Effectively and Securely Using the Cloud Computing ParadigmPeter Mell, Tim GranceNIST, Information Technology Laboratory10-7-20092NIST Cloud Research TeamPeter MellProject LeadTim Grance Program ManagerLee BadgerContact information is available from:http://www.nist.gov/public_affairs/contact.htm3NIST Cloud Computing Resources• NIST Draft Definition of Cloud Computing• Presentation on Effective and Secure Use of Cloud Computing• http://csrc.nist.gov/groups/SNS/cloud-computing/index.html4Caveats and Disclaimers• This presentation provides education on cloud technology and its benefits to set up a discussion of cloud security• It is NOT intended to provide official NIST guidance and NIST does not make policy• Any mention of a vendor or product is NOT an endorsement or recommendationCitation Note: All sources for the material in this presentation are included withinthe Powerpoint “notes” field on each slide5Agenda• Part 1: Effective and Secure Use– Understanding Cloud Computing– Cloud Computing Security – Secure Cloud Migration Paths– Cloud Publications– Cloud Computing and Standards• Part 2: Cloud Resources, Case Studies, and Security Models– Thoughts on Cloud Computing – Foundational Elements of Cloud Computing– Cloud Computing Case Studies and Security Models6Part I: Effective and Secure Use7Understanding Cloud Computing8Origin of the term “Cloud Computing”• “Comes from the early days of the Internet where we drew the network as a cloud… we didn‟t care where the messages went… the cloud hid it from us” – Kevin Marks, Google• First cloud around networking (TCP/IP abstraction)• Second cloud around documents (WWW data abstraction)• The emerging cloud abstracts infrastructure complexities of servers, applications, data, and heterogeneous platforms– (“muck” as Amazon‟s CEO Jeff Bezos calls it)9A Working Definition of Cloud Computing• Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. • This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.105 Essential Cloud Characteristics• On-demand self-service • Broad network access• Resource pooling– Location independence• Rapid elasticity• Measured service113 Cloud Service Models• Cloud Software as a Service (SaaS)– Use provider‟s applications over a network • Cloud Platform as a Service (PaaS)– Deploy customer-created applications to a cloud • Cloud Infrastructure as a Service (IaaS)– Rent processing, storage, network capacity, and other fundamental computing resources• To be considered “cloud” they must be deployed on top of cloud infrastructure that has the key characteristics12Service Model ArchitecturesCloud InfrastructureIaaSPaaSSaaSInfrastructure as a Service (IaaS) ArchitecturesPlatform as a Service (PaaS)ArchitecturesSoftware as a Service (SaaS)ArchitecturesCloud InfrastructureSaaSCloud InfrastructurePaaSSaaSCloud InfrastructureIaaSPaaSCloud InfrastructurePaaSCloud InfrastructureIaaS134 Cloud Deployment Models• Private cloud – enterprise owned or leased• Community cloud– shared infrastructure for specific community• Public cloud– Sold to the public, mega-scale infrastructure• Hybrid cloud– composition of two or more clouds14Common Cloud Characteristics• Cloud computing often leverages:– Massive scale– Homogeneity– Virtualization– Resilient computing– Low cost software– Geographic distribution– Service orientation– Advanced security technologiesThe NIST Cloud Definition Framework15CommunityCloudPrivate CloudPublic CloudHybrid CloudsDeploymentModelsServiceModelsEssentialCharacteristicsCommon CharacteristicsSoftware as a Service (SaaS)Platform as a Service (PaaS)Infrastructure as a Service (IaaS)Resource PoolingBroad Network Access Rapid ElasticityMeasured ServiceOn Demand Self-ServiceLow Cost SoftwareVirtualization Service OrientationAdvanced SecurityHomogeneityMassive Scale Resilient ComputingGeographic Distribution16Cloud Computing Security17Security is the Major Issue18Analyzing Cloud Security• Some key issues: – trust, multi-tenancy, encryption, compliance• Clouds are massively complex systems can be reduced to simple primitives that are replicated thousands of times and common functional units• Cloud security is a tractable problem– There are both advantages and challenges Former Intel CEO, Andy Grove: “only the paranoid survive”19General Security Advantages• Shifting public data to a external cloud reduces the exposure of the internal sensitive data• Cloud homogeneity makes security auditing/testing simpler• Clouds enable automated security management• Redundancy / Disaster Recovery20General Security Challenges• Trusting vendor‟s security model• Customer inability to respond to audit findings• Obtaining support for investigations• Indirect administrator accountability• Proprietary implementations can‟t be examined• Loss of physical control21Security Relevant Cloud Components• Cloud Provisioning Services• Cloud Data Storage Services • Cloud Processing Infrastructure• Cloud Support Services • Cloud Network and Perimeter Security• Elastic Elements: Storage, Processing, and Virtual Networks22Provisioning Service• Advantages– Rapid reconstitution of services – Enables availability• Provision in multiple data centers / multiple instances– Advanced honey net capabilities• Challenges– Impact of compromising the provisioning service23Data Storage Services• Advantages– Data fragmentation and dispersal– Automated replication– Provision of data zones (e.g., by country)– Encryption at rest and in transit– Automated data retention• Challenges– Isolation management / data multi-tenancy– Storage controller• Single point of failure / compromise?– Exposure of data to foreign governments24Cloud Processing Infrastructure• Advantages– Ability to secure masters and push out secure images• Challenges– Application multi-tenancy– Reliance on hypervisors– Process isolation / Application sandboxes25Cloud Support Services• Advantages– On demand security controls (e.g., authentication, logging,
View Full Document
Unlocking...