SlideShare une entreprise Scribd logo

Collaborative Contingency in the Cloud

Glen Roberts, CISSP
Glen Roberts, CISSP

Presented by Glen Roberts to the NCUA (National Credit Union Administration) and the OCCU (Office of Corporate Credit Unions) in Alexandria, VA on April 10, 2012.

TechnologieBusiness
1  sur  26
Télécharger pour lire hors ligne
Collaborative  Contingency     in  the  Cloud   Glen  Roberts,  CISSP  
About  the  Presenter   *  Glen  Roberts,  CISSP   *  IT  Infrastructure  Manager  at  UFCU   *  President  at  Cloud  Security  Alliance,   Austin  Chapter  
Agenda   *  Cloud  Computing  Overview   *  Cloud  Benefits  and  Risks   *  Myths  and  Reality  of  the  Cloud   *  Community  Clouds   *  What  a  CUSO  Model  Offers   *  CUSO  Model  Benefits   *  Case  Study:  2nd  Node   *  Foundational  Issues   *  Abbreviated  Risk  Framework   *  Addressing  Common  Security  Concerns  
Cloud  Computing  Definition   A  model  for  enabling  ubiquitous,   convenient,  on-­‐demand  network   access  to  a  shared  pool  of   configurable  computing  resources   (NIST:  September,  2011)    
Cloud  Computing  Model   !
Interactive  Slide     What  are  some  of  the  benefits   cloud  computing  can  offer   credit  unions?  
Top  10  Cloud  Benefits   1.  Faster  implementation,  ready  to  use,  automation   2.  Access  anywhere,  on  any  device   3.  Reduced  cost,  pay  for  use   4.  Scalability,  right-­‐sized,  flex  up  and  down   5.  Collective  benefits,  GRC  alignment,  new  functionality   6.  Improved  productivity,  shift  focus  to  further  innovate   7.  Integrated  security  and  patching   8.  Leverage  vendor  expertise,  economy  of  scale   9.  High  performance,  reliability,  uptime   10.  Environment-­‐friendly,  computing  efficiency  
Interactive  Slide     What  risks  might  cloud  computing   expose  a  credit  union  to?  
Top  10  Cloud  Risks   1.  Data  loss,  alteration,  disclosure   2.  Unable  to  prove  security  of  provider  or  solution   3.  Provider  insider  threat,  insecure  APIs,  hypervisor  flaws   4.  Multi-­‐tenancy  trust  issues   5.  Account  hijacking   6.  Regulatory  problems,  lack  of  forensics  support   7.  Blurred  responsibilities     8.  Internet/external  network  dependency   9.  Poor  support,  scalability  issues   10.  Complexity,  hidden  costs  
Myths  and  Reality  of  the  Cloud   *  The  cloud  is  just  a  fad   *  The  cloud  is  less  secure   *  The  cloud  is  not  compliant   *  Moving  to  the  cloud  is  too  challenging   *  Moving  to  the  cloud  is  too  costly  
Community  Clouds   *  Shared  by  several  organizations   *  Supports  a  community  with  common  interests   *  Business  purpose   *  Standardization   *  GRC  requirements:  GLBA,  NCUA   *  Many  of  the  benefits  of  public  cloud  with  less  risk   *  Better  cost  savings  than  private  cloud  or  traditional   infrastructure  
What  a  CUSO  Model  Offers   *  Trust   *  Transparency   *  Dependable  SLAs   *  Clear  roles  &  responsibilities   *  Shared  improvements   *  Data  sharing  
CUSO  Model  Benefits   *  Do  more  with  less   *  Reduce  maintenance  &  operations  costs   *  Sharing  of  assets   *  Share  the  expense  of  implementations   *  Free  up  staff  to  innovate  for  members  
More  CUSO  Model  Benefits   *  Cloud  service  brokerage   *  Cooperatively  select  vendors     *  Improved  bargaining  power  as  a  collective   *  Shared  cost  of  vendor  solutions   *  Leverage  shared  integration  with  vendors  
Case  Study:  2nd  Node   *  Formed  by  UFCU  and  AFCU   in  2009   *  CUSO   *  Second  data  center   *  Business  Continuity/Disaster   Recovery  
2nd  Node:  Facility   *  Facility   *  SAS  70  Type  II  Facility   *  Working  on  SSAE  16  Type  II   *  Generator,  UPS,  HVAC   *  Environmental  security  
2nd  Node:  Infrastructure   *  Utility  pricing  per  cabinet:     *  Telecom   *  Internet  connectivity  –  100  mbps   *  SAN   *  Separate  LUNS,  partitions   *  EqualLogic,  Compellent   *  IDS/IPS   *  Individual  consoles/customer   *  2nd  Node  as  the  oracle    
2nd  Node:  Cloud  Services   *  Private  clouds   *  SAN  replication   *  System  backups   *  Silver  Peak  network   concentrators   *  Hosted  failover  (Symitar)  
Foundational  Issues   *  Many  have  tried  and  failed   *  Control  issues  vs.  cooperation   *  Visibility  of  operations   *  Differing  visions   *  Undefined  SLAs   *  Security  concerns  
Addressing  Common  Security   Concerns   *  Security   *  Not  necessarily  more  or  less  secure   *  Enormous  potential  to  be  more  secure   *  Collaborate  to  implement  controls   *  Standards  gaps   *  Traditional  standards  still  apply   *  NIST  and  CSA  are  helping  accelerate  catch-­‐up  
Data  Protection   *  What  data  needs  to  be  protected?   *  Common  options:   *  Encryption  of  data   *  Tokenization   *  Sanitization,  anonymization   *  Object  security   *  Hashing  
Abbreviated  Risk  Framework:   Identify  Assets   *  Identify  potential  assets  to  be  moved  to  a  community   cloud   *  Infrastructure   *  Data   *  Applications   *  Functions/Processes  
Abbreviated  Risk  Framework:   Community  Cloud  Risks   *  Assess  DAD  risks  of  moving  assets  to  community   cloud   *  What  is  the  impact  if  the  provider  accesses  the  asset   or  if  data  goes  public?   *  What  is  the  impact  if  processes  are  manipulated  or  fail   to  function?  
Abbreviated  Risk  Framework:   Community  Cloud  Requirements   *  Location   *  Identification  of  other  tenants   *  Degree  of  control   *  Who  manages  assets  and  how   *  Security  and  compliance  controls  
Abbreviated  Risk  Framework:   Community  Cloud  Evaluation   *  Providers   *  Partners   *  Solutions  
Thanks!     Glen  Roberts   groberts@ufcu.org   (512)  966-­‐3425  

