Jason Viola CISA CISSP - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Jason Viola CISA CISSP

Description:

An internal cloud model enables IT to align the service ... The Amazon cloud is being considered for expanding. compute grids in ... relating to cloud? ... – PowerPoint PPT presentation

Number of Views:105
Avg rating:3.0/5.0
Slides: 21
Provided by: jv25
Category:

less

Transcript and Presenter's Notes

Title: Jason Viola CISA CISSP


1
Virtual Computing
Real Risk
  • Jason Viola CISA CISSP

3CAT
ISACA London Chapter Place 250 Bishopsgate Date
September 24, 2009
3CAT is a trademark of the Consulting Auditing
and Training Partnership . HP, Superdome and
HPUX are trademarks of the Hewlett Packard
Company. IBM is a trademark of International
Business Machines Corporation. VMware is a
trademark of VMware. This presentation is the
property of 3CAT. All other company and product
names are trademarks, registered trademarks, or
service marks of their respective owners.
2
Areas
3CAT
Virtualization
  • Virtualization
  • Cloud computing, the benefits and the risks
  • Data in the cloud
  • Operational considerations
  • Preparing for forensics
  • Physics of virtualization
  • Q A

www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
3
Virtualization and Cloud?
3CAT
Virtualization
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
4
Virtualization and cloud?
3CAT
Virtualization
  • The abstraction of services, software or
    infrastructure provision from the underlying
    hardware.
  • A pool of virtualized resources within a
    datacenter, or internal cloud, federated
    on-demand to external clouds delivering IT
    infrastructure as an easily accessible service.  
  • An internal cloud model enables IT to align the
    service level agreement and the infrastructure to
    the needs of the business and the applications.
    It can provide IT cost savings with the security,
    compatibility and control needed for the
    enterprise.

www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
5
3CAT
Virtualization
Understanding cloud computing
C l o u d
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
6
3CAT
Virtualization
Mixed messages from the cloudsome
organisations get it
C l o u d
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
7
3CAT
Virtualization
What technology is can be used to create a cloud?
L a r g e C l o u d s Software (any)
Virtualization layer supporting software Compute
nodes linked to a grid framework Storage (SAN and
NAS)
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
8
The Amazon Cloud
3CAT
Virtualization
  • Elastic compute cloud
  • Zero additional Infrastructure
  • 10 cents per Amazon Server hour
  • 10 cents per GB uploaded
  • 10 cents per GB downloaded
  • Accountable as RevEx and tax deductable
  • The Amazon cloud is being considered for
    expanding
  • compute grids in some organisations.
  • It should not be adopted if there are unaddressed
    security concerns.

www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
9
What are the benefits relating to cloud?
3CAT
Virtualization
Could your organisation be part of an external
cloud, offering/ creating chargeable products,
services and applications as part of a cloud?
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
10
Risks around the cloud
3CAT
Virtualization
  • Information disclosure
  • Elevation of privilege
  • Denial of service
  • Abuse of service
  • Future risks
  • Technology derivatives, sub-contractors and toxic
    clouds

www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
11
Risk of attacks in the cloud
3CAT
Virtualization
  • The need for segregation and shared best
    practice.
  • Breaking out of the guest environments.
  • Good for crackers

www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
12
Managing the risks
3CAT
Virtualization
  • Securing the benefits before signing a contract.
  • Consolidated systems and financial cost savings
  • Rapid upgrade and patch deployment
  • Seamless contingency
  • Operational efficiency
  • Shared resources
  • Potential for increased interdependency
  • Centralised security and real time alerting

www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
13
Data
3CAT
Virtualization
  • Control over data
  • Data compromise
  • Physical access to data

www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
14
3CAT
Virtualization
Operational considerations
  • Creation and placement
  • Replace certificates
  • Change permissions on key files

www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
15
3CAT
Virtualization
Operational considerations
  • Do not use unauthorised plug-ins
  • Authentication
  • Capacity management

www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
16
Preparing for forensics
3CAT
Virtualization
  • Computer forensics is the science of acquiring,
    retrieving, preserving, and presenting data that
    has been processed electronically and stored on
    computer media. Computer forensic science has the
    potential to greatly affect specific types of
    investigations and prosecutions.
  • Computer Forensics deals with the use of the
    scientific method to guarantee the accuracy of
    the preservation, identification, extraction, and
    documentation of computer and the accuracy of
    results concerning computer evidence processing.
    Forensic reports are intended for security
    incidents that must be prosecuted.

www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
17
Virtualization breaks with physics
3CAT
Virtualization

www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
18
3CAT
Virtualization
Virtualization does not break with physics
It can be more efficient than a traditional
distributed model if used appropriately

www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
19
Questions and answers
3CAT
Virtualization
  • Q A

www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
www.3cat.net jason.viola_at_3cat.net
20
Question
  • Will this require extra bandwidth?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Jason Viola CISA CISSP" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!