SlideShare una empresa de Scribd logo

Sharing the Cloud

Glen Roberts, CISSP
Glen Roberts, CISSP

Sharing the Cloud by Glen Roberts, CISSP Presented at CUISPA 2012 Conference in Austin, TX on 2/21/2012. CUISPA (Credit Union Information Security Professionals Association) is a national association of credit union information technology professionals focused on improving security and risk management through cooperation.

TecnologíaEmpresariales
1 de 26
Descargar para leer sin conexión
Sharing  the  Cloud   Glen  Roberts,  CISSP  
About  the  Presenter   *  Glen  Roberts,  CISSP   *  IT  Infrastructure  Manager  at  UFCU   *  President  at  Cloud  Security  Alliance,   Austin  Chapter  
Agenda   *  Cloud  Computing  Overview   *  Cloud  Benefits  and  Risks   *  Community  Cloud  Deployment  Model   *  Case  Study:  2nd  Node   *  Foundational  Issues   *  Abbreviated  Risk  Framework   *  Addressing  Common  Security  Concerns  
Cloud  Computing  Definition   A  model  for  enabling  ubiquitous,   convenient,  on-­‐demand  network   access  to  a  shared  pool  of   configurable  computing  resources   (NIST:  September,  2011)    
Cloud  Computing  Model   !
Interactive  Slide     What  are  some  of  the  benefits   cloud  computing  can  offer   credit  unions?  
Top  10  Cloud  Benefits   1.  Faster  implementation,  ready  to  use,  automation   2.  Access  anywhere,  on  any  device   3.  Reduced  cost,  pay  for  use   4.  Scalability,  right-­‐sized,  flex  up  and  down   5.  Collective  benefits,  GRC  alignment,  new  functionality   6.  Improved  productivity,  shift  focus  to  further  innovate   7.  Integrated  security  and  patching   8.  Leverage  vendor  expertise,  economy  of  scale   9.  High  performance,  reliability,  uptime   10.  Environment-­‐friendly,  computing  efficiency  
Interactive  Slide     What  risks  might  cloud  computing   expose  a  credit  union  to?  
Top  10  Cloud  Risks   1.  Data  loss,  alteration,  disclosure   2.  Unable  to  prove  security  of  provider  or  solution   3.  Provider  insider  threat,  insecure  APIs,  hypervisor  flaws   4.  Multi-­‐tenancy  trust  issues   5.  Account  hijacking   6.  Regulatory  problems,  lack  of  forensics  support   7.  Blurred  responsibilities     8.  Internet/external  network  dependency   9.  Poor  support,  scalability  issues   10.  Complexity,  hidden  costs  
Enter  Community  Clouds   *  Shared  by  several  organizations   *  Supports  a  community  with  common  interests   *  Business  purpose   *  Standardization   *  GRC  requirements:  GLBA,  NCUA   *  Many  of  the  benefits  of  public  cloud  with  less  risk   *  Better  cost  savings  than  private  cloud  or  traditional   infrastructure  
What  Community  Offers   *  Transparency   *  Dependable  SLAs   *  Clear  roles  &  responsibilities   *  Shared  improvements   *  Data  sharing  
Cloud  Service  Brokerage   *  Cooperatively  select  vendors     *  Improved  bargaining  power  as  a  collective   *  Shared  cost  of  vendor  solutions   *  Leverage  shared  integration  with  vendors  
Do  More  with  Less   *  Reduce  maintenance  &  operations  costs   *  Share  the  expense  of  implementations   *  Free  up  staff  to  innovate  for  members  
Case  Study:  2nd  Node   *  Formed  by  UFCU  and  AFCU   in  2009   *  CUSO   *  Second  data  center   *  Business  Continuity/Disaster   Recovery  
2nd  Node:  Facility   *  Facility   *  SAS  70  Type  II  Facility   *  Working  on  SSAE  16  Type  II   *  Generator,  UPS,  HVAC   *  Environmental  security  
2nd  Node:  Infrastructure   *  Utility  pricing  per  cabinet:     *  Telecom   *  Internet  connectivity  –  100  mbps   *  SAN   *  Separate  LUNS,  partitions   *  EqualLogic,  Compellent   *  IDS/IPS   *  Individual  consoles/customer   *  2nd  Node  as  the  oracle    
2nd  Node:  Cloud  Services   *  Private  clouds   *  SAN  replication   *  System  backups   *  Silver  Peak  network   concentrators   *  Hosted  failover  (Symitar)  
Some  Community  Clouds   *  NYSE  Capital  Markets  Community  Platform   *  IBM  Federal  Community  Cloud   *  G-­‐Cloud   *  News  Corporation  NC3  
Foundational  Issues   *  Many  have  tried  and  failed   *  Control  issues  vs.  cooperation   *  Visibility  of  operations   *  Differing  visions   *  Undefined  SLAs  
Addressing  Common  Security   Concerns   *  Security   *  Not  necessarily  more  or  less  secure   *  Enormous  potential  to  be  more  secure   *  Collaborate  to  implement  controls   *  Standards  gaps   *  Traditional  standards  still  apply   *  NIST  and  CSA  are  helping  accelerate  catch-­‐up  
Data  Protection   *  What  data  needs  to  be  protected?   *  Common  options:   *  Encryption  of  data  at  rest  and  in  motion   *  Tokenization   *  Sanitization,  anonymization   *  Object  security  (SQL)   *  Hashing  
Abbreviated  Risk  Framework:   Identify  Assets   *  Identify  potential  assets  to  be  moved  to  a  community   cloud   *  Infrastructure   *  Data   *  Applications   *  Functions/Processes  
Abbreviated  Risk  Framework:   Community  Cloud  Risks   *  Assess  DAD  risks  of  moving  assets  to  community   cloud   *  What  is  the  impact  if  the  provider  accesses  the  asset   or  if  data  goes  public?   *  What  is  the  impact  if  processes  are  manipulated  or  fail   to  function?  
Abbreviated  Risk  Framework:   Community  Cloud  Requirements   *  Location   *  Identification  of  other  tenants   *  Degree  of  control   *  Who  manages  assets  and  how   *  Security  and  compliance  controls  
Abbreviated  Risk  Framework:   Community  Cloud  Evaluation   *  Providers   *  Partners   *  Solutions  
Thanks!     Glen  Roberts   groberts@ufcu.org   (512)  966-­‐3425  

