Cloudifornication Indiscriminate Information Intercourse Involving Internet Infrastructure Hoff (@Beaker) - FIRST 2010
Cloud Security Doesn’t Matter When Is NetWareCloud Shipping?
::Setting Some Context The Internet is a remarkably frail operating platform, loosely hinged on luck, politeness, ad hoc peering & transit, handshake relationships and the IP Protocol* *It’s up more than it’s down because even the bad guys need it up to operate...
::Setting Some Context At the end of the day, we’re adding layers of abstraction/indirection to 40 year old technologies and practices & wondering why we still have issues
There Ain’t Nuthin’ Wrong With The InterTubes!
:: Context The Internet assumes a fictional trusted core but is in fact an untrusted, unreliable & hostile platform. So then, is Cloud.
Anyone Know What This Is?
More Familiar?
Rare? Yes.
Tragic? Absolutely.
Guess What? No Definitions Of Cloud
Provider’s/Technician’s View J%7"*$'F1/,$'G<'>;4K'L1(?%3B'I,M3%E13'G<'0$1"/'012C"E3B'' 57#899:::;6-06;(.-);<%/9<0%=#-9>?>96$%=,@6%'#=2(<9.(,"A;5)'$** =(1*/'' G3HI,2*3/'' A*C%/'D$*7E&%+.' F,*7"(,/'4,()%&,' Abstraction of Infrastructure >,+61(?'@&&,77' 4,$<H4,()%&,' 1--"(23$** 453036)"0.-26-* A,71"(&,'!11$%3B' Resource Democratization Services Oriented !"$./"0&* 4156*(,'*7'*' !$*:1(2'*7'*' ;3<(*7+("&+"(,'*7'*' +%,"$-* 4,()%&,'84**49' 4,()%&,'8!**49' 4,()%&,'8;**49' Self-Service, On-Demand Elasticity/Dynamism !"#$%&'"()* -.#(%/' 0122"3%+.' Utility Model Of Consumption !"#$%&' !(%)*+,' +%,"$-* & Allocation
From the Consumer’s Perspective... Everything Is Cloud...
CloudWow! You’ll Say “HOW?” Every Time... C loud W o W !
The Journey to the InterCloud Begins With a Single Slide, It Does...
...It Ends With One, Too... ...and Here It Comes...
Journey To The Intercloud Made Simple Cloud Brokers Private Cloud Virtualized Data Centers Public Cloud Stand-Alone Intercloud Data Centers Virtual Hybrid Clouds Private Cloud Federation / Workload Portability / Interoperability
The SPI Cloud Model Three delivery models that people talk about about when they say “Cloud”: } Software as a Service End Users (SaaS) What Do These Platform as a Service Developers (PaaS) Look Like? Infrastructure as a Service SysAdmins (IaaS)
Cloud Model :: Infrastructure as a Service (IaaS) APIs Core Connectivity & Delivery Infrastructure as a Service (IaaS) Abstraction Hardware Facilities
Cloud Model :: Platform as a Service (PaaS) Integration & Middleware APIs Core Connectivity & Delivery Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Abstraction Hardware Facilities
Cloud Model :: Software as a Service (SaaS) Presentation Presentation Modality Platform APIs Applications Data Metadata Content Integration & Middleware APIs Core Connectivity & Delivery Software as a Service (SaaS) Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Abstraction Hardware Facilities
Lots Of *aaSes...Variations On a Theme Packaging these up in combination yields lots of *aaS(es): Storage as a Integration as a Presentation Presentation Data Voice Video PC Embedded Mobile Modality Platform Mgmt APIs Service Service Salesforce.com Applications Native Web Emulated Google Apps Oracle OnDemand Unstructured d e r u t c u Data Metadata Content t r S Google AppEngine Database as a Security as a Integration & Middleware Database Messaging Queuing IAM/Auth. Force.com Coghead APIs Mgmt GoGrid CloudCenter API Service Service Core Connectivity & Delivery Software as a Service (SaaS) IPAM/ LB & Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Security IAM/Auth. Transport DNS Grid/ Amazon EC2 Abstraction VMM Cluster/ Images Utility GoGrid FlexiScale Hardware Compute Network Storage Information as a Management as a Facilities Power HVAC Space Service Service Process as a Testing as a Service Service... *David Linthicum: Defining the Cloud Computing Framework http://cloudcomputing.sys-con.com/node/811519
The Many Dimensions Of Cloud :: SaaS Presentation Presentation Modality Platform Features SaaS APIs Applications Extensibility Data Metadata Content Integration & Middleware S e c u r i t y APIs Core Connectivity & Delivery Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS) Abstraction Hardware Facilities
The Many Dimensions Of Cloud :: PaaS Features SaaS Features Integration & Middleware PaaS Extensibility Extensibility APIs Core Connectivity & Delivery Infrastructure as a Service (IaaS) Platform as a Service (PaaS) S Security e c u r i t y Abstraction Hardware Facilities
The Many Dimensions Of Cloud :: IaaS Features SaaS Features Extensibility PaaS APIs IaaS Core Connectivity & Delivery Infrastructure as a Service (IaaS) S Security e c u r i t y Abstraction Hardware Facilities
:: The Cloud, It’s Impact On Security and Vice-Versa
IaaS Security :: Guest/Host-Based Data Provider secures “their” infrastructure to maximize OS & Applications availability & multi-tenancy Consumer VMs/Containers Remainder of the stack APIs Provider (and confidentiality, Core Connectivity & Delivery Infrastructure as a Service (IaaS) integrity) is your problem Abstraction General focus is on VM’s Hardware & Guest-Based Facilities IaaS
All You, Baby... 7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet...you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications...We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications.
PaaS Security :: Programmatic Data Provider owns the compute, Consumer network, storage layers & Applications programmatic interface security Provider Integration & Middleware The consumer creates the APIs applications based upon Core Connectivity & Delivery supported development Infrastructure as a Service (IaaS) Platform as a Service (PaaS) environment Abstraction Writing secure applications Hardware and ensuring your data is safe Facilities is on you PaaS
Oh, Passwords? 2.1. You must provide accurate and complete registration information any time you register to use the Service. You are responsible for the security of your passwords and for any use of your account. If you become aware of any unauthorized use of your password or of your account, you agree to notify Google immediately.
SaaS Security :: All or Nuthin’ Presentation Presentation Modality Platform The provider owns the APIs entire stack Applications Security (C, I and A) Data Metadata Content becomes a contract Integration & Middleware Provider negotiation APIs Core Connectivity & Delivery Software as a Service (SaaS) Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Traditional security and Abstraction compliance functions Hardware are more administrative Facilities & policy-focused SaaS
Good As Good Gets... 8.3. Protection of Your Data. Without limiting the above, We shall maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Your Data. We shall not (a) modify Your Data, (b) disclose Your Data except as compelled by law in accordance with Section 7.5 (Compelled Disclosure) or as expressly permitted in writing by You, or (c) access Your Data except to provide the Services or prevent or address service or technical problems, or at your request in connection with customer support matters.
What This Means To Security Provider Presentation Presentation Modality Platform Consumer Data Data APIs Build It In Consumer OS & Applications Applications Applications RFP/Contract VMs/Containers Data Metadata Content Integration & Middleware It In Integration & Middleware APIs APIs APIs Provider Core Connectivity & Delivery Infrastructure as a Service (IaaS) Core Connectivity & Delivery Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Core Connectivity & Delivery Software as a Service (SaaS) Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Provider Abstraction Abstraction Abstraction Hardware Hardware Hardware Facilities Facilities Facilities SaaS IaaS PaaS
Recommend
More recommend