The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New Strategies We Must Consider
1. 11/6/2013
The Future Paradigm Shifts of the Cloud and
Big Data: Security Impacts & New Strategies
We Must Consider
We are living in an age where the velocity of information growth
has reached new speeds, the volume of information that we keep
and use is exploding, and the increasing variety of information
sources is creating a new demand to expand our definition of
security. No longer is it just security in our enterprise, but across
an expanded infrastructure and an ever-expanding collection of
devices. This talk will explore this changing universe, the
emerging paradigms, the impacts on security and suggestions
on how to manage the risk.
Key Takeaways
•A future view of where Cloud Computing and Bid Data are
headed
•How these futures and new paradigm will impact security
•What we need to do to meet the new needs
The Future Paradigm
Shifts of the Cloud
and Big Data:
Security Impacts &
New Strategies We
Must Consider
David Smith
President
dsmith@socialcare.com
linkedin.com/in/davidsmithaustin
1
2. 11/6/2013
Cyberspace will become orders of
magnitude more complex and confused very
quickly
Overall this is a very positive development
and will enrich human society
It will be messy but need not be chaotic!
Cyber security research and practice are
loosing ground
VOLUME / VELOCITY / VARIETY Change
everything
The Internet of Things will Change it all
3
Origin of the term “Cloud Computing”
• “Comes from the early days of the Internet
where we drew the network as a cloud… we
didn’t care where the messages went… the
cloud hid it from us” – Kevin Marks, Google
• First cloud around networking (TCP/IP
abstraction)
• Second cloud around documents (WWW data
abstraction)
• The emerging cloud abstracts infrastructure
complexities of servers, applications, data, and
heterogeneous platforms
– (“muck” as Amazon’s CEO Jeff Bezos calls it)
2
5. 11/6/2013
Users Wait Too Long For New
Servers
Requester
Submit
Request
Requester
Acquire
HW &
SW
Install &
Config.
HW
Install &
Config
SW
Deploy
Server
Three to six months to provision a new server!
Howard Levenson, IBM
From http://geekandpoke.typepad.com
5
6. 11/6/2013
Cloud Computing Delivery Models
Flexible Delivery Models
Public …
Private …
•Access by Service provider
owned and managed.
•subscription.
•Delivers select set of
standardized business process,
application and/or
infrastructure services on a
flexible price per use basis.
.…Standardization, capital
preservation, flexibility and
time to deploy
ORGANIZATION
•Privately owned and
managed.
•Access limited to client
and its partner network.
•Drives efficiency,
standardization and best
practices while retaining
greater customization and
control
Cloud Services
Cloud Computing
Model
Hybrid …
•Access to client, partner
network, and third party
resources
CULTURE
.… Customization, efficiency,
availability, resiliency, security
and privacy
GOVERNANCE
...service sourcing and service value
Growth of Data
6
7. 11/6/2013
Virtualization for Client Computing
Hosted Virtual Desktops
Architectural equivalent of
the blade PC
Full "thick-client" image,
thin-client delivery model
Application
Application
Application
PC OS
PC OS
PC OS
VMM
Server Hardware
Portable Personalities
• Carry the bubble, not the
hardware
• Portable media, stored on
the network
• Bubbles of various sizes:
some with OS, some without
.
Source: Matthew Gardiner, Computer Associates
7
8. 11/6/2013
Big Data Numbers
How many data in the world?
– 800 Terabytes, 2000
– 160 Exabytes, 2006
– 500 Exabytes(Internet), 2009
– 2.7 Zettabytes, 2012
– 35 Zettabytes by 2020
How many data generated ONE day?
– 7 TB, Twitter
Big data: The next frontier for innovation, competition, and productivity
McKinsey Global Institute 2011
– 10 TB, Facebook
Tapping into the Data
•
•
•
•
Data Storage
Reporting
Analytics
Advanced Analytics
– Computing with big
datasets is a
fundamentally different
challenge than doing “big
compute” over a small
dataset
Utilized data
Unutilized data
that can be
available to
business
8
9. 11/6/2013
Business, Knowledge, and Innovation
Landscape
• Typically 80% of the key knowledge (and value) is held
by 20% of the people – we need to get it to the right
people
• Only 20% of the knowledge in an organization is
typically used (the rest being undiscovered or underutilized)
• 80-90% of the products and services today will be
obsolete in 10 years – companies need to innovate &
invent faster
Copyright 2012@ HBMG Inc.
Computer generated data
Application server logs (web sites, games)
Sensor data (weather, water, smart grids)
Images/videos (traffic, security cameras)
Human generated data
Twitter “Firehose” (50 mil tweets/day 1,400% growth
per year)
Blogs/Reviews/Emails/Pictures
Social graphs
Facebook, linked-in, contacts
Device generated data
– …………..
9
10. 11/6/2013
“Big Data” and it’s close
relatives “Cloud Computing”,
“Social Media” and "Mobile"
are the new frontier of
innovation.
Driven by Advance
Analytics
Big Data and It’s Brothers
Volume
Variety
Velocity
………..