Recommandé

Sharing the Cloud
Sharing the CloudSharing the Cloud
Sharing the Cloud
Glen Roberts, CISSP
 
Wall-Street Technology Association (WSTA) Feb-2012
Wall-Street Technology Association (WSTA) Feb-2012Wall-Street Technology Association (WSTA) Feb-2012
Wall-Street Technology Association (WSTA) Feb-2012
Joshua McKenty
 
20150311 NSX update 301
20150311 NSX update 30120150311 NSX update 301
20150311 NSX update 301
Kevin Groat
 
Cloud Computing at Cisco
Cloud Computing at CiscoCloud Computing at Cisco
Cloud Computing at Cisco
Cisco Canada
 
Beyond Network Virtualization
Beyond Network VirtualizationBeyond Network Virtualization
Beyond Network Virtualization
Open Networking Summits
 
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMware
 
Cisco cloud presentation
Cisco cloud presentationCisco cloud presentation
Cisco cloud presentation
Abdelkader YEDDES
 
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)
Scott Lowe
 

Recommandé

Sharing the Cloud
Sharing the CloudSharing the Cloud
Sharing the Cloud
Glen Roberts, CISSP
 
Wall-Street Technology Association (WSTA) Feb-2012
Wall-Street Technology Association (WSTA) Feb-2012Wall-Street Technology Association (WSTA) Feb-2012
Wall-Street Technology Association (WSTA) Feb-2012
Joshua McKenty
 
20150311 NSX update 301
20150311 NSX update 30120150311 NSX update 301
20150311 NSX update 301
Kevin Groat
 
Cloud Computing at Cisco
Cloud Computing at CiscoCloud Computing at Cisco
Cloud Computing at Cisco
Cisco Canada
 
Beyond Network Virtualization
Beyond Network VirtualizationBeyond Network Virtualization
Beyond Network Virtualization
Open Networking Summits
 
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMware
 
Cisco cloud presentation
Cisco cloud presentationCisco cloud presentation
Cisco cloud presentation
Abdelkader YEDDES
 
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)
The Vision for the Future of Network Virtualization with VMware NSX (Q2 2016)
Scott Lowe
 
Juniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCOJuniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCO
Juniper Networks
 
VMworld 2016 Recap
VMworld 2016 RecapVMworld 2016 Recap
VMworld 2016 Recap
Kevin Groat
 
NSX 9 Core Use Cases
NSX 9 Core Use CasesNSX 9 Core Use Cases
NSX 9 Core Use Cases
Kevin Groat
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02
abhisheknayak29
 
