanova of the University of Maryland University College | December 17, 2013 | Federal Cloud Computing Summit
Evaluating Initial Cloud Risks
Steps in Evaluating Risk

Details

1. Identify asset for cloud deployment
• Determine exactly what data or applications/ function/ process is being
considered for the Cloud.

Potential uses of asset to account for:
• Scope creep — data and transaction volumes often become
higher than expected.

2. Evaluate asset
Ask what would be the harm if:
• Determine how sensitive that data is and how important that application/ • Asset became widely public and widely distributed
function/ process is to organization. Assess confidentiality, integrity, and
• Asset were accessed by employee of Cloud provider
availability; and how risk changes if all/ part of that asset is in the Cloud
• Process/function were manipulated by outsider
— similar to project outsourcing assessment, just with wider range of
• Process/function failed to provide expected results
deployment options.
• Data were unexpectedly changed
• Asset were unavailable for a period of time
3. Map asset to cloud deployment models
Which model is acceptable for identified asset:
• Determine if any risks implicit to different deployment models (private,
• Public; Private, internal/ on premises
public, community, hybrid) and hosting scenarios (internal, external,
• Private, external — look at dedicated or shared infrastructure
combined) are acceptable.
• Community — look at hosting location, service provider,
• At this point there should be a good idea of the comfort level for
community members
transitioning to the Cloud, and which deployment models and locations fit • Hybrid — look at least at rough architecture of where
desired security and risk requirements.
components, functions, and data will reside
4. Evaluate cloud service models and providers
• Focus on degree of control organization will have at each SPI tier to
implement any required risk management (risk mitigation).
• For a specific offering, switch to a fuller risk assessment.

Consider:
• SaaS
• PaaS
• IaaS

5. Map out data flow
Consider:
• For specific provider offering, map out data flow between organization,
• Private
cloud service, any customers/ other nodes. Understand whether and how • Public
data can move in and out of the Cloud.
• Community
• For any offering, sketch out rough data flow for any deployment option
• Hybrid
on your acceptable list, to help you identify risk exposure points when
making final decisions.

Consider:
• Providers' offerings

Consider:
• Providers' offerings
Multi-Tenancy
Examples of Shared Resources by Service Model
Service Model

Shared Resources

Shared By

SaaS

Same application or database

Different consumers

Paas

Same operating system, and supporting data
and networking services

Different processes

Iaas

Same hardware via a hypervisor

Different VMs

General Methods for Achieving Multi-Tenancy
Multi-Tenancy Via
Database
Virtualization

Physical separation

Description
Database and configuration, with isolation provided
at the application layer.
VM technology, providing hardware emulation layer
over the real hardware. Multiple copies of server
OSs are run within one physical machine, while
sharing physical hardware (network cards and disk
storage) between virtual OS instances.
Resources are provided to tenants individually —
each tenant uses only dedicated hardware.

Cost
Least costly.
Might reduce services
costs and expenses, but is
more costly compared to
multi-tenancy via
databases.
Most costly.
Security Risks
•
•

PaaS builds upon IaaS, SaaS in turn builds upon PaaS 
security issues and risks are inherited just as capabilities are.
Lower down the stack, provider stops bearing responsibility, and consumer
becomes responsible for more security capabilities and management.

Service
Model
SaaS

PaaS

IaaS

Integrated Features Extensibility

Security

• Most integrated • Least
functionality built consumer
directly into the
extensibility
offering
• Customer ready • More
futures
extensible
than SaaS

• Relatively high level of integrated security - provider
responsible
• Negotiated into contracts for service (service levels,
privacy, compliance)
• Less complete built-in capabilities
• Securing the platform -- provider responsible
• More flexibility to layer on additional security
• Applications developed on platform and developing
them securely -- consumer responsibility
• Protecting underlying infrastructure and abstraction
layers -- provider responsible
• Less integrated security capabilities and
functionality beyond that
• Reminder of stack -- OSs, applications, content -managed/ secured by consumer

• Few if any
application-like
futures

• Enormous
extensibility
Multi-Tenancy Risks (1)
Deployment Model

Multi-tenancy Risks and Mitigation
Implications: Workloads of different consumers may reside:
• Concurrently on same computer system and local network,
• Separated only by access policies implemented by provider's software.
Consumers security could be compromised by flaw in:
General
• Implementation or
• Provider’s management and operational policies and procedures.
Multi-tenancy risks:
• Reliability – failure may occur
• Security – attack may be perpetrated by consumer
Implications:
• General risks apply, as there could be authorized but malicious insiders
• Different organizational functions (payroll, sensitive PII storage, IP generation)
can become accessible to not authorized users and classes of data disclosed.
On-site
Risks mitigation:
• Logical segregation techniques at network layer, such as VPN Routing and
Forwarding (VRF)
Private
• Clients are restricted to organization members or authorized guests/ partners.
Implications:
• On-site private cloud risks apply.
Risks mitigation:
Outsourced
• FISMA and OMB policy require external cloud providers to handle federal
information or operating information systems on behalf of the federal
government meet same security requirements as federal agencies.
Multi-Tenancy Risks (2)
Deployment Model

