Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
IT Series: Cloud Computing Done Right @One 2011
1. Donald Hester
March 22, 2011
For audio call Toll Free 1-888-886-3951
and use PIN/code 202789
IT Series:
Cloud Computing Done Right
2. • Maximize your CCC Confer window.
• Phone audio will be in presenter-only mode.
• Ask questions and make comments using the chat window.
Housekeeping
3. Adjusting Audio
1) If you’re listening on your computer, adjust your volume using
the speaker slider.
2) If you’re listening over the phone, click on phone headset.
Do not listen on both computer and phone.
4. Saving Files & Open/close Captions
1. Save chat window with floppy disc icon
2. Open/close captioning window with CC icon
8. Cloud Computing?
The “Cloud”
• Buzz word
• Overused cliché
• Ill defined
• Many different definitions
• Marketing term
• All hype
• The “unknown path”
• Service provider
8
Nebulous
9. What is it?
9
“..[a] model for enabling convenient, on-demand
network access to a shared pool of configurable
computing resources (e.g. networks, servers,
storage, applications, services) that can be
provisioned and released with minimal
management effort or service provider
interactions.”
NIST & Cloud Security Alliance
A utility model of technology delivery.
10. Cloud Flavors
10
• Private Cloud
• Operated solely for one organization
• In-sourcing
• Community Cloud
• Operated for a group of similar organizations
• Public Cloud
• Outsourced
• Multi-tenant
• Hybrid Cloud
• Combination of the above
13. Potential Spending on Cloud Computing
13
Based on agency estimates as reported to the Office of Management and Budget (OMB)
Federal Cloud Computing Strategy
14. Federal Cloud Computing Strategy
14
“Cloud First policy. This policy is intended to
accelerate the pace at which the government will
realize the value of cloud computing by requiring
agencies to evaluate safe, secure cloud computing
options before making any new investments.”
“…to be more efficient, agile, and innovative through
more effective use of IT investments…”
Federal Cloud Computing Strategy, February 2011
15. Benefits of Cloud Computing
15
• Save time and money on provisioning new
services
• Less time spent on deployment
• Move capital investment to operational
expenses
• Instant test bed
• Enables IT systems to be scalable and
elastic
• Provision computing resources as required,
on-demand
• No need to own data center infrastructure
(for public cloud service)
16. Benefits of Cloud Computing
16
• Energy saving (green)
• Increased utilization, less idle time
• Cost based on usage
• More effective use of capital resources ($)
• Better service
• Allows IT staff to focus on core
competencies
• Repurpose IT staff for more customer
service
• Outsource to esoteric experts
• 24/7 service and support
• Economies of scale
18. Cost Benefit Analysis
18
Traditional Costs
Hardware (initial)
Software (initial)
Hardware repair/upgrades
Software upgrades
Staff costs
Energy costs
Training
Traditional Limits
Maximum load
Maximum up-time
Maximum users
MTTR
Dependencies
Cloud Costs
Cost per user
Cost by bandwidth/storage
Cost increase over time
Cost of additional services
Legal consultation costs
Staff costs
Training
Cloud limitations
Users
Bandwidth
Storage
Service Support
Dependencies
19. Cost Benefit Analysis Example
19
Traditional Costs
TCO $21,000
Cloud Costs
TCO $22,850
0
2000
4000
6000
8000
10000
12000
14000
1 2 3 4 5 6 7 8 9 10
Year
Traditional
Cloud
20. Cost Benefit Analysis Example
20
TCO over 10 years:
MS Office Retail
$1,220
MS Office Academic
$346
MS Office 360
$295
0
50
100
150
200
250
300
350
1 2 3 4 5 6 7 8 9 10
Retail
Academic
Cloud
21. Cloud Risks
21
Where’s My Data?
The Bad Divorce
Trust but Verify
“I thought you knew”
I didn’t think of that
Clarify
Consider
Expectations, Put it in Writing
22. Where’s My Data?
22
• In the information age your key asset is information.
• Some information requires protection
• (Credit Card Data, Student Records, SSN, etc…)
• Your information could be anywhere in the world
• You may loss access to your data
• ISP failure
• Service provider failure
• Failure to pay (service provider stops access)
23. The Bad Divorce
23
“Vendor Lock”
• All relationships come to an end
• Let you down, had a breach, SLA performance etc…
• The company fails/gets sold
• Introductory pricing or it goes up over time
• Transition to new vendor or in-source
• How will you get your data back?
• Get a prenup – get it in the contract up front
24. Trust but Verify
24
Assurance
• How do you know they are protecting your data?
• Not everyone is treated the same by service providers
• Disclosure concerning security posture
• 3rd party independent verification (audit/assessment)
• SAS 70 / SSAE 16
• SysTrust / WebTrust
• ISO 27001 Certification
• Audit / Assessment
25. “I thought you knew”
25
Breach Notification
• When do you want to know about a data breach?
• (Data that you are legal obligated to protect)
• Typical contracts give wide latitude for service providers
• Actual verses possible breach
• Timeliness of notification
26. I didn’t think of that
26
Dependencies
• Infrastructure – Internet
• Authentication management (SSO)
• Operational budget
• Greater dependency on 3rd parties
Other considerations
• Complex legal issues
• Multi-tenancy
• Transborder data flow
27. Clarify
27
• What do they mean by “Cloud”
• Establish clear responsibilities and accountability
• Your expectations
• Cost of compensating controls
• What will happen with billing disputes
28. Consider
28
• The reputation of the service provider
• Track record of issues
• Large or small, likelihood of change
• Vendor ‘supply chain management’ issues
• The reliability of the service or technology
• Is the technology time tested
• Typically you have no control over upgrades and
changes
• Training for staff
29. Expectations, Put it in Writing
29
• Anything they guarantee get in writing
• Typical agreements are in favor of the service provider
• Protect your interests in writing (have legal look at it)
• Get specific SLA
• Document specific security requirements
• Non-performance clause
• Disposition and transition clauses
• Notification requirements
30. Resources
Cloud Security Alliance
• cloudsecurityalliance.org
ISACA: Cloud Computing Management
Audit/Assurance Program, 2010
NIST Special Publication 800-145 (draft)
Federal Cloud Computing Strategy, February 2011
Above the Clouds managing Risk in the World of
Cloud Computing by McDonald (978-1-84928-031-0)
Cloud Computing, Implementation, Management, and
Security by Rittinghouse and Ransome (978-1-4398-
0680-7)
30
31. Donald E. Hester
CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+
Director, Maze & Associates
University of San Francisco / San Diego City College / Los Positas College
www.LearnSecurity.org | www.linkedin.com/in/donaldehester | www.facebook.com/LearnSec |
www.twitter.com/sobca | DonaldH@MazeAssociates.com
Q&A
32. Evaluation Survey Link
Help us improve our seminars by filing
out a short online evaluation survey at:
http://www.surveymonkey.com/s/CloudComput
33. Thanks for attending
For upcoming events and links to recently archived
seminars, check the @ONE Web site at:
http://onefortraining.org/
IT Series:
Cloud Computing Done Right