10
11. 11/6/2013
Volume
Volume is increasing at incredible
rates. With more people using
high speed internet connections
than ever, plus these people
becoming more proficient at
creating content and just more
people in general contributing
information are combined forces
that are causing this tremendous
increase in Volume.
Variety
Next in breaking down Big Data into easily
digestible bite-size chunks is the concept of
Variety. Take your personal experience and
think about how much information you create
and contribute in your daily routine. Your
voicemails, your e-mails, your file shares, your
TV viewing habits, your Facebook updates,
your LinkedIn activity, your credit card
transactions, etc.
Whether you consciously think about it or not the
Variety of information you personally create on
a daily basis which is being collected and
analyzed is simply overwhelming.
11
12. 11/6/2013
Velocity
The speed at which data enters organizations these
days is absolutely amazing. With mega internet
bandwidth nearly being common place anymore in
conjunction with the proliferation of mobile devices,
this simply gives people more opportunity than ever
to contribute content to storage systems.
VELOCITY
Worldwide digital content
will double in 18 months,
and every 18 months
thereafter.
IDC
Mobile
Inventory
Emails
Planning
GPS
CRM Data
Demand
The Economist
Speed
Opportunities
Things
Service Calls
In 2005, humankind
created 150 exabytes
of information. In
2011, over 1,200
exabytes was created.
Velocity
Customer
Transactions
Sales Orders
Instant Messages
Tweets
VOLUME
VARIETY
80% of enterprise data
will be unstructured,
spanning traditional and
non traditional sources.
Gartner
12
13. 11/6/2013
But I Believe there are Four V4
Clouds and Crowds
Interactive Cloud
Analytic Cloud
People Cloud
Transactional
systems
Data entry
… + Sensors
(physical & software)
… + Web 2.0
Get and Put
Map Reduce
Parallel DBMS
Stream Processing
… + Collaborative
Structures (e.g.,
Mechanical Turk,
Intelligence
Markets)
Data Model
Records
Numbers, Media
… + Text, Media,
Natural Language
Response
Time
Seconds
Hours/Days
… +Continuous
Data
Acquisition
Computation
The Future Cloud will be a Hybrid of These.
.
13
14. 11/6/2013
As the world gets smarter,
infrastructure demands will grow
Smart
traffic
systems
Smart
Smart oil
food
field
technologies systems
Smart water
management
Smart
supply
chains
Smart
healthcare
Smart retail
Smart
weather
Smart
countries
Smart
energy
grids
Smart
regions
Smart
cities
.
14
15. 11/6/2013
The Threat Landscape Has
Evolved…
CYBERCRIMINALS
FINANCIALLY
MOTIVATED
Ransom
& fraud
DDOS
Defacement
ATA/APT
GRADE
BAD
DATA
STUFF IN
THEFT
GOOD STUFF
MALWARE
OUT
HACKTIVISTS
POLITICALLY
MOTIVATED
NATIONALISTICALLY
MOTIVATED
Public data
leakage
STATESPONSORED
ATTACKERS
Gov’t, enterprise &
infrastructure
targets
29
The Malware Problem –
Overwhelming Odds
1/3
85%
of malware is customized
(no signature available at
time of exploit)
of breaches took weeks
or more to discover (+6%)
of organizations believe
exploits bypassing their
IDS and AV systems
(VzB, 2012)
(VzB, 2012)
(Ponemon)
91%
30
15
16. 11/6/2013
Why is Security Hard?
No system can be 100% secure
– Reality is risk mitigation, not risk avoidance
Difficult to prove good security
– Bad security gets proven for us!
Good security and no security can look the same
– How does one know how secure they are?
Many things to secure
– People, equipment, OS, network, Application Servers,
applications, phones, and databases
Balancing the Business
Usability
Add Devices and Thing to Things
and it gets very BAD
x
Security
Performance
16
17. 11/6/2013
Mobile Devices
Mobile computers:
– Mainly smartphones,
tablets
– Sensors: GPS, camera,
accelerometer, etc.
– Computation: powerful
CPUs (≥ 1 GHz, multicore)
– Communication:
cellular/4G, Wi-Fi, near
field communication
(NFC), etc.
Many connect to cellular
networks: billing
system
Cisco: 7 billion mobile
devices will have been
sold by 2012
Organization
Data Mining as a Threat to
Security
Data mining gives us “facts” that are not obvious to human
analysts of the data
Enables inspection and analysis of huge amounts of data
Possible threats:
– Predict information about classified work from correlation with
unclassified work (e.g. budgets, staffing)
– Detect “hidden” information based on “conspicuous” lack of
information
– Mining “Open Source” data to determine predictive events (e.g.,
Pizza deliveries to the Pentagon)
It isn’t the data we want to protect, but correlations among
data items
Published in Chris Clifton and Don Marks, “Security and Privacy Implications of Data Mining”,
Proceedings of the ACM SIGMOD Workshop on Research Issues in Data Mining and
Knowledge Discovery
17
18. 11/6/2013
Challenges in the 21st century
Safety &
Security
Information
Explosion
Knowledge
Economy
Globalization
Accelerating
Change
International
Partnerships
Complex
Technologies
Finite
Resources
Diverse
Workforce
Life-Long
Learning
Citizen
Engagement
Sustainable
Development
Mega Trends to Consider…
•
Digitization of all content (listening = getting!)