Multi-tenancy Risks and Mitigation
Implications:
• On-site private cloud risks apply, but more organizations are encompassed.
On-site
Risks mitigation:
• Restricted number of possible attackers, but more than with private onCommunity
side cloud.
Implications:
• On-site community cloud risks apply.
Outsourced
Risks mitigation:
• Restricted number of possible attackers, but more than with private cloud.
Implications:
• Workloads of any combination of consumers may be sharing a single
machine
• Workload may be co-resident with workloads of competitors or
adversaries.
Risks:
Public
• Large collection of potential attackers, as public clouds aim scaling in
consumers and resources to achieve low costs and elasticity.
Risks mitigation:
• Limited kinds of data for computations in the cloud
• Data encryption (but then data needs to be unencrypted to be processed)
• Physical separation – rent entire computer systems rather than VMs
(mono-tenancy), VPNs, segmented networks, or advanced access controls.
Interoperability (1)
Interoperability, Portability, and Cloud Service Models
Service
Model

Interoperability and Portability

IaaS

• Interoperability and portability of customer workloads are more achievable in IaaS
service
• IaaS building blocks are relatively well-defined, e.g., network protocols, CPU instruction
sets, and legacy device interfaces

PaaS

• Application written to use specific services from a vendor's PaaS will require changes to
use similar services from another vendor's PaaS
• Efforts on development of open and proprietary standard API's to enable cloud
management, security, and interoperability: Open Cloud Computing Interface Working
Group (OCCI), Amazon EC@API, ...
• Common container formats: DMTF'S Open Virtualization Format (OVF).
• Application written to those standards is far more likely to be interoperable and
portable.

SaaS

• Portability of workloads requires a level of compatibility and interoperability between
SaaS applications.
Interoperability (2)
Interoperability of Between

Application

Need of

Application components deployed as: Dynamic discovery and composition:
• SaaS
• Discover instances of application components
• Applications using PaaS
• Combine them with others at run time.
• Applications on platforms using
Note: Application component may be a complete
IaaS
monolithic application or part of a distributed application.

Platform

Platform components deployed as:
• PaaS
• Platforms on IaaS

Standard protocols for service discovery and information
exchange — indirectly these enable interoperability of
applications on these platforms.

Management

• Cloud services (SaaS, PaaS, Iaas)
and programs for implementation
of on-demand self-service.

Standard interfaces for cloud services — to create generic
system management products for both cloud services and
in-house systems.

Publication and
Acquisition

Portability of
Data
Application

Platform

• Platforms, cloud PaaS services and Standard interfaces to these stores — to lower cost of for
marketplaces (including app stores). software provideers and users.

Enables Re-Use of
• Data components across different applications
• Application components across cloud PaaS services and traditional computing platforms
• Platform components across cloud IaaS services and non-cloud infrastructure
(platform source portability)
• Bundles containing applications and data with their supporting platforms
(machine image portability)

Mais conteúdo relacionado

Mais procurados

Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing pptA
 
Cloud Computing? What is it and its future trends?
Cloud Computing? What is it and its future trends?Cloud Computing? What is it and its future trends?
Cloud Computing? What is it and its future trends?ziaurrehman4484
 
Cloud Computing Trends 2019
Cloud Computing Trends 2019Cloud Computing Trends 2019
Cloud Computing Trends 2019Intelebee
 
Cloud computing course and tutorials
Cloud computing course and tutorialsCloud computing course and tutorials
Cloud computing course and tutorialsUdara Sandaruwan
 
Privacy Issues of Cloud Computing in the Federal Sector
Privacy Issues of Cloud Computing in the Federal SectorPrivacy Issues of Cloud Computing in the Federal Sector
Privacy Issues of Cloud Computing in the Federal SectorLew Oleinick
 
Cloud Computing introduction by saransh
Cloud Computing introduction by saranshCloud Computing introduction by saransh
Cloud Computing introduction by saranshSaransh Agarwal
 
Zpryme Report on Cloud and SAS Solutions
Zpryme Report on Cloud and SAS SolutionsZpryme Report on Cloud and SAS Solutions
Zpryme Report on Cloud and SAS SolutionsPaula Smith
 
An insight for Mobile Cloud Computing (MCC)
An insight for Mobile Cloud Computing (MCC)An insight for Mobile Cloud Computing (MCC)
An insight for Mobile Cloud Computing (MCC)Yuvaraj Ilangovan
 
CFO Summit Series - Cloud Computing
CFO Summit Series - Cloud ComputingCFO Summit Series - Cloud Computing
CFO Summit Series - Cloud ComputingTGO Consulting
 
Cloud Application Development – The Future is now
Cloud Application Development – The Future is nowCloud Application Development – The Future is now
Cloud Application Development – The Future is nowSPEC INDIA
 
Cloud Computing Fundamentals
Cloud Computing FundamentalsCloud Computing Fundamentals
Cloud Computing FundamentalsVikas Sahni
 

Mais procurados (20)

Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 
Cloud Computing? What is it and its future trends?
Cloud Computing? What is it and its future trends?Cloud Computing? What is it and its future trends?
Cloud Computing? What is it and its future trends?
 