Recomendados

Collaborative Contingency in the Cloud
Collaborative Contingency in the CloudCollaborative Contingency in the Cloud
Collaborative Contingency in the CloudGlen Roberts, CISSP
 
VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529VMUG IT
 
Infographic: Why Businesses are Adopting Network Virtualization
Infographic: Why Businesses are Adopting Network VirtualizationInfographic: Why Businesses are Adopting Network Virtualization
Infographic: Why Businesses are Adopting Network VirtualizationVMware
 
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...VMware
 
Integrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfIntegrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfOpenStack Foundation
 
Cloud Computing at Cisco
Cloud Computing at CiscoCloud Computing at Cisco
Cloud Computing at CiscoCisco Canada
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
Moving Forward with Network Virtualization (VMware NSX)
Moving Forward with Network Virtualization (VMware NSX)Moving Forward with Network Virtualization (VMware NSX)
Moving Forward with Network Virtualization (VMware NSX)VMware
 

Recomendados

Collaborative Contingency in the Cloud
Collaborative Contingency in the CloudCollaborative Contingency in the Cloud
Collaborative Contingency in the CloudGlen Roberts, CISSP
 
VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529VMUG IT
 
Infographic: Why Businesses are Adopting Network Virtualization
Infographic: Why Businesses are Adopting Network VirtualizationInfographic: Why Businesses are Adopting Network Virtualization
Infographic: Why Businesses are Adopting Network VirtualizationVMware
 
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...VMware
 
Integrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfIntegrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfOpenStack Foundation
 