•
Distribution is the default (just having a network
won’t be enough)
•
Virtualization (location matters less and less)
•
Niche-ization of content & lifestyles
•
Mass-Personalization of media will become
standard
•
Democratization of creation, & peer production
•
Amateurization of the entire value chain (but
NOT to the detriment of experts)
•
“Godzilla-zation” of users/consumers
18
19. 11/6/2013
Growth at the Edge of the Network
4,000
Petabytes/Day Global
3,500
• Mobile
• Device to Device
• Sensors
• Entertainment
• Smart Home
• Distributed Industrial
• Autos/Trucks
• Smart Toys
3,000
2,500
2,000
1,500
Converged
Content
1,000
500
Traditional
Computation
0
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
Year
19
20. 11/6/2013
Internet of Things
• a system . . . that would be able to
instantaneously identify any kind of object.
• network of objects . .
• one major next step in this development of the
Internet, which is is to progressively evolve
from a network of interconnected computers to
a network of interconnected objects …
• from communicating people (Internet)
... to communicating items …
• from human triggered communication …
•
... to event triggered communication
20
21. 11/6/2013
Tomorrow’s ubiquitous world of
tags, sensors and smart systems
Sensor Data Volume
How do we handle all this data?
“Rebalancing Collection & PED may be Necessary”
21
23. 11/6/2013
.
Embeddedness
The Invisible Computer
EmbeddednessDigital convergence
technologies will “form the invisible technical
infrastructure for human actionanalogous to the
visible infrastructure provided by buildings and
cities.”
Embeddedness is driven by cost-effective computing,
Moore’s Law, miniaturization, ubiquitous
communication, and advanced materials and sensing
devices.
In 2000, 98% of computing devices sold are embedded
in products and are not apparent to the product’s
user.
23
24. 11/6/2013
Emerging Technology Sequence
Emerging
Technology
Vectors
Cellular
Array
Defect
Tolerant
Biologically
Inspired
1-D
Structures
Resonant
Tunneling
Floating
Body DRAM
Nano
FG
UTB Single
Gate FET
Source/Drain
Engineered FET
SET
Quantum
Computing
Molecular
Insulator
SET Resistance
Change
QCA
Molecular
UTB Multiple
Gate FET
Biological
Based
Architecture
Spin
Transistor
Logic
Quantum
Quasi
Ballistic FET
DNA Memory
Hybrid Non-Classical
CMOS
Risk
Source: Technology Futures, Inc.
Risk Management And Needed
Security
Unacceptable Risk
Impact to business
Business defines impact
High
Low
Risk management
drives risk to an
acceptable level
Acceptable Risk
Probability of exploit
High
Security engineering defines probability
24
25. 11/6/2013
Cyber Security is all about tradeoffs
Productivity
Security
Let’s build it
Cash out the benefits
Next generation can secure it
Let’s not build it
Let’s bake in super-security to
make it unusable/unaffordable
Let’s sell unproven solutions
There is a middle ground
We don’t know how to predictably find it
49
Exposures
1. Increased Dependency on Complex Technologies
and Business Processes
2. Steep Decline of Barriers to Trade
3. Speed of Transactions
4. The Death of Distance
5. The Adoption of Advanced Communications
6. Consolidation/Transformation of Traditional
Industries
7. The Internet and the Abundance of Information
8. Infrastructure
9. Overcommitted Agencies
10. Changing Social Constructs
11. The Device to Device Computing Growth
25
26. 11/6/2013
Top 5 Most Appreciated Technologies
Microwave Oven
Universal Remote Control
Garage Door Opener
Telephone Answering Machine (For Home)
Ear Thermometer
77.3%
66.6%
64.6%
61.7%
59.5%
26
27. 11/6/2013
Big Data
“85% of eBay’s analytic workload is new and
unknown. We are architected for the
unknown.”
Oliver Ratzesberger, eBay
Data exploration – data as the new oil
The exploration for data, rather than the exploration of data
Uncovering pockets of untapped data
Processing the whole data set, without sampling
eBay’s Singularity platform combines transactional data
with behavioral data, enabled identification of top sellers,
driving increased revenue from those sellers
53
27
28. 11/6/2013
Cyberspace will become orders of
magnitude more complex and confused very
quickly
Overall this is a very positive development
and will enrich human society
It will be messy but need not be chaotic!
Cyber security research and practice are
loosing ground
VOLUME / VELOCITY / VARIETY Change
everything
The Internet of Things will Change it all
55
In Parting: Be Paranoid
“Sooner or later, something
fundamental in your business
world will change.”
Andrew S. Grove, Founder, Intel
“Only the Paranoid Survive”
28