Brief Cloud Computing
Brief Cloud ComputingBrief Cloud Computing
Brief Cloud Computing
 
Cloud Computing Trends 2019
Cloud Computing Trends 2019Cloud Computing Trends 2019
Cloud Computing Trends 2019
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud computing course and tutorials
Cloud computing course and tutorialsCloud computing course and tutorials
Cloud computing course and tutorials
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
CLOUD COMPUTING ppt
CLOUD COMPUTING pptCLOUD COMPUTING ppt
CLOUD COMPUTING ppt
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Privacy Issues of Cloud Computing in the Federal Sector
Privacy Issues of Cloud Computing in the Federal SectorPrivacy Issues of Cloud Computing in the Federal Sector
Privacy Issues of Cloud Computing in the Federal Sector
 
Cloud computing
Cloud computing Cloud computing
Cloud computing
 
Cloud Computing introduction by saransh
Cloud Computing introduction by saranshCloud Computing introduction by saransh
Cloud Computing introduction by saransh
 
Zpryme Report on Cloud and SAS Solutions
Zpryme Report on Cloud and SAS SolutionsZpryme Report on Cloud and SAS Solutions
Zpryme Report on Cloud and SAS Solutions
 
An insight for Mobile Cloud Computing (MCC)
An insight for Mobile Cloud Computing (MCC)An insight for Mobile Cloud Computing (MCC)
An insight for Mobile Cloud Computing (MCC)
 
CFO Summit Series - Cloud Computing
CFO Summit Series - Cloud ComputingCFO Summit Series - Cloud Computing
CFO Summit Series - Cloud Computing
 
Cloud Application Development – The Future is now
Cloud Application Development – The Future is nowCloud Application Development – The Future is now
Cloud Application Development – The Future is now
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
cloud computing
cloud computingcloud computing
cloud computing
 
Cloud Computing Fundamentals
Cloud Computing FundamentalsCloud Computing Fundamentals
Cloud Computing Fundamentals
 

Destaque

An Introduction To Infarstructures For Cloud Computing V0.2
An Introduction To Infarstructures For Cloud Computing V0.2An Introduction To Infarstructures For Cloud Computing V0.2
An Introduction To Infarstructures For Cloud Computing V0.2Ignacio M. Llorente
 
Future of cloud computing (safaricom cloud)
Future of  cloud computing (safaricom cloud)Future of  cloud computing (safaricom cloud)
Future of cloud computing (safaricom cloud)Ben Wakhungu
 
Unit 1.4 working of cloud computing
Unit 1.4 working of cloud computingUnit 1.4 working of cloud computing
Unit 1.4 working of cloud computingeShikshak
 
2012 Future of Cloud Computing
2012 Future of Cloud Computing 2012 Future of Cloud Computing
2012 Future of Cloud Computing Michael Skok
 
Cloud Computing Integration Introduction
Cloud Computing Integration IntroductionCloud Computing Integration Introduction
Cloud Computing Integration Introductiontoryharis
 
Introduction To Cloud Computing
Introduction To Cloud ComputingIntroduction To Cloud Computing
Introduction To Cloud ComputingLiming Liu
 
2013 Future of Cloud Computing - 3rd Annual Survey Results
2013 Future of Cloud Computing - 3rd Annual Survey Results2013 Future of Cloud Computing - 3rd Annual Survey Results
2013 Future of Cloud Computing - 3rd Annual Survey ResultsMichael Skok
 
2015 Future of Cloud Computing Study
2015 Future of Cloud Computing Study2015 Future of Cloud Computing Study
2015 Future of Cloud Computing StudyNorth Bridge
 
Cloud computing Basics
Cloud computing BasicsCloud computing Basics
Cloud computing BasicsSagar Sane
 
Introduction and Future of Cloud Computing
Introduction and Future of Cloud ComputingIntroduction and Future of Cloud Computing
Introduction and Future of Cloud ComputingExplore Labs
 
Seminar on cloud computing by Prashant Gupta
Seminar on cloud computing by Prashant GuptaSeminar on cloud computing by Prashant Gupta
Seminar on cloud computing by Prashant GuptaPrashant Gupta
 
Cloud computing simple ppt
Cloud computing simple pptCloud computing simple ppt
Cloud computing simple pptAgarwaljay
 

Destaque (12)

An Introduction To Infarstructures For Cloud Computing V0.2
An Introduction To Infarstructures For Cloud Computing V0.2An Introduction To Infarstructures For Cloud Computing V0.2
An Introduction To Infarstructures For Cloud Computing V0.2
 
Future of cloud computing (safaricom cloud)
Future of  cloud computing (safaricom cloud)Future of  cloud computing (safaricom cloud)
Future of cloud computing (safaricom cloud)
 
Unit 1.4 working of cloud computing
Unit 1.4 working of cloud computingUnit 1.4 working of cloud computing
Unit 1.4 working of cloud computing
 
2012 Future of Cloud Computing
2012 Future of Cloud Computing 2012 Future of Cloud Computing
2012 Future of Cloud Computing
 
Cloud Computing Integration Introduction
Cloud Computing Integration IntroductionCloud Computing Integration Introduction
Cloud Computing Integration Introduction
 
Introduction To Cloud Computing
Introduction To Cloud ComputingIntroduction To Cloud Computing
Introduction To Cloud Computing
 
2013 Future of Cloud Computing - 3rd Annual Survey Results
2013 Future of Cloud Computing - 3rd Annual Survey Results2013 Future of Cloud Computing - 3rd Annual Survey Results
2013 Future of Cloud Computing - 3rd Annual Survey Results
 
2015 Future of Cloud Computing Study
2015 Future of Cloud Computing Study2015 Future of Cloud Computing Study
2015 Future of Cloud Computing Study
 
Cloud computing Basics
Cloud computing BasicsCloud computing Basics
Cloud computing Basics
 
Introduction and Future of Cloud Computing
Introduction and Future of Cloud ComputingIntroduction and Future of Cloud Computing
Introduction and Future of Cloud Computing
 
