cloud computing 10:45-11:15. cloud computing defined general definition: hosted services delivery...
TRANSCRIPT
CLOUD COMPUTING10:45-11:15
CLOUD COMPUTING DEFINED
General definition: Hosted services delivery over the Internet from a remote location, either over Internet or Intranet, involving environments enabled by virtualization.
NIST definition: “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage,applications, and services) that can be rapidlyprovisioned and released with minimalmanagement effort or service providerinteraction.“
CLOUD COMPUTING: ESSENTIAL CHARACTERISTICS
On-demand self-service– Customer can provision “as-needed”, without requiring
human interaction with a service provider Broad network access
– Accessible cloud environment from any client platform, including smart phones, tables, computers, laptops, workstations
Resource pooling– Sharing of
o Storageo Memoryo Network bandwidth
CLOUD COMPUTING: ESSENTIAL CHARACTERISTICS, CONT.
Rapid elasticity– Scale upwards and downwards, on demand/as needed– Deployed in little to no time– Appearance of seamless and unlimited
Measured service– Cloud systems allocate resources automatically,
depending on demand– Everything is measured– Resource usage is regularly/real time monitored,
controlled and reported
CLOUD COMPUTING SERVICE MODELS
Software as a Service– Use providers applications, that run on provider’s cloud
infrastructure– Generally accessible via web browser or program interface– Consumer/user does not manage or control underlying
infrastructure, including network, servers, operating systems, storage or individual application capabilities
– Examples: Outlook Webmail, Gmail, Twitter, Facebook, Flickr, LinkedIn, Dropbox, etc.
CLOUD COMPUTING SERVICE MODELS, CONT.
Platform as a Service– Use consumer-created or acquired applications, that run on
provider’s cloud infrastructure– Generally accessible via web browser or program interface– Consumer/user does not manage or control underlying
infrastructure, including network, servers, operating systems, storage but has control over or deployed applications and some configurationsettings for the application-hosting environment
– Examples: Salesforce1 PaaS, Google App Engine,Microsoft Azure, OutSystems, etc.
CLOUD COMPUTING SERVICE MODELS, CONT.
Infrastructure as a Service– Consumer/user is able to provision processing, storage,
networks and other computing resources, where the consumer can deploy and run arbitrary software, including operating systems and applications.
– The consumer does not manage or control underlying cloud infrastructure, but has control over operating systems,storage and deployed applications.
– Examples: Amazon Web Services,CA Technologies, AT&T, Verizon, etc.
CLOUD COMPUTING CLOUD TYPES
Private cloud– Cloud Infrastructure provisioned for exclusive use by single
organization– Can comprise multiple business units of that organization– Owned/managed/operated by organization, third party or
both– Can be on or off-premise
CLOUD COMPUTING CLOUD TYPES, CONT.
Community cloud– Cloud Infrastructure provisioned for exclusive use by a
specific community of consumers from organizations that have shared concerns
– Owned/managed/operated by one or more if the organizations, third party or both
– Can be on or off-premise
CLOUD COMPUTING CLOUD TYPES, CONT.
Public cloud– Cloud Infrastructure provisioned for open use by general
public– Owned/managed/operated by business, academic or
government organization (or combination of them)– Exists on premises of cloud provider
CLOUD COMPUTING CLOUD TYPES, CONT.
Hybrid Cloud– Cloud Infrastructure is a composition of two or more
distinct cloud infrastructures (private, community or public)– Remain unique entities– Bound together by standardized or proprietary technology
that enables data and application portability (e.g. load balancing between clouds)
CLOUD COMPUTING LEGAL ISSUES
Who controls the data?– Rule 34(a)(1): “A party may serve on any other party a
request within the scope of rule 26(b) to produce…the following items within the responding party’s possession, custody or control”
– Example Facebook TOS: o “You own all of the content and information you post on Facebook, and
you can control how it is shared…”o But: “When you delete IP content…understand that removed
content may persist in backup copies for reasonableperiod of time, unavailable to others.”
CLOUD COMPUTING LEGAL ISSUES, CONT.
Stored Communications Act– Designed to address privacy issues of internet
communications not covered by 4th amendment– Creates set of 4th amendment-like privacy protections by
statute, regulating the relationship between government investigators and service providers in possession of users’ private information
– Two main purposes:o Limits governments rights to compel providers to
disclose customer or subscriber informationo Limits rights of Internet Service Providers (ISP’s)
to provide customer information voluntarily
CLOUD COMPUTING LEGAL ISSUES, CONT.
Court determined Gmail, Facebook, Myspace and Hotmail as Electronic Communications Services (ECS) Provider and Remote Computing Services (RCS) Provider under Stored Communications Act
Good read: Cloud Computing: Constitutional and Statutory Privacy Protections http://fas.org/sgp/crs/misc/R43015.pdf
CLOUD COMPUTING COLLECTION ISSUES
Saas, PaaS, IaaS– Challenges with multi-tenant hosting, sync problems and
techniques for segregating data in shared logs– Traditional data/forensic collection involved physical
collection, preservation, validation, processing, review and production
– Cloud collections do not have physical media or physical control over network on which data resides. Difficult toidentify specific data and segregatein shared/cloud environment =preservation and collection issue
CLOUD COMPUTING COLLECTION ISSUES, CONT.
Saas, PaaS, IaaS cont’d– Due to “elastic” capabilities of cloud
(i.e. adding or removing available storage, virtual workstations, etc.), data can easily be “deleted” or overwritten
– Other challenges include massive databases for CRM systems and social platforms
– Great read: NIST Cloud Computing Forensic Science Challenges http://safegov.org/media/72648/nist_digital_forensics_draft_8006.pdf - Annex “B”
CLOUD COMPUTING COLLECTION ISSUES, CONT.
Cloud-hosted email– All cloud providers of email and social
media sites are likely ECA/RCS under Stored Communications Act (SCA) precluding ability to capture email without user authorization absent showing of probable cause
– Collections under SCA typically done by government in criminal proceeding
– In civil matters: will require user consent to retrieve data from the cloud, including username and password or given admin rights to mailbox
CLOUD COMPUTING COLLECTION ISSUES, CONT.
Cloud-hosted email cont’d– Some forensic data and metadata is
lost when email is “downloaded” from cloud-based mailbox
– Only the more “common” cloud-email providers offer eDiscovery collection abilities from within the administrative or user mailbox interface. Other cloud-email providers will have to collect for you, charging per mailbox or hourly.
– Seek other sources (e.g. communication-recipient’s email) first
CLOUD COMPUTING COLLECTION ISSUES, CONT.
Social Media– Without user consent: Can only download/collect what is
publicly available (not requiring a username and password)– With user consent: Can collect any information available
and visible to user, but will require account log-in information (i.e. username and password)
– Exceptions are open contentsocial media platforms, suchas Twitter, YouTube, etc.
CLOUD COMPUTING COLLECTION ISSUES, CONT.
Social Media cont’d– Some social media sites do not allow you to “pick and
choose” what you want to collect (e.g. Facebook)– True collect “all” from social media requires specialized
collection software, such as X1 Social Discovery or platform-specific, such as the Afentis Suite of forensic software (have to purchase individual software, per platform)
CLOUD COMPUTING COLLECTION ISSUES, CONT.
Text messages– While cell phone providers do not keep transmitted data,
logs of when transmissions occurred are kept for a limited time-frame (depending on the provider)
– Result: Need to collect from physical device Interesting nugget: Uncle Sam is watching you, too!
– Library of Congress collected all tweetsvia FOIA request
– 50 million tweets per day
NEXT TOPICMICROSOFT EXCHANGE