140 likes | 363 Views
Framework and Opportunities for Developing Economies. Mr. Oliver Parsons , CISM, CISSP, PMP, CEH, ITIL Cybersecurity and ICT Advisor Telecommunications Advisory Team (TAT ) Oliver.parsons@hq.isaf.nato.int. Overview. TOPICS: What Is Cloud Computing
E N D
Framework and Opportunities for Developing Economies Mr. Oliver Parsons, CISM, CISSP, PMP, CEH, ITIL Cybersecurity and ICT AdvisorTelecommunications Advisory Team (TAT) Oliver.parsons@hq.isaf.nato.int
Overview TOPICS: • What Is Cloud Computing • Cloud Computing Framework, Concepts and Models • Cloud Reference Architecture; Architectural Components • Cloud Computing Value; Business And Government • Benefits Of Cloud Computing In Developing Countries • Cloud Computing Pros and Cons • Cloud Computing Security Risk • Questions and Comments • Reading Recommendations NON-SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
What Is Cloud Computing Cloud Computing has taken the IT world by storm, but what does the term really mean? And how will Cloud Computing change how we manage, control, protect and access our digital data and business processes. • Cloud Computing is a model for ubiquitous and convenient, on- demand network access to a shared pool of computing resources such as: networks, servers, storage, applications and services. • It can be rapidly provisioned and released with minimal management effort or service provider interaction. • The Cloud Computing model is composed of five essential characteristics, three service models and four deployment models. • Cloud Computing enables the expanded use of virtualization technologies in large datacenter environments, and by reducing the footprint required to run a large group of servers; increases processor capacity, reduces power consumption and centralizes datacenter asset management. The provider can now “Do more with less”. NON-SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
What Is Cloud Computing Continued… • Characteristics: • On-Demand Self-Service -A consumer can unilaterally provision computing server time and network storage as needed automatically without human interaction with each service provider. • Broad Network Access - Are available over the network and accessed via standard mechanisms that promote use by thin or thick client computers (e.g., mobile phones, tablets, laptops and desktops). • Resource Pooling - Providers computing resources are pooled to serve multiple consumers using multi-tenant model, with resources dynamically assigned and reassigned based on consumer demands. • Rapid Elasticity - Can be elastically provided and released in some cases automatically, to scale rapidly outward or inward with demand. For the consumer the availability often appears unlimited and can be appropriated in any quantity at any time. • Measured Service - Systems automatically control and optimize resource use by leveraging a metering capability appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled and reported, providing transparency for both the provider and the consumer of the service. NON-SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
Cloud Computing Framework, Concepts and Models 5 NON-SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
Cloud Computing Service Models Provider’s Service Model Definitions SaaS: Software as a Service comprises all applications and computational resources residing on providers servers for on-demand service. PaaS: Platforms as a Service are the server platforms for on-demand service upon which applications can be developed and deployed. IaaS: Infrastructure as a Service is the actual hardware , software and network provided as an on-demand service to customers. 6 NON-SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
Cloud Computing Reference; Architectural Components • Cloud Deployment Model • Private Cloud -The cloud infrastructure is provisioned for exclusive use by single organization with multiple consumers (e.g., business units). It may be owned, managed and operated by the organization. • Community Cloud -The infrastructure is used by a specific community of consumers from organizations that have shared concerns. It may be owned and operated by one or more organizations in the community. • Public Cloud -This model the infrastructure is provisioned for use by the general public. It may be owned, managed, and operated by a business, academic, or government organization. It exists on the premise of the cloud provider. • Hybrid Cloud -This infrastructure model is a composition of two or more distinct cloud infrastructures (private, community, or public) that remains unique entities, but are bond by standardized or proprietary technology for data and application portability. NON-SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