Seminar on cloud computing by Prashant Gupta
Seminar on cloud computing by Prashant GuptaSeminar on cloud computing by Prashant Gupta
Seminar on cloud computing by Prashant Gupta
 
Cloud computing simple ppt
Cloud computing simple pptCloud computing simple ppt
Cloud computing simple ppt
 

Semelhante a Speaker Presention by Irena Bojanova of the University of Maryland University College | December 17, 2013 | Federal Cloud Computing Summit

Cloud computing
Cloud computing Cloud computing
Cloud computing ananyaakk
 
Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Agora Group
 
CLOUD COMPUTING.ppt
CLOUD COMPUTING.pptCLOUD COMPUTING.ppt
CLOUD COMPUTING.pptDss
 
CLOUD COMPUTING INTRODUCTION WITH DIAGRAM.ppt
CLOUD COMPUTING INTRODUCTION WITH DIAGRAM.pptCLOUD COMPUTING INTRODUCTION WITH DIAGRAM.ppt
CLOUD COMPUTING INTRODUCTION WITH DIAGRAM.pptdhanasekarscse
 
Unit iii virtualitation
Unit iii   virtualitationUnit iii   virtualitation
Unit iii virtualitationrajmurugaaa
 
Introduction to Cloud Computing in Computer.ppt
Introduction to Cloud Computing in Computer.pptIntroduction to Cloud Computing in Computer.ppt
Introduction to Cloud Computing in Computer.pptAbolaji2
 
Cloud computing & security basics
Cloud computing & security   basicsCloud computing & security   basics
Cloud computing & security basicsRahul Gurnani
 
cloudintro-lec018.1.ppt
cloudintro-lec018.1.pptcloudintro-lec018.1.ppt
cloudintro-lec018.1.pptgunvinit931
 
14,45,59_IOT_Cloud dhdhdhdhhdhComputing.pptx
14,45,59_IOT_Cloud dhdhdhdhhdhComputing.pptx14,45,59_IOT_Cloud dhdhdhdhhdhComputing.pptx
14,45,59_IOT_Cloud dhdhdhdhhdhComputing.pptxnoreply15203
 
cloudintro-lec01.ppt
cloudintro-lec01.pptcloudintro-lec01.ppt
cloudintro-lec01.pptTomMot10
 
CLOUD COMPUTING V.S.ARJUN
CLOUD COMPUTING V.S.ARJUNCLOUD COMPUTING V.S.ARJUN
CLOUD COMPUTING V.S.ARJUNV S ARJUN
 
file_1689742072_0007818_intoductiontocloud.pptx
file_1689742072_0007818_intoductiontocloud.pptxfile_1689742072_0007818_intoductiontocloud.pptx
file_1689742072_0007818_intoductiontocloud.pptxAnkitMishra290193
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud ComputingUnmesh Ballal
 
Cloud Computing : Revised Presentation
Cloud Computing : Revised PresentationCloud Computing : Revised Presentation
Cloud Computing : Revised PresentationMayank Aggarwal
 
Cloud computing Fundamentals - behind the hood of cloud platforms
Cloud computing Fundamentals - behind the hood of cloud platformsCloud computing Fundamentals - behind the hood of cloud platforms
Cloud computing Fundamentals - behind the hood of cloud platformsHaribabu Nandyal Padmanaban
 
Cloud computing Fundamentals - behind the hood of cloud platforms
Cloud computing Fundamentals - behind the hood of cloud platformsCloud computing Fundamentals - behind the hood of cloud platforms
Cloud computing Fundamentals - behind the hood of cloud platformshnandy
 
Cloud Computing in Business and facts
Cloud Computing in Business and factsCloud Computing in Business and facts
Cloud Computing in Business and factsArun Ganesh
 

Semelhante a Speaker Presention by Irena Bojanova of the University of Maryland University College | December 17, 2013 | Federal Cloud Computing Summit (20)

Cloud computing
Cloud computing Cloud computing
Cloud computing
 
Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012
 
CLOUD COMPUTING.ppt
CLOUD COMPUTING.pptCLOUD COMPUTING.ppt
CLOUD COMPUTING.ppt
 
CLOUD COMPUTING INTRODUCTION WITH DIAGRAM.ppt
CLOUD COMPUTING INTRODUCTION WITH DIAGRAM.pptCLOUD COMPUTING INTRODUCTION WITH DIAGRAM.ppt
CLOUD COMPUTING INTRODUCTION WITH DIAGRAM.ppt
 
Unit iii virtualitation
Unit iii   virtualitationUnit iii   virtualitation
Unit iii virtualitation
 
Introduction to Cloud Computing in Computer.ppt
Introduction to Cloud Computing in Computer.pptIntroduction to Cloud Computing in Computer.ppt
Introduction to Cloud Computing in Computer.ppt
 
Cloud computing & security basics
Cloud computing & security   basicsCloud computing & security   basics
Cloud computing & security basics
 
cloudintro-lec018.1.ppt
cloudintro-lec018.1.pptcloudintro-lec018.1.ppt
cloudintro-lec018.1.ppt
 
12458003.ppt
12458003.ppt12458003.ppt
12458003.ppt
 
14,45,59_IOT_Cloud dhdhdhdhhdhComputing.pptx
14,45,59_IOT_Cloud dhdhdhdhhdhComputing.pptx14,45,59_IOT_Cloud dhdhdhdhhdhComputing.pptx
14,45,59_IOT_Cloud dhdhdhdhhdhComputing.pptx
 
cloudintro-lec01.ppt
cloudintro-lec01.pptcloudintro-lec01.ppt
cloudintro-lec01.ppt
 
cloudintro-lec01.ppt
cloudintro-lec01.pptcloudintro-lec01.ppt
cloudintro-lec01.ppt
 
cloudintro-lec01.ppt
cloudintro-lec01.pptcloudintro-lec01.ppt
cloudintro-lec01.ppt
 
CLOUD COMPUTING V.S.ARJUN
CLOUD COMPUTING V.S.ARJUNCLOUD COMPUTING V.S.ARJUN
CLOUD COMPUTING V.S.ARJUN
 
file_1689742072_0007818_intoductiontocloud.pptx
file_1689742072_0007818_intoductiontocloud.pptxfile_1689742072_0007818_intoductiontocloud.pptx
file_1689742072_0007818_intoductiontocloud.pptx
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud Computing
 
Cloud Computing : Revised Presentation
Cloud Computing : Revised PresentationCloud Computing : Revised Presentation
Cloud Computing : Revised Presentation
 
Cloud computing Fundamentals - behind the hood of cloud platforms
Cloud computing Fundamentals - behind the hood of cloud platformsCloud computing Fundamentals - behind the hood of cloud platforms
Cloud computing Fundamentals - behind the hood of cloud platforms
 
Cloud computing Fundamentals - behind the hood of cloud platforms
Cloud computing Fundamentals - behind the hood of cloud platformsCloud computing Fundamentals - behind the hood of cloud platforms
Cloud computing Fundamentals - behind the hood of cloud platforms
 
Cloud Computing in Business and facts
Cloud Computing in Business and factsCloud Computing in Business and facts
Cloud Computing in Business and facts
 

Mais de Tim Harvey

Visionary Keynote by Bill Schlough of the San Francisco Giants | December 17,...
Visionary Keynote by Bill Schlough of the San Francisco Giants | December 17,...Visionary Keynote by Bill Schlough of the San Francisco Giants | December 17,...
Visionary Keynote by Bill Schlough of the San Francisco Giants | December 17,...Tim Harvey
 
Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...
Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...
Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...Tim Harvey
 
Complete Presentation | Federal Mobile Computing Summit | July 9, 2013
Complete Presentation | Federal Mobile Computing Summit | July 9, 2013Complete Presentation | Federal Mobile Computing Summit | July 9, 2013
Complete Presentation | Federal Mobile Computing Summit | July 9, 2013Tim Harvey
 
Mobile Security Project | Visionary Keynote by Marilyn Rose | Federal Mobile ...
Mobile Security Project | Visionary Keynote by Marilyn Rose | Federal Mobile ...Mobile Security Project | Visionary Keynote by Marilyn Rose | Federal Mobile ...
Mobile Security Project | Visionary Keynote by Marilyn Rose | Federal Mobile ...Tim Harvey
 
CAPI the NASS Way | Pam Hird | Federal Mobile Computing Summit | July 9, 2013
CAPI the NASS Way | Pam Hird | Federal Mobile Computing Summit | July 9, 2013CAPI the NASS Way | Pam Hird | Federal Mobile Computing Summit | July 9, 2013
CAPI the NASS Way | Pam Hird | Federal Mobile Computing Summit | July 9, 2013Tim Harvey
 
Lessons from mHealth | Dr. David Rogers | Federal Mobile Computing Summit | J...
Lessons from mHealth | Dr. David Rogers | Federal Mobile Computing Summit | J...Lessons from mHealth | Dr. David Rogers | Federal Mobile Computing Summit | J...
Lessons from mHealth | Dr. David Rogers | Federal Mobile Computing Summit | J...Tim Harvey
 
Mobile Broadband Performance | Visionary Keynote by Walter Johnston | Federal...
Mobile Broadband Performance | Visionary Keynote by Walter Johnston | Federal...Mobile Broadband Performance | Visionary Keynote by Walter Johnston | Federal...
Mobile Broadband Performance | Visionary Keynote by Walter Johnston | Federal...Tim Harvey
 
Mobility in the Federal Government -- What's Next? | Kevin Cox, Mark Norton &...
Mobility in the Federal Government -- What's Next? | Kevin Cox, Mark Norton &...Mobility in the Federal Government -- What's Next? | Kevin Cox, Mark Norton &...
Mobility in the Federal Government -- What's Next? | Kevin Cox, Mark Norton &...Tim Harvey
 
May 2013 Federal Cloud Computing Summit Presentation
May 2013 Federal Cloud Computing Summit PresentationMay 2013 Federal Cloud Computing Summit Presentation
May 2013 Federal Cloud Computing Summit PresentationTim Harvey
 
May 2013 Federal Cloud Computing Summit Welcome by Dr. David McClure
May 2013 Federal Cloud Computing Summit Welcome by Dr. David McClureMay 2013 Federal Cloud Computing Summit Welcome by Dr. David McClure
May 2013 Federal Cloud Computing Summit Welcome by Dr. David McClureTim Harvey
 
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David CearlyMay 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David CearlyTim Harvey
 

Mais de Tim Harvey (11)

Visionary Keynote by Bill Schlough of the San Francisco Giants | December 17,...
Visionary Keynote by Bill Schlough of the San Francisco Giants | December 17,...Visionary Keynote by Bill Schlough of the San Francisco Giants | December 17,...
Visionary Keynote by Bill Schlough of the San Francisco Giants | December 17,...
 
Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...
Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...
Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...
 
Complete Presentation | Federal Mobile Computing Summit | July 9, 2013
Complete Presentation | Federal Mobile Computing Summit | July 9, 2013Complete Presentation | Federal Mobile Computing Summit | July 9, 2013
Complete Presentation | Federal Mobile Computing Summit | July 9, 2013
 
Mobile Security Project | Visionary Keynote by Marilyn Rose | Federal Mobile ...
Mobile Security Project | Visionary Keynote by Marilyn Rose | Federal Mobile ...Mobile Security Project | Visionary Keynote by Marilyn Rose | Federal Mobile ...
Mobile Security Project | Visionary Keynote by Marilyn Rose | Federal Mobile ...
 
CAPI the NASS Way | Pam Hird | Federal Mobile Computing Summit | July 9, 2013
CAPI the NASS Way | Pam Hird | Federal Mobile Computing Summit | July 9, 2013CAPI the NASS Way | Pam Hird | Federal Mobile Computing Summit | July 9, 2013
CAPI the NASS Way | Pam Hird | Federal Mobile Computing Summit | July 9, 2013
 
Lessons from mHealth | Dr. David Rogers | Federal Mobile Computing Summit | J...
Lessons from mHealth | Dr. David Rogers | Federal Mobile Computing Summit | J...Lessons from mHealth | Dr. David Rogers | Federal Mobile Computing Summit | J...
Lessons from mHealth | Dr. David Rogers | Federal Mobile Computing Summit | J...
 
Mobile Broadband Performance | Visionary Keynote by Walter Johnston | Federal...
Mobile Broadband Performance | Visionary Keynote by Walter Johnston | Federal...Mobile Broadband Performance | Visionary Keynote by Walter Johnston | Federal...
Mobile Broadband Performance | Visionary Keynote by Walter Johnston | Federal...
 
Mobility in the Federal Government -- What's Next? | Kevin Cox, Mark Norton &...
Mobility in the Federal Government -- What's Next? | Kevin Cox, Mark Norton &...Mobility in the Federal Government -- What's Next? | Kevin Cox, Mark Norton &...
Mobility in the Federal Government -- What's Next? | Kevin Cox, Mark Norton &...
 
May 2013 Federal Cloud Computing Summit Presentation
May 2013 Federal Cloud Computing Summit PresentationMay 2013 Federal Cloud Computing Summit Presentation
May 2013 Federal Cloud Computing Summit Presentation
 
May 2013 Federal Cloud Computing Summit Welcome by Dr. David McClure
May 2013 Federal Cloud Computing Summit Welcome by Dr. David McClureMay 2013 Federal Cloud Computing Summit Welcome by Dr. David McClure
May 2013 Federal Cloud Computing Summit Welcome by Dr. David McClure
 
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David CearlyMay 2013 Federal Cloud Computing Summit Keynote by David Cearly
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
 

Último

Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 

Último (20)

Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 

Speaker Presention by Irena Bojanova of the University of Maryland University College | December 17, 2013 | Federal Cloud Computing Summit