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
Scott Lowe
 
SDN, Network Virtualization, and the Right Abstraction
SDN, Network Virtualization, and the Right AbstractionSDN, Network Virtualization, and the Right Abstraction
SDN, Network Virtualization, and the Right Abstraction
Scott Lowe
 
Infographic: Supercharge your Networking Career
Infographic: Supercharge your Networking CareerInfographic: Supercharge your Networking Career
Infographic: Supercharge your Networking Career
VMware
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101
MISA Ontario Cloud SIG
 
Cloud computing security from single to multi clouds
Cloud computing security from single to multi cloudsCloud computing security from single to multi clouds
Cloud computing security from single to multi clouds
Cholavaram Sai
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Moustafa Mahmoud
 
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Piyush Mittal
 
Community cloud
Community cloud Community cloud
Community cloud
kavyagaur3
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
Ashish Patel
 
A Brief History of MidoNet
A Brief History of MidoNetA Brief History of MidoNet
A Brief History of MidoNet
MidoNet
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloud
vidhya dharmarajan
 
Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”
Vivek Maurya
 
Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security
Bahtiyar Bircan
 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issues
Jyoti Srivastava
 
A Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-CloudA Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-Cloud
GovCloud Network
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Ashish Mishra
 
Cloud computing for SMBs
Cloud computing for SMBsCloud computing for SMBs
Cloud computing for SMBs
Krishnan Subramanian
 

Contenu connexe

Tendances

Cloud computing security from single to multi clouds
Cloud computing security from single to multi cloudsCloud computing security from single to multi clouds
Cloud computing security from single to multi clouds
Cholavaram Sai
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Piyush Mittal
 
Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”
Vivek Maurya
 

Tendances (20)

Juniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCOJuniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCO
 
VMworld 2016 Recap
VMworld 2016 RecapVMworld 2016 Recap
VMworld 2016 Recap
 
NSX 9 Core Use Cases
NSX 9 Core Use CasesNSX 9 Core Use Cases
NSX 9 Core Use Cases
 
Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02Cloudcomputingoct2009 100301142544-phpapp02
Cloudcomputingoct2009 100301142544-phpapp02
 
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
 
SDN, Network Virtualization, and the Right Abstraction
SDN, Network Virtualization, and the Right AbstractionSDN, Network Virtualization, and the Right Abstraction
SDN, Network Virtualization, and the Right Abstraction
 
Infographic: Supercharge your Networking Career
Infographic: Supercharge your Networking CareerInfographic: Supercharge your Networking Career
Infographic: Supercharge your Networking Career
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101
 
Cloud computing security from single to multi clouds
Cloud computing security from single to multi cloudsCloud computing security from single to multi clouds
Cloud computing security from single to multi clouds
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Community cloud
Community cloud Community cloud
Community cloud
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
A Brief History of MidoNet
A Brief History of MidoNetA Brief History of MidoNet
A Brief History of MidoNet
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloud
 
Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”Cloud Computing Security Issues in Infrastructure as a Service”
Cloud Computing Security Issues in Infrastructure as a Service”
 
Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security
 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issues
 
A Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-CloudA Hitchhiker's Guide to the Inter-Cloud
A Hitchhiker's Guide to the Inter-Cloud
 

Similaire à Collaborative Contingency in the Cloud

Towards the extinction of mega data centres? To which extent should the Clou...
Towards the extinction of mega data centres? To which extent should the Clou... Towards the extinction of mega data centres? To which extent should the Clou...
Towards the extinction of mega data centres? To which extent should the Clou...
Thierry Coupaye
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
fanc1985
 
Splendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptxSplendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptx
ssuserea0dfe
 
Cloud computing web 2.0 By Joanna Hendricks BMT 580
Cloud computing web 2.0 By Joanna Hendricks BMT 580Cloud computing web 2.0 By Joanna Hendricks BMT 580
Cloud computing web 2.0 By Joanna Hendricks BMT 580
Joanna Hendricks
 
Research ArticleSecuring Cloud Hypervisors A Survey of the .docx
Research ArticleSecuring Cloud Hypervisors A Survey of the .docxResearch ArticleSecuring Cloud Hypervisors A Survey of the .docx
Research ArticleSecuring Cloud Hypervisors A Survey of the .docx
audeleypearl
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
TheAnfieldGroup
 

Similaire à Collaborative Contingency in the Cloud (20)

Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud computing for SMBs
Cloud computing for SMBsCloud computing for SMBs
Cloud computing for SMBs
 
cc ppt
cc pptcc ppt
cc ppt
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
 
Vr storm cips_03nov2010
Vr storm cips_03nov2010Vr storm cips_03nov2010
Vr storm cips_03nov2010
 