Cloud Computing Value; Business and Government • Amazon, Google and Microsoft are selling Cloud Computing services in places without clean water, steady electricity, and they are gaining access to supercomputers. • Cheki a used-car classified business serves a million people a month, mostly in Kenya and Nigeria. Most use Android Smartphones that cost $70.00 dollars to search. There are consumers in Malawi, Rwanda and Ethiopia using theses services as well. • Jobberman.comNigeria's largest jobs Website, also run on Amazon Web Services. • In April 2010 Microsoft and Qatar Telecom (Qtel)signed a strategic alliance to offer cloud-based services, applications and devices over Qtel’s network. • The University of Pretoria in South Africa uses cloud services for next-generation medical research. 8 NON-SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
Benefits Of Cloud Computing In Developing Countries • The developing world must exploit the opportunities afforded by cloud computing and minimize risk while allowing access to advanced IT infrastructure, data centers, applications, and protect sensitive information. • Universities in China, Qatar, and Turkey are among the 17 educational institutions worldwide participating in IBM Cloud Academy • The Indian Institute of Technology, Kanpur and other academic institutions have adopted the cloud. • E-health- India's ICICI Bank’s Insurance arm used Zoho’s Web based applications to develop services such as personalized insurance for patients with diabetes. • South Africa is a leader in using cloud to support telecommuting. Call center agents and software developers log in from anywhere. • Cloud computing great advantages in terms of immediate as well as long term cost savings for governments. Because it offers services on a “pay-as-you-go” and “pay-per-use” basis, there are no upfront costs involved in buying IT equipment. • Cloud computing can help governments resolve many more challenges related to efficient, timely and massive delivery of services to citizens in every part of a geography. 9 NON-SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
Cloud Computing Pros and Cons 5 Unexpected Benefits 1. Gain more flexibility to get into new businesses. 2. Provide for Smoother mergers and acquisitions. 3. Ability to duplicate or adopt successful business processes others have hashed out. 4. GainMore tech savvy in the executive suite. 5. Segue into the cloud business. ‘Forbes 2013’ NATO/ISAF UNCLASSIFIED
Cloud Computing Security Risk • Like healthcare 2.0, banking 2.0 and education 2.0 criminal practices on the internet have upgraded to Cybercrime 2.0 as well. The cloud is a double edged sword from a cybercrime perspective. • Privacy and security risks depend to a great extent on the terms established in the Service Level Agreement (SLA) and some have an NDA inclusive. • There are two types of service agreements exist: predefined non-negotiable agreements and negotiated agreements [Bra10, UCG10]. • A major obstacles facing public cloud computing is security, however the cloud computing paradigm provides for innovation in provisioning security services and especially smaller organization who can gain the economies of scale. • Staff Specialization - Cloud providers, with large-scale computing facilities, have an opportunity for staff to specialize in security, privacy, and other areas of high interest and concern to the organization • Platform Strength. The structure of cloud computing platforms is typically more uniform than that of most traditional computing centers. • Resource Availability. The scalability of cloud computing facilities allows for greater availability. NON-SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
Cloud Computing Security Risk Continued…. Top Threats 2013 Data Breaches Data Loss Account Hijacking Insecure API’s Denial of Service Malicious Insiders Abuse of Cloud Services Insufficient Due Diligence Shared Technology Issues • Threats Facing Cloud Computing • The Cloud Security Alliances' latest survey shows a rising fear of • cybercriminals, among eight other threats facing the cloud computing movement. • Data breaches and account hijackings that were in the middle of CSA's • 2010 list of top threats rose to the number one and three spots, • respectively, this year. • In 2012 there were 230 publicly disclosed breaches for a loss 9 million • records. Service providers that suffered breaches included Yahoo, • eHarmony and LinkedIn. • In a survey released in January of 3,200 organizations, Symantec found • that more than four in 10 had lost data in the cloud and have had to • recover it through backups. • Surprisingly, the second greatest threat in CSA's latest list is data loss • not from cybercriminals, but from cloud service providers themselves. • Accidental deletion happens more often than a lot of people may think. 12 NON-SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
Questions and Comments THANK YOU! QUESTIONS NON-SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC
Reading Recommendations References NIST 800 Series Forbes UNC Raleigh Cloud Security Alliance IBM News Articles More….. Dot Cloud: The 21st Century Business Platform Built on Cloud Computing [Paperback] [2009] (Author) Peter Fingar Cloud Computing: Concepts, Technology & Architecture (The Prentice Hall Service Technology Series from Thomas Erl) Cloud Architecture Patterns Bill Wilder I Am At Your Service! NON-SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC