play    shop    love    help

search    pay    compute    store

*aaS    real-time    premises

virtualize    provision    secure
fear the cloud
no more
first:
network
(TCP/IP)
second:
documents
(WWW)
now:
infrastructure
(servers, apps,
data, platforms)
abstraction--"don't care where stuff goes"
origin
characteristics
on-demand self service
broad network access
location-independent resource pooling
rapid elasticity
measured service
pay only for what you use
service
models
SaaS
PaaS
IaaS
control/responsibility
deployment
models
private
community
public
hybrid
cloud migration
attributes
massive scale
homogeneity
virtualization
resiliency
commodity HW/SW
geographic distribution
service orientation
...
..
.
cloud security
trust
multi-tenancy
encryption
compliance
Steve Riley
Sr. Technical Program Manager
Amazon Web Services
steriley@amazon.com
@steveriley   @awscloud
http://stvrly.wordpress.com
simple
primitives
common
functional
units
complex
systems
............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
provisioning
rapid service (re)constitution
continual availability
advanced honeynets
provisioning service compromise
fragmentation and dispersal
automated replication
multiple zones and locations
encryption at rest, in transit
automated retention

isolation/multitenancy management
storage controller failure or compromise
unwanted exposure (eg, governments)
storage
secure masters
secure images
application multitenancy
reliance on hypervisors
process isolation and sandboxes
processing
on-demand auditing and logs
immediate firewall updates
unknown applications
separate certification/accreditation
operating system updates
support
DDoS protection
segmentation
perimeter technologies
virtual zoning
application/instance motion
network
separation of public and sensitive data
homogeneity simplifies auditing and testing
some security management is automated
redundancy, disaster recovery
dedicated security staff
increased security investment
simplification of compliance analysis
data held by unbiased third parties
low-cost disaster recovery
trust vendor's security model
accessibility of audit findings
obtaining support for investigations
indirect administrator accountability
some proprietary extensions
loss of physical control
data and log ownership
SLAs and guarantees
attractive targets for attackers
outages can be massive
why
knowing the cloud
cost savings
power savings
green street cred
increased agility
how
security issues
REQUIREMENT:
      configurable security mechanisms
exposure
cost
sensitivity
private
community
public
_________________________________________
servers in American data centers
typical server capacity utilization
purchasing and maintaining enterprise software
software costs spent on maintenance
power consumption compared to office building
increase in server power consumption, 2001 to 2006
increase in number of servers, 2001 to 2006
data center construction cost, 9000 sq.ft. 
annual cost to power this data center
portion of national power generation
potential power reduction from green technologies
portion of global carbon emissions
11,800,000
15 %
$800,000,000,000 / yr
80 %
100 ×
4 ×
2 ×
$21,300,000
$1,000,000 / yr
1.5 %
50 %
2 %
enterprise data center index
consumer services

core services

delivery models

cloud enablers
______________________________________________

______________________________________________

______________________________________________
order
mgmt
CRM
records
mgmt
inv &
ship
checkout
protocol
inventory
protocol
data
retention
protocol
CRM
protocol
advantages        challenges
control
ownership        location
control
confidentiality and integrity

contracts and SLAs

security standards