Cloud Deployment Models.pdf
Cloud Deployment Models.pdfCloud Deployment Models.pdf
Cloud Deployment Models.pdf
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
 
CLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWCLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEW
 
Towards the extinction of mega data centres? To which extent should the Clou...
Towards the extinction of mega data centres? To which extent should the Clou... Towards the extinction of mega data centres? To which extent should the Clou...
Towards the extinction of mega data centres? To which extent should the Clou...
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
 
Splendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptxSplendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptx
 
Cloud computing web 2.0 By Joanna Hendricks BMT 580
Cloud computing web 2.0 By Joanna Hendricks BMT 580Cloud computing web 2.0 By Joanna Hendricks BMT 580
Cloud computing web 2.0 By Joanna Hendricks BMT 580
 
Multicloud - Understanding Benefits. Obstacles, and Best Approaches
Multicloud - Understanding Benefits. Obstacles, and Best ApproachesMulticloud - Understanding Benefits. Obstacles, and Best Approaches
Multicloud - Understanding Benefits. Obstacles, and Best Approaches
 
Research ArticleSecuring Cloud Hypervisors A Survey of the .docx
Research ArticleSecuring Cloud Hypervisors A Survey of the .docxResearch ArticleSecuring Cloud Hypervisors A Survey of the .docx
Research ArticleSecuring Cloud Hypervisors A Survey of the .docx
 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge Clouds
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud computing (2)
Cloud computing (2)Cloud computing (2)
Cloud computing (2)
 
A STUDY OF GRID COMPUTING AND CLOUD COMPUTING
A STUDY OF GRID COMPUTING AND CLOUD COMPUTING A STUDY OF GRID COMPUTING AND CLOUD COMPUTING
A STUDY OF GRID COMPUTING AND CLOUD COMPUTING
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
 

Plus de Glen Roberts, CISSP

Plus de Glen Roberts, CISSP (6)

Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
 
Security in the Skies
Security in the SkiesSecurity in the Skies
Security in the Skies
 
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
 
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02Cloud Security Alliance, Austin Chapter Meeting 2012-02-02
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02
 
Cloud Security Alliance, Austin Chapter - 2012-01-25 Meeting
Cloud Security Alliance, Austin Chapter - 2012-01-25 MeetingCloud Security Alliance, Austin Chapter - 2012-01-25 Meeting
Cloud Security Alliance, Austin Chapter - 2012-01-25 Meeting
 
Top 10 Cloud Computing Certifications
Top 10 Cloud Computing CertificationsTop 10 Cloud Computing Certifications
Top 10 Cloud Computing Certifications
 

Dernier

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 

Dernier (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Collaborative Contingency in the Cloud