Cloud Computing at Cisco
Cloud Computing at CiscoCloud Computing at Cisco
Cloud Computing at CiscoCisco Canada
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
Moving Forward with Network Virtualization (VMware NSX)
Moving Forward with Network Virtualization (VMware NSX)Moving Forward with Network Virtualization (VMware NSX)
Moving Forward with Network Virtualization (VMware NSX)VMware
 
Modern Security for the Modern Data Center
Modern Security for the Modern Data CenterModern Security for the Modern Data Center
Modern Security for the Modern Data CenterVMware
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to CloudCisco Security
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityMicrosoft TechNet - Belgium and Luxembourg
 
Beyond Network Virtualization
Beyond Network VirtualizationBeyond Network Virtualization
Beyond Network VirtualizationOpen Networking Summits
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationCisco Security
 
Infographic: Supercharge your Networking Career
Infographic: Supercharge your Networking CareerInfographic: Supercharge your Networking Career
Infographic: Supercharge your Networking CareerVMware
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02abhisheknayak29
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Winston Morton
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Ontario Cloud SIG
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Network Virtualization
Network Virtualization Network Virtualization
Network Virtualization InterVision Systems
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
Cloud computing
Cloud computingCloud computing
Cloud computingMoustafa Mahmoud
 
NFV Security PPT
NFV Security PPTNFV Security PPT
NFV Security PPTNisarg Shah
 
VIRTUALIZATION TECHNOLOGY
VIRTUALIZATION TECHNOLOGYVIRTUALIZATION TECHNOLOGY
VIRTUALIZATION TECHNOLOGYRohitK71
 
Alexandru Catalin Cosoi
Alexandru Catalin CosoiAlexandru Catalin Cosoi
Alexandru Catalin Cosoiprincescorpio
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 
Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta swet4
 
Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015John White
 
Cloud security
Cloud securityCloud security
Cloud securityinsoonjo
 
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01Glen Roberts, CISSP
 
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Glen Roberts, CISSP
 

Más contenido relacionado

La actualidad más candente

Modern Security for the Modern Data Center
Modern Security for the Modern Data CenterModern Security for the Modern Data Center
Modern Security for the Modern Data CenterVMware
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to CloudCisco Security
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationCisco Security
 
Infographic: Supercharge your Networking Career
Infographic: Supercharge your Networking CareerInfographic: Supercharge your Networking Career
Infographic: Supercharge your Networking CareerVMware
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02abhisheknayak29
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Winston Morton
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
NFV Security PPT
NFV Security PPTNFV Security PPT
NFV Security PPTNisarg Shah
 
VIRTUALIZATION TECHNOLOGY
VIRTUALIZATION TECHNOLOGYVIRTUALIZATION TECHNOLOGY
VIRTUALIZATION TECHNOLOGYRohitK71
 
Alexandru Catalin Cosoi
Alexandru Catalin CosoiAlexandru Catalin Cosoi
Alexandru Catalin Cosoiprincescorpio
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 
Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta swet4
 
Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015John White
 
Cloud security
Cloud securityCloud security
Cloud securityinsoonjo
 

La actualidad más candente (20)

Modern Security for the Modern Data Center
Modern Security for the Modern Data CenterModern Security for the Modern Data Center
Modern Security for the Modern Data Center
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to Cloud
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
 
Beyond Network Virtualization
Beyond Network VirtualizationBeyond Network Virtualization
Beyond Network Virtualization
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the Application
 
Infographic: Supercharge your Networking Career
Infographic: Supercharge your Networking CareerInfographic: Supercharge your Networking Career
Infographic: Supercharge your Networking Career
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
 
Network Virtualization
Network Virtualization Network Virtualization
Network Virtualization
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
NFV Security PPT
NFV Security PPTNFV Security PPT
NFV Security PPT
 
VIRTUALIZATION TECHNOLOGY
VIRTUALIZATION TECHNOLOGYVIRTUALIZATION TECHNOLOGY
VIRTUALIZATION TECHNOLOGY
 
Alexandru Catalin Cosoi
Alexandru Catalin CosoiAlexandru Catalin Cosoi
Alexandru Catalin Cosoi
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computing
 
Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta
 
Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015
 
Cloud security
Cloud securityCloud security
Cloud security
 

Destacado

Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01Glen Roberts, CISSP
 
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Glen Roberts, CISSP
 
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02Cloud Security Alliance, Austin Chapter Meeting 2012-02-02
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02Glen Roberts, CISSP
 
Cloud Security Alliance, Austin Chapter - 2012-01-25 Meeting
Cloud Security Alliance, Austin Chapter - 2012-01-25 MeetingCloud Security Alliance, Austin Chapter - 2012-01-25 Meeting
Cloud Security Alliance, Austin Chapter - 2012-01-25 MeetingGlen Roberts, CISSP
 
Top 10 Cloud Computing Certifications
Top 10 Cloud Computing CertificationsTop 10 Cloud Computing Certifications
Top 10 Cloud Computing CertificationsGlen Roberts, CISSP
 

Destacado (6)

Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
 
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
 
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02Cloud Security Alliance, Austin Chapter Meeting 2012-02-02
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02
 
Security in the Skies
Security in the SkiesSecurity in the Skies
Security in the Skies
 
Cloud Security Alliance, Austin Chapter - 2012-01-25 Meeting
Cloud Security Alliance, Austin Chapter - 2012-01-25 MeetingCloud Security Alliance, Austin Chapter - 2012-01-25 Meeting
Cloud Security Alliance, Austin Chapter - 2012-01-25 Meeting
 
Top 10 Cloud Computing Certifications
Top 10 Cloud Computing CertificationsTop 10 Cloud Computing Certifications
Top 10 Cloud Computing Certifications
 

Similar a Sharing the Cloud

Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Kim Jensen
 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsJay Bryant
 
Towards the extinction of mega data centres? To which extent should the Clou...
Towards the extinction of mega data centres? To which extent should the Clou... Towards the extinction of mega data centres? To which extent should the Clou...
Towards the extinction of mega data centres? To which extent should the Clou...Thierry Coupaye
 
Research ArticleSecuring Cloud Hypervisors A Survey of the .docx
Research ArticleSecuring Cloud Hypervisors A Survey of the .docxResearch ArticleSecuring Cloud Hypervisors A Survey of the .docx
Research ArticleSecuring Cloud Hypervisors A Survey of the .docxaudeleypearl
 
Cloud computing web 2.0 By Joanna Hendricks BMT 580
Cloud computing web 2.0 By Joanna Hendricks BMT 580Cloud computing web 2.0 By Joanna Hendricks BMT 580
Cloud computing web 2.0 By Joanna Hendricks BMT 580Joanna Hendricks
 
Splendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptxSplendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptxssuserea0dfe
 
Cloud Deployment Models.pdf
Cloud Deployment Models.pdfCloud Deployment Models.pdf
Cloud Deployment Models.pdfHasanRaza331074
 
CohesiveFT and IBM joint EMEA Webinar - 20Jun13
CohesiveFT and IBM joint EMEA Webinar - 20Jun13CohesiveFT and IBM joint EMEA Webinar - 20Jun13
CohesiveFT and IBM joint EMEA Webinar - 20Jun13Cohesive Networks
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
Multicloud - Understanding Benefits. Obstacles, and Best Approaches
Multicloud - Understanding Benefits. Obstacles, and Best ApproachesMulticloud - Understanding Benefits. Obstacles, and Best Approaches
Multicloud - Understanding Benefits. Obstacles, and Best ApproachesKenneth Hui
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportVivek Maurya
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Kim Jensen
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computingikanow
 

Similar a Sharing the Cloud (20)

Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud computing for SMBs
Cloud computing for SMBsCloud computing for SMBs
Cloud computing for SMBs
 
Vr storm cips_03nov2010
Vr storm cips_03nov2010Vr storm cips_03nov2010
Vr storm cips_03nov2010
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
 
CLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWCLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEW
 
cc ppt
cc pptcc ppt
cc ppt
 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge Clouds
 
A STUDY OF GRID COMPUTING AND CLOUD COMPUTING
A STUDY OF GRID COMPUTING AND CLOUD COMPUTING A STUDY OF GRID COMPUTING AND CLOUD COMPUTING
A STUDY OF GRID COMPUTING AND CLOUD COMPUTING
 
Towards the extinction of mega data centres? To which extent should the Clou...
Towards the extinction of mega data centres? To which extent should the Clou... Towards the extinction of mega data centres? To which extent should the Clou...
Towards the extinction of mega data centres? To which extent should the Clou...
 