  • 1. Future of Cloud Computing Irena Bojanova, Ph.D. UMUC, NIST
  • 2. No Longer On The Horizon Essential Characteristics • Pay/charge-per-use access to applications, software development & deployment environments, and computing infrastructure. • Optimized, efficient computing through enhanced collaboration, agility, scalability, and availability. • On-demand Self-Service • Broad Network Access • Resource Pooling • Rapid Elasticity • Measured Service Service models (SPI) Natural evolution of the Web: • Software as a Service (SaaS) • Platform as a Service (PaaS) • Infrastructure as a Service (IaaS) Web Sites Applications Deployment models • • • • Private Community Public Hybrid  Next logical step for IT industry  Strategic weapon in enterprise computing  Norm in every sector of society. SaaS Developer Platforms PaaS Compute and Store IaaS Governments, organizations, and individuals adopt cloud computing  to manage information instead of infrastructure.
  • 3. Now Focus On • Initial Risks Evaluation – using CSA’s framework • • • • Importance of data and applications/functions/processes to be moved to Cloud Risk tolerance of organization Acceptable deployment and service models combinations Potential exposure points for sensitive information and operations. • Multi-Tenancy – the True Cloud solution • • •    Data and applications of different consumers share platforms, storage, and networks Tightly related to resource pooling  Economies of scale, passed to costumers Use of newest technology and the latest software versions Logical separation is a suitable substitute for physical separation. Main risks come from not knowing the architecture One of top 6 questions to ask: Is it hosted or a true Cloud solution? • Cloud-Based Integration – iPaaS • Silos –- applications and data cannot interact with on-premise systems. • iPaaS –- development, execution and governance of integration flows • Connecting on-premise and cloud-based processes, services, applications, and data • Within individual or across multiple organizations.
  • 4. Now Focus On (Cont.) • Cloud Portability, Interoperability, and Federation • • • • •   Applications and data are easily moved between platforms and providers Scaling one service across disparate providers , while appearing and operating as one system Interoperability is closely related to rapid elasticity and multi-tenancy Connecting clouds through network gateways  hybrid Cloud environment Interconnecting services of providers from disparate networks Providers wholesale or rent resources to balance workloads and handle spikes in demand Standard, pre-negotiated set of contracts.; Federation agreements. Benefits for Consumers  Choose best provider by flexibility, cost, and availability of services  Use most appropriate infrastructure environment  Distribute workloads around globe ;move data between disparate networks. Benefits for Providers  Earn revenue from idle or underutilized resources  Expand geographic footprints without building new points of presence.  Considerable effort: IEEE CS P2302 – Standard for Intercloud Interoperability and Federation.
  • 5. New Trends Nexus of Forces –evolving through convergence and mutual reinforcement of:  Social  Mobile  Cloud  Big Data • Social media and mobile apps provide platform for effective social and business interactions. • Cloud offers convenient and cost effective computational and information delivery infrastructure. • New digital economy is being built upon this Nexus in combination with the Internet of Things, unlocking an incredible opportunity to connect everything together. The gap between ideas and actions is being rapidly reduced through: Near-global connectivity Pervasive mobility Industrial-strength compute services Access to vast amounts of information Without Cloud • • • Social interactions – no place to happen at scale Mobile – no connection to data and functions Information – stuck inside internal systems.
  • 6. New Trends (Cont.) • Personal Clouds (PC’s) • • • • PC idea reborn -- control on data, apps, terms of service Personal devices  Personal services; self-hosted, provider-hosted, or hybrid Interoperable and addressable through XDI p2p marketplace – Find and engage with anyone with PC’ – trust, reputation. • Hybrid Clouds Evolution • From integration of internal private clouds & public services  Towards bringing together personal clouds & external private services • Will have to be design with interoperability and federation in mind. • Private Clouds Evolution • Will have to be designed with hybrid future in mind to be able to handle future aggregation, integration, interoperability, and customization of services • Organizations implementing such clouds will have to: • Handle overdrafting and cloudbursting • Take role of cloud service brokers.
  • 7. New Trends (Cont.) From • Cloud ~ provides ubiquitous, on-demand, elastic, selfconfigurable, cost effective computing. and • Mobile ~ convenient gadgets, with regional wireless communication and limited data services and computing and power resources. Flyables Drivables To • Cloud-Based Mobile Augmentation (CMA) ~ employs Cloud to increase, enhance, and optimize computing capabilities of mobile devices. and • Cloud Mobility ~ low-end mobile devices access cloud computing resources and globally connected mobile enabled resources. Wearables Scannables
  • 9. Evaluating Initial Cloud Risks Steps in Evaluating Risk Details 1. Identify asset for cloud deployment • Determine exactly what data or applications/ function/ process is being considered for the Cloud. Potential uses of asset to account for: • Scope creep — data and transaction volumes often become higher than expected. 2. Evaluate asset Ask what would be the harm if: • Determine how sensitive that data is and how important that application/ • Asset became widely public and widely distributed function/ process is to organization. Assess confidentiality, integrity, and • Asset were accessed by employee of Cloud provider availability; and how risk changes if all/ part of that asset is in the Cloud • Process/function were manipulated by outsider — similar to project outsourcing assessment, just with wider range of • Process/function failed to provide expected results deployment options. • Data were unexpectedly changed • Asset were unavailable for a period of time 3. Map asset to cloud deployment models Which model is acceptable for identified asset: • Determine if any risks implicit to different deployment models (private, • Public; Private, internal/ on premises public, community, hybrid) and hosting scenarios (internal, external, • Private, external — look at dedicated or shared infrastructure combined) are acceptable. • Community — look at hosting location, service provider, • At this point there should be a good idea of the comfort level for community members transitioning to the Cloud, and which deployment models and locations fit • Hybrid — look at least at rough architecture of where desired security and risk requirements. components, functions, and data will reside 4. Evaluate cloud service models and providers • Focus on degree of control organization will have at each SPI tier to implement any required risk management (risk mitigation). • For a specific offering, switch to a fuller risk assessment. Consider: • SaaS • PaaS • IaaS 5. Map out data flow Consider: • For specific provider offering, map out data flow between organization, • Private cloud service, any customers/ other nodes. Understand whether and how • Public data can move in and out of the Cloud. • Community • For any offering, sketch out rough data flow for any deployment option • Hybrid on your acceptable list, to help you identify risk exposure points when making final decisions. Consider: • Providers' offerings Consider: • Providers' offerings