  • 1. Collaborative  Contingency     in  the  Cloud   Glen  Roberts,  CISSP  
  • 2. About  the  Presenter   *  Glen  Roberts,  CISSP   *  IT  Infrastructure  Manager  at  UFCU   *  President  at  Cloud  Security  Alliance,   Austin  Chapter  
  • 3. Agenda   *  Cloud  Computing  Overview   *  Cloud  Benefits  and  Risks   *  Myths  and  Reality  of  the  Cloud   *  Community  Clouds   *  What  a  CUSO  Model  Offers   *  CUSO  Model  Benefits   *  Case  Study:  2nd  Node   *  Foundational  Issues   *  Abbreviated  Risk  Framework   *  Addressing  Common  Security  Concerns  
  • 4. Cloud  Computing  Definition   A  model  for  enabling  ubiquitous,   convenient,  on-­‐demand  network   access  to  a  shared  pool  of   configurable  computing  resources   (NIST:  September,  2011)    
  • 6. Interactive  Slide     What  are  some  of  the  benefits   cloud  computing  can  offer   credit  unions?  
  • 7. Top  10  Cloud  Benefits   1.  Faster  implementation,  ready  to  use,  automation   2.  Access  anywhere,  on  any  device   3.  Reduced  cost,  pay  for  use   4.  Scalability,  right-­‐sized,  flex  up  and  down   5.  Collective  benefits,  GRC  alignment,  new  functionality   6.  Improved  productivity,  shift  focus  to  further  innovate   7.  Integrated  security  and  patching   8.  Leverage  vendor  expertise,  economy  of  scale   9.  High  performance,  reliability,  uptime   10.  Environment-­‐friendly,  computing  efficiency  
  • 8. Interactive  Slide     What  risks  might  cloud  computing   expose  a  credit  union  to?  
  • 9. Top  10  Cloud  Risks   1.  Data  loss,  alteration,  disclosure   2.  Unable  to  prove  security  of  provider  or  solution   3.  Provider  insider  threat,  insecure  APIs,  hypervisor  flaws   4.  Multi-­‐tenancy  trust  issues   5.  Account  hijacking   6.  Regulatory  problems,  lack  of  forensics  support   7.  Blurred  responsibilities     8.  Internet/external  network  dependency   9.  Poor  support,  scalability  issues   10.  Complexity,  hidden  costs  
  • 10. Myths  and  Reality  of  the  Cloud   *  The  cloud  is  just  a  fad   *  The  cloud  is  less  secure   *  The  cloud  is  not  compliant   *  Moving  to  the  cloud  is  too  challenging   *  Moving  to  the  cloud  is  too  costly  
  • 11. Community  Clouds   *  Shared  by  several  organizations   *  Supports  a  community  with  common  interests   *  Business  purpose   *  Standardization   *  GRC  requirements:  GLBA,  NCUA   *  Many  of  the  benefits  of  public  cloud  with  less  risk   *  Better  cost  savings  than  private  cloud  or  traditional   infrastructure  
  • 12. What  a  CUSO  Model  Offers   *  Trust   *  Transparency   *  Dependable  SLAs   *  Clear  roles  &  responsibilities   *  Shared  improvements   *  Data  sharing  
  • 13. CUSO  Model  Benefits   *  Do  more  with  less   *  Reduce  maintenance  &  operations  costs   *  Sharing  of  assets   *  Share  the  expense  of  implementations   *  Free  up  staff  to  innovate  for  members  
  • 14. More  CUSO  Model  Benefits   *  Cloud  service  brokerage   *  Cooperatively  select  vendors     *  Improved  bargaining  power  as  a  collective   *  Shared  cost  of  vendor  solutions   *  Leverage  shared  integration  with  vendors  
  • 15. Case  Study:  2nd  Node   *  Formed  by  UFCU  and  AFCU   in  2009   *  CUSO   *  Second  data  center   *  Business  Continuity/Disaster   Recovery  
  • 16. 2nd  Node:  Facility   *  Facility   *  SAS  70  Type  II  Facility   *  Working  on  SSAE  16  Type  II   *  Generator,  UPS,  HVAC   *  Environmental  security  
  • 17. 2nd  Node:  Infrastructure   *  Utility  pricing  per  cabinet:     *  Telecom   *  Internet  connectivity  –  100  mbps   *  SAN   *  Separate  LUNS,  partitions   *  EqualLogic,  Compellent   *  IDS/IPS   *  Individual  consoles/customer   *  2nd  Node  as  the  oracle    
  • 18. 2nd  Node:  Cloud  Services   *  Private  clouds   *  SAN  replication   *  System  backups   *  Silver  Peak  network   concentrators   *  Hosted  failover  (Symitar)  
  • 19. Foundational  Issues   *  Many  have  tried  and  failed   *  Control  issues  vs.  cooperation   *  Visibility  of  operations   *  Differing  visions   *  Undefined  SLAs   *  Security  concerns  
  • 20. Addressing  Common  Security   Concerns   *  Security   *  Not  necessarily  more  or  less  secure   *  Enormous  potential  to  be  more  secure   *  Collaborate  to  implement  controls   *  Standards  gaps   *  Traditional  standards  still  apply   *  NIST  and  CSA  are  helping  accelerate  catch-­‐up  
  • 21. Data  Protection   *  What  data  needs  to  be  protected?   *  Common  options:   *  Encryption  of  data   *  Tokenization   *  Sanitization,  anonymization   *  Object  security   *  Hashing  
  • 22. Abbreviated  Risk  Framework:   Identify  Assets   *  Identify  potential  assets  to  be  moved  to  a  community   cloud   *  Infrastructure   *  Data   *  Applications   *  Functions/Processes  
  • 23. Abbreviated  Risk  Framework:   Community  Cloud  Risks   *  Assess  DAD  risks  of  moving  assets  to  community   cloud   *  What  is  the  impact  if  the  provider  accesses  the  asset   or  if  data  goes  public?   *  What  is  the  impact  if  processes  are  manipulated  or  fail   to  function?  
  • 24. Abbreviated  Risk  Framework:   Community  Cloud  Requirements   *  Location   *  Identification  of  other  tenants   *  Degree  of  control   *  Who  manages  assets  and  how   *  Security  and  compliance  controls  
  • 25. Abbreviated  Risk  Framework:   Community  Cloud  Evaluation   *  Providers   *  Partners   *  Solutions  
  • 26. Thanks!     Glen  Roberts   groberts@ufcu.org   (512)  966-­‐3425