20N2012- Is there any danger or risk in Green?

Editor's Notes

• #2: HitoallwelcometoRollOutCloudtraining program
• #3: Inthis video wearegoingtobegintotalk aboutsecurity in thecloud..I firstreviewwhat is cloudcomputingandbenefitsandthenwillbeginwithpotentialissues in Cloudandwillmentionrisksandtreaths.. Andthisseriewillcontinuewithsomesecurityscenarios at nextvideos..
• #5: Okey, hereyou can seetfiveessentialcharacteristicsin themiddleHerearethecommonCharacteristics of CloudComputingThe service models… SaaS,PaaS, I aaSAnddeployementmodels.. Hybrid, private, communityandpublic..Youmayfinddetailedinformationaboutthisslide at mychannelunderRollOutCloudplaylist.. The name of the video is NIST definition of Cloud Computing.
• #6: So, lets talk aboutthebenefits of cloudcomputing..What is Capex?A capital expenditure (Capex ) : is incurred when a business spends money either to buy fixed assets or to add to the value of an existing fixed asset with a useful life that extends beyond the taxable year. Capex are used by a company to acquire or upgrade physical assets such as equipment, property, or industrial buildings. For tax purposes, capital expenditures are costs that cannot be deducted in the year in which they are paid or incurred and must be capitalized. The capital expenditure costs are amortized or depreciated over the life of the asset in question.What is Opex?Operational expenses (Opex) : is an ongoing cost for running a product business, or system. Its counterpart, a capital expenditure (CAPEX), is the cost of developing or providing non-consumable parts for the product or system. In business, an operating expense is a day-to-day expense such as sales and administration, or research & development, as opposed to production, costs, and pricing.Soletstake a look at deploymentmodels,ForallDeploymentmodels, weseereduction on operationalcostsandretardation on capitalexpenses as opportunities. Forpublicandcommunitymodelskeepupwithagility in business is theplus.Forcommunity model, workingwithpartnersaddsnewvaluechains. And I getthecurrentadaptionmaturitygraphfromStevenHill’spresentation at UP 2010 Cloud Computing Conference
• #8: Benefitsbenefitsandbenefits.. Everybodytalksaboutbenefits of thecloudcomputing.. Herearesome..Immediate benefits we face first in ITReduce in cost.. well how this is happening? It is happening with The billing model which is pay as per usage and non purchased infrastructure and low maintenace since you do not purchase the infrastructure in Efficiency.. energy efficiency in terms of cost savings as well as environmental responsibilitycloud computing speed ups development and testing cycles, improves the quality of the applicationinterms of the operational efficiencies it accelerates the movement of IT service delivery closer to the efficiency and agility goalsIncrease flexibility in IT.. by transforming computers from something that we buy and operate ourselvesto something that is operated by a third party. With enterprises having to adapt, even more rapidly, to changing business conditions, and to speed to deliverSystem die? Move the container. We may recover a system today in under 30 minutes.. Virtualization gives that flexibility and to test new versions (or even different versions) of any operating system as installed into the “virtual” environment. And Service Oriented Architecture enables innovation through collaboration and flexibility..At next stage we would face with enhance collaboration and user experience, facilitate business agility and better services for citizens As long term we see promoting Sustainability, transforming Education enpowerinviduals and accelerate innovation as benefits of cloud computing
• #11: As I seefrom 2008tillnowcoverage of the cloud makes us believe that security andprivacyarethe main or one of the main barriers for Cloud computing adoption.Let’stake a look at firstwhatweneedtosecure in thecloud..
• #12: Pillars of cloudprovisioningare self-service, automationandpolicy.. Please,remember when ATMs appeared in bank lobbies, allowing customers to access their accounts directly instead of having to wait in line -- during banker's hours, of course -- to see a teller. Now, weare creating online identities and communities using self-service tools, naturally want to self-provision technologies that help usalso do our jobs.And do not forgetutomation relies on policies..The benefit of using online storage services doesn’t end at file protection. In fact, a large appeal of such services steams from convenient accessibility. Cloud storage services give you access to your most frequently used and important files no matter where you are. Whether on your smartphone or work computer, you can access, view and edit your stored data.******************Basically, a cloud storage system can be considered to be a network of distributeddata centers which typically uses cloud computing technologies like virtualization,and offers some kind of interface for storing data.. Basic cloud storage services are generallyaccessedviaAPIs-applicationprogramminginterfaces*Registrationandlogin*Transportation - The actualtransmission of all data with the remote storage servers is also handled by the clientsoftware, soIt is important to use appropriate cryptographic functions.*Encryption - The main reason to use a cloud storage provider- for both individuals and compa-nies- is to always have a backup of valuable data which is off-premises yet easilyaccessible.So, all data should be encrypted on the client system before the data istransmitted into the cloud using a key unknown to the service provider.*filesharing- Sharing files appears in three differentfavors :(1) Sharing files with other subscribers of the same service.(2) Sharing files with a closed group of non-subscribers.(3) Sharing files with everybodyThis is not a technical point but it is important tomakeclearthe difference between file publication and file sharing in a closed user group.*deduplication - Data deduplication is employed by many storage providers since it enables them tosave large amounts of storage space, thereby reducing costs.privacy issues can only occur if the cloud storageprovider uses both client-side and cross user deduplication.*multipledevices-In the time of ubiquitous computing devices, a typical user has multiple devices toaccess his data depending on his current location.During the installation on a new devicen, the credentials are usually stored locally*server location- Ideally, the storage providerwould offerdifferent storage locations from which the user can choose. The conse-quences of data storage location with regard to privacy and legal issues is important.********************************Now, aboutsecurity on IaaS;The security issues are a little different, depending on whether you use a public cloud or private cloud implementation of IaaS..For both scenarios, you should consider the following security issues:Data leakage protection and usage monitoringAuthentication and authorizationIncident response and forensics capabilitiesInfrastructure hardeningEnd to end encryption****************************When storing information in the cloud, you must comply with state, federal and industry-related data privacy laws. Before you transfer any data to the cloud, find out whether doing so will not make you noncompliant.*When accessing data and applications via the internet, you must have strict controls over who can access them. Consult standards such as the Security Assertion Markup Language (SAML) and Active Directory Federation Services (ADFS) when setting up access and identity controls.*Your cloud support services should have a set of policies, procedures and processes to ensure business continuity in the event of a disaster. Make sure you know how to retrieve the data you store in the cloud if your IT systems fail.*************************************Information Security Principles (Triad)  C I A • Confidentiality Prevent unauthorized disclosure. Integrity Preserve information integrity • Availability Ensure information is available when needed**• Provider resources shared with untrusted parties • CPU, storage, network • Customer data and applications must be separated Laws and regulations may prevent cloud computing • Requirements to retain control • Certification requirements not met by provider • Geographical limitations – EU Data Privacy • New locations may trigger new laws and regulations**Including the cloud in your perimeter • Lets attackers inside the perimeter • Prevents mobile users from accessing the cloud directly • Not including the cloud in your perimeter • Essential services aren’t trusted • No access controls on cloud Dropperimeter model!!***Fired employee retains access to cloud • Misbehavior in cloud not reported to customer
• #13: Herearetheknownrisksandthreads in cloudcomputing.. KnowingallandlearningaboutCountermeasureswillhelpyou in a safeenvironment in Cloud..I willcontinue on security on nextvideos..
• #14: ThankyouforlisteningRollOutcloudtraining.. Keepwatchingandcommenting us.Seeyounext time..Byeforknow