The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
FBI Symposium on Cloud Computing and Security v2
1. Cloud Computing and Security:
Assessing the Risks
Kevin L. Jackson
Vice President &
General Manager
NJVC Cloud Services
March 21, 2012
NJVC Proprietary - Do Not Release
7. Cloud Computing
Not a new technology but a new approach in the provisioning and consumption of
information technology
A services oriented architecture (SOA) implemented typically on a virtualized infrastructure
(compute, storage, networks) using commodity components coupled with highly automated
controls enable the five essential characteristics of cloud computing.
Key Benefits Key Concerns
Significant cost reductions Standards
Reduced time to capability Portability
Increased flexibility Control/Availability
Elastic scalability Security
Increase service quality IT Policy
Increased security Management / Monitoring
Ease of technology refresh Ecosystem
Ease of collaboration
Increased efficiency
NJVC Proprietary - Do Not Release
8. Cloud Computing: Value and
Capabilities
Time
Reduce time to deliver/execute mission
Increased responsiveness/flexibility/availability
Cost
Optimizing cost to deliver/execute mission
Optimizing cost of ownership (lifecycle cost)
Increased efficiencies in capital/operational expenditures
Quality
Environmental improvements
Experiential improvements
NJVC Proprietary - Do Not Release
9. Relational Databases and the Cloud
German, BMW,
Truck
Truck The economics of data
storage led to the use of German, BMW,
BMW Car
content addressable storage, Car
SUV flat storage architectures and German, BMW,
Germany … internet scaling. SUV
Volkswagen … German
Volkswagen, Truck
Audi …
Search …
Toyota
Country
Japan Honda
…
Mazda
Database design,
Ford …
database tuning no
US Chrysler longer required with
GM …
infinite scalability and …
consistent
responsiveness US, GM, SUV
3t 1t 9
NJVC Proprietary - Do Not Release
10. Traditional Analytics
Traditionally, lexical searches, filtering or
••••••••••• Boolean search attributes are used to
reduce data to a “working set”. Analytical
tools are then applied to this “working
••••••••••• set”.
•••••••••••
•••••••••••
••••••••••• Tools/Analysis Reports/Conclusions
•••••••••••
All Data Sources / Types
1
NJVC Proprietary - Do Not Release
11. Cloud Enables Searching All the Data,
All the Time
•••••••••••
•••••••••••
•••••••••••
•••••••••••
••••••••••• Reports/Conclusions
•••••••••••
1
NJVC Proprietary - Do Not Release
14. Computing
Malicious Insiders
Data Loss or Leakage
Unknown Risk Profile
Shared Technology Issues
Insecure Interfaces and APIs
Account or Service Hijacking
Abuse and Nefarious Use of Cloud
Top Threats to
Cloud Computing
Governance and
Enterprise Risk
Management
Legal and
Electronic Discovery
Compliance and Audit
Governance
Information
Lifecycle Management
Portability and
Interoperability
Traditional
Security, Business
Continuity,
Data Center
and Disaster Recovery
NJVC Proprietary - Do Not Release
Operations
Incident Response,
Notification and
Remediation
Application
Security
Operational
Encryption and
Key Management
Identity and
Access Management
Virtualization
19. Overview
Sli
de
NJVC Proprietary - Do Not Release 19
20. C&A vs FedRAMP
Standard Certification & Authorization
100% of required agency controls
60-90 days to complete
$80k-$300K
Repeat with each new agency: 5 agency cost $400K-$1.5M
FedRAMP (290 Controls)
80% of required agency controls
60 days to complete
$65-$240K
Agency specific controls for new implementations: 5 agency cost
$65K-$365K
Slide 20
NJVC Proprietary - Do Not Release
26. Continuous Monitoring Deliverables
Vulnerability/Patch Management Scanning and
Reporting
Configuration Scanning and Reporting
Incident Response Planning and Response
POA&M Mitigation and Remediation
Change Management and Control
Penetration Testing
A&A Documentation Maintenance
Contingency Plan Testing
NJVC Proprietary - Do Not Release
28. My Advice
Remember – Cloud computing is an emerging discipline
Learn about it. Don’t run away
This is not a new technology but extensive
automation of what you’re already used to
Same threat vectors. Same attacks but faster,
broader and automated using “resource
concentration”
Cloud will save you, not hurt you.
Be careful out there !!
NJVC Proprietary - Do Not Release
29. Thank You !
Kevin L. Jackson
Vice President
General Manger
NJVC Cloud Services
(703) 335-0830
Kevin.jackson@NJVC.com
http://www.NJVC.com
http://kevinljackson.blogspot.com
http://govcloud.ulitzer.com
NJVC Proprietary - Do Not Release