yesha sivan

7/29/2019 Yesha Sivan

1/93

Effectively and Securely Using theCloud Computing Paradigm

Peter Mell, Tim GranceNIST, Information Technology Laboratory

10-7-2009With Minor comments by Dr. Yesha Sivan(As part of the Cloud Panel in Web 2010).


2/93

NIST Cloud Research Team

Peter MellProject LeadTim Grance

Program Manager

Lee Badger

Contact information is available from:http://www.nist.gov/public_affairs/contact.htm


3/93

NIST Cloud Computing Resources

NIST Draft Definition of Cloud Computing Presentation on Effective and Secure Use of Cloud

Computing http://csrc.nist.gov/groups/SNS/cloud-computing/index.html


4/93

Caveats and Disclaimers

This presentation provides education oncloud technology and its benefits to set up adiscussion of cloud security

It is NOT intended to provide official NISTguidance and NIST does not make policy

Any mention of a vendor or product is NOT

an endorsement or recommendation

Citation Note: All sources for the material in this presentation are included within

the Powerpoint notes field on each slide


5/93

Agenda

Part 1: Effective and Secure Useo Understanding Cloud Computingo Cloud Computing Securityo Secure Cloud Migration Pathso Cloud Publicationso Cloud Computing and Standards

Part 2: Cloud Resources, Case Studies, and SecurityModelso Thoughts on Cloud Computingo Foundational Elements of Cloud Computingo Cloud Computing Case Studies and Security Models


6/93

Part I: Effective and Secure Use


7/93

Understanding Cloud Computing


8/93

Origin of the term Cloud Computing

Comes from the early days of the Internet where wedrew the network as a cloud we didnt care wherethe messages went the cloud hid it from us KevinMarks, Google

First cloud around networking (TCP/IP abstraction) Second cloud around documents (WWW data

abstraction) The emerging cloud abstracts infrastructure

complexities of servers, applications, data, andheterogeneous platformso (muck as Amazons CEO Jeff Bezos calls it)


9/93

A Working Definition of Cloud Computing

Cloud computing is a model for enablingconvenient, on-demand network access to ashared pool of configurable computing resources

(e.g., networks, servers, storage, applications,and services) that can be rapidly provisioned