  • 10. Multi-Tenancy Examples of Shared Resources by Service Model Service Model Shared Resources Shared By SaaS Same application or database Different consumers Paas Same operating system, and supporting data and networking services Different processes Iaas Same hardware via a hypervisor Different VMs General Methods for Achieving Multi-Tenancy Multi-Tenancy Via Database Virtualization Physical separation Description Database and configuration, with isolation provided at the application layer. VM technology, providing hardware emulation layer over the real hardware. Multiple copies of server OSs are run within one physical machine, while sharing physical hardware (network cards and disk storage) between virtual OS instances. Resources are provided to tenants individually — each tenant uses only dedicated hardware. Cost Least costly. Might reduce services costs and expenses, but is more costly compared to multi-tenancy via databases. Most costly.
  • 11. Security Risks • • PaaS builds upon IaaS, SaaS in turn builds upon PaaS  security issues and risks are inherited just as capabilities are. Lower down the stack, provider stops bearing responsibility, and consumer becomes responsible for more security capabilities and management. Service Model SaaS PaaS IaaS Integrated Features Extensibility Security • Most integrated • Least functionality built consumer directly into the extensibility offering • Customer ready • More futures extensible than SaaS • Relatively high level of integrated security - provider responsible • Negotiated into contracts for service (service levels, privacy, compliance) • Less complete built-in capabilities • Securing the platform -- provider responsible • More flexibility to layer on additional security • Applications developed on platform and developing them securely -- consumer responsibility • Protecting underlying infrastructure and abstraction layers -- provider responsible • Less integrated security capabilities and functionality beyond that • Reminder of stack -- OSs, applications, content -managed/ secured by consumer • Few if any application-like futures • Enormous extensibility
  • 12. Multi-Tenancy Risks (1) Deployment Model Multi-tenancy Risks and Mitigation Implications: Workloads of different consumers may reside: • Concurrently on same computer system and local network, • Separated only by access policies implemented by provider's software. Consumers security could be compromised by flaw in: General • Implementation or • Provider’s management and operational policies and procedures. Multi-tenancy risks: • Reliability – failure may occur • Security – attack may be perpetrated by consumer Implications: • General risks apply, as there could be authorized but malicious insiders • Different organizational functions (payroll, sensitive PII storage, IP generation) can become accessible to not authorized users and classes of data disclosed. On-site Risks mitigation: • Logical segregation techniques at network layer, such as VPN Routing and Forwarding (VRF) Private • Clients are restricted to organization members or authorized guests/ partners. Implications: • On-site private cloud risks apply. Risks mitigation: Outsourced • FISMA and OMB policy require external cloud providers to handle federal information or operating information systems on behalf of the federal government meet same security requirements as federal agencies.
  • 13. Multi-Tenancy Risks (2) Deployment Model Multi-tenancy Risks and Mitigation Implications: • On-site private cloud risks apply, but more organizations are encompassed. On-site Risks mitigation: • Restricted number of possible attackers, but more than with private onCommunity side cloud. Implications: • On-site community cloud risks apply. Outsourced Risks mitigation: • Restricted number of possible attackers, but more than with private cloud. Implications: • Workloads of any combination of consumers may be sharing a single machine • Workload may be co-resident with workloads of competitors or adversaries. Risks: Public • Large collection of potential attackers, as public clouds aim scaling in consumers and resources to achieve low costs and elasticity. Risks mitigation: • Limited kinds of data for computations in the cloud • Data encryption (but then data needs to be unencrypted to be processed) • Physical separation – rent entire computer systems rather than VMs (mono-tenancy), VPNs, segmented networks, or advanced access controls.
  • 14. Interoperability (1) Interoperability, Portability, and Cloud Service Models Service Model Interoperability and Portability IaaS • Interoperability and portability of customer workloads are more achievable in IaaS service • IaaS building blocks are relatively well-defined, e.g., network protocols, CPU instruction sets, and legacy device interfaces PaaS • Application written to use specific services from a vendor's PaaS will require changes to use similar services from another vendor's PaaS • Efforts on development of open and proprietary standard API's to enable cloud management, security, and interoperability: Open Cloud Computing Interface Working Group (OCCI), Amazon EC@API, ... • Common container formats: DMTF'S Open Virtualization Format (OVF). • Application written to those standards is far more likely to be interoperable and portable. SaaS • Portability of workloads requires a level of compatibility and interoperability between SaaS applications.
  • 15. Interoperability (2) Interoperability of Between Application Need of Application components deployed as: Dynamic discovery and composition: • SaaS • Discover instances of application components • Applications using PaaS • Combine them with others at run time. • Applications on platforms using Note: Application component may be a complete IaaS monolithic application or part of a distributed application. Platform Platform components deployed as: • PaaS • Platforms on IaaS Standard protocols for service discovery and information exchange — indirectly these enable interoperability of applications on these platforms. Management • Cloud services (SaaS, PaaS, Iaas) and programs for implementation of on-demand self-service. Standard interfaces for cloud services — to create generic system management products for both cloud services and in-house systems. Publication and Acquisition Portability of Data Application Platform • Platforms, cloud PaaS services and Standard interfaces to these stores — to lower cost of for marketplaces (including app stores). software provideers and users. Enables Re-Use of • Data components across different applications • Application components across cloud PaaS services and traditional computing platforms • Platform components across cloud IaaS services and non-cloud infrastructure (platform source portability) • Bundles containing applications and data with their supporting platforms (machine image portability)

Notas do Editor

  1. CSA’s provides a simple frameworkto help organizations evaluate initial cloud risks and inform security decisions. This a quick method helps understand: Importance of what is considered to be moved to the Cloud; Organization's risk tolerance; Which combinations of deployment and service models are acceptable. It also helps get a good idea of potential exposure points for sensitive information and operations.
  2. Multi-Tenancy implies use of same resources by multiple consumers from same or different organizations, as cloud services leverage shared infrastructure, data, metadata, services, and applications. Data and applications of one consumer may reside with data and applications of other consumers. The impact is visibility/access to confidential residual data or trace of operations by other tenants through the shared platforms, storage, and networks.
  3. A concise version of the discussed by NIST multi-tenancy risks is provided.
  4. A concise version of the discussed by NIST multi-tenancy risks is provided.
  5. Cloud Computing Use Case Group started collaborative work to describe and define cases and demonstrate the benefits of cloud, with the goal to highlight the capabilities and requirements that need to be standardized in cloud environments to ensure interoperability, ease of integration, and portability. The following table presents concise definitions, based on their and the testing standards group work.CSA -- Table.
  6. Concise presentation on cloud portability and interoperability categories listed by The Open Group.