Research ArticleSecuring Cloud Hypervisors A Survey of the .docx
Research ArticleSecuring Cloud Hypervisors A Survey of the .docxResearch ArticleSecuring Cloud Hypervisors A Survey of the .docx
Research ArticleSecuring Cloud Hypervisors A Survey of the .docx
 
Cloud computing web 2.0 By Joanna Hendricks BMT 580
Cloud computing web 2.0 By Joanna Hendricks BMT 580Cloud computing web 2.0 By Joanna Hendricks BMT 580
Cloud computing web 2.0 By Joanna Hendricks BMT 580
 
Splendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptxSplendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptx
 
Cloud Deployment Models.pdf
Cloud Deployment Models.pdfCloud Deployment Models.pdf
Cloud Deployment Models.pdf
 
CohesiveFT and IBM joint EMEA Webinar - 20Jun13
CohesiveFT and IBM joint EMEA Webinar - 20Jun13CohesiveFT and IBM joint EMEA Webinar - 20Jun13
CohesiveFT and IBM joint EMEA Webinar - 20Jun13
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
 
Multicloud - Understanding Benefits. Obstacles, and Best Approaches
Multicloud - Understanding Benefits. Obstacles, and Best ApproachesMulticloud - Understanding Benefits. Obstacles, and Best Approaches
Multicloud - Understanding Benefits. Obstacles, and Best Approaches
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” report
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud ComputingDr. Michael Valivullah, NASS/USDA - Cloud Computing
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
 

Último

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 

Último (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 

Sharing the Cloud

  • 1. Sharing  the  Cloud   Glen  Roberts,  CISSP  
  • 2. About  the  Presenter   *  Glen  Roberts,  CISSP   *  IT  Infrastructure  Manager  at  UFCU   *  President  at  Cloud  Security  Alliance,   Austin  Chapter  
  • 3. Agenda   *  Cloud  Computing  Overview   *  Cloud  Benefits  and  Risks   *  Community  Cloud  Deployment  Model   *  Case  Study:  2nd  Node   *  Foundational  Issues   *  Abbreviated  Risk  Framework   *  Addressing  Common  Security  Concerns  
  • 4. Cloud  Computing  Definition   A  model  for  enabling  ubiquitous,   convenient,  on-­‐demand  network   access  to  a  shared  pool  of   configurable  computing  resources   (NIST:  September,  2011)    
  • 6. Interactive  Slide     What  are  some  of  the  benefits   cloud  computing  can  offer   credit  unions?  
  • 7. Top  10  Cloud  Benefits   1.  Faster  implementation,  ready  to  use,  automation   2.  Access  anywhere,  on  any  device   3.  Reduced  cost,  pay  for  use   4.  Scalability,  right-­‐sized,  flex  up  and  down   5.  Collective  benefits,  GRC  alignment,  new  functionality   6.  Improved  productivity,  shift  focus  to  further  innovate   7.  Integrated  security  and  patching   8.  Leverage  vendor  expertise,  economy  of  scale   9.  High  performance,  reliability,  uptime   10.  Environment-­‐friendly,  computing  efficiency  
  • 8. Interactive  Slide     What  risks  might  cloud  computing   expose  a  credit  union  to?  
  • 9. Top  10  Cloud  Risks   1.  Data  loss,  alteration,  disclosure   2.  Unable  to  prove  security  of  provider  or  solution   3.  Provider  insider  threat,  insecure  APIs,  hypervisor  flaws   4.  Multi-­‐tenancy  trust  issues   5.  Account  hijacking   6.  Regulatory  problems,  lack  of  forensics  support   7.  Blurred  responsibilities     8.  Internet/external  network  dependency   9.  Poor  support,  scalability  issues   10.  Complexity,  hidden  costs  
  • 10. Enter  Community  Clouds   *  Shared  by  several  organizations   *  Supports  a  community  with  common  interests   *  Business  purpose   *  Standardization   *  GRC  requirements:  GLBA,  NCUA   *  Many  of  the  benefits  of  public  cloud  with  less  risk   *  Better  cost  savings  than  private  cloud  or  traditional   infrastructure  
  • 11. What  Community  Offers   *  Transparency   *  Dependable  SLAs   *  Clear  roles  &  responsibilities   *  Shared  improvements   *  Data  sharing  
  • 12. Cloud  Service  Brokerage   *  Cooperatively  select  vendors     *  Improved  bargaining  power  as  a  collective   *  Shared  cost  of  vendor  solutions   *  Leverage  shared  integration  with  vendors  
  • 13. Do  More  with  Less   *  Reduce  maintenance  &  operations  costs   *  Share  the  expense  of  implementations   *  Free  up  staff  to  innovate  for  members  
  • 14. Case  Study:  2nd  Node   *  Formed  by  UFCU  and  AFCU   in  2009   *  CUSO   *  Second  data  center   *  Business  Continuity/Disaster   Recovery  
  • 15. 2nd  Node:  Facility   *  Facility   *  SAS  70  Type  II  Facility   *  Working  on  SSAE  16  Type  II   *  Generator,  UPS,  HVAC   *  Environmental  security  
  • 16. 2nd  Node:  Infrastructure   *  Utility  pricing  per  cabinet:     *  Telecom   *  Internet  connectivity  –  100  mbps   *  SAN   *  Separate  LUNS,  partitions   *  EqualLogic,  Compellent   *  IDS/IPS   *  Individual  consoles/customer   *  2nd  Node  as  the  oracle    
  • 17. 2nd  Node:  Cloud  Services   *  Private  clouds   *  SAN  replication   *  System  backups   *  Silver  Peak  network   concentrators   *  Hosted  failover  (Symitar)  
  • 18. Some  Community  Clouds   *  NYSE  Capital  Markets  Community  Platform   *  IBM  Federal  Community  Cloud   *  G-­‐Cloud   *  News  Corporation  NC3  
  • 19. Foundational  Issues   *  Many  have  tried  and  failed   *  Control  issues  vs.  cooperation   *  Visibility  of  operations   *  Differing  visions   *  Undefined  SLAs  
  • 20. Addressing  Common  Security   Concerns   *  Security   *  Not  necessarily  more  or  less  secure   *  Enormous  potential  to  be  more  secure   *  Collaborate  to  implement  controls   *  Standards  gaps   *  Traditional  standards  still  apply   *  NIST  and  CSA  are  helping  accelerate  catch-­‐up  
  • 21. Data  Protection   *  What  data  needs  to  be  protected?   *  Common  options:   *  Encryption  of  data  at  rest  and  in  motion   *  Tokenization   *  Sanitization,  anonymization   *  Object  security  (SQL)   *  Hashing  
  • 22. Abbreviated  Risk  Framework:   Identify  Assets   *  Identify  potential  assets  to  be  moved  to  a  community   cloud   *  Infrastructure   *  Data   *  Applications   *  Functions/Processes  
  • 23. Abbreviated  Risk  Framework:   Community  Cloud  Risks   *  Assess  DAD  risks  of  moving  assets  to  community   cloud   *  What  is  the  impact  if  the  provider  accesses  the  asset   or  if  data  goes  public?   *  What  is  the  impact  if  processes  are  manipulated  or  fail   to  function?  
  • 24. Abbreviated  Risk  Framework:   Community  Cloud  Requirements   *  Location   *  Identification  of  other  tenants   *  Degree  of  control   *  Who  manages  assets  and  how   *  Security  and  compliance  controls  
  • 25. Abbreviated  Risk  Framework:   Community  Cloud  Evaluation   *  Providers   *  Partners   *  Solutions  
  • 26. Thanks!     Glen  Roberts   groberts@ufcu.org   (512)  966-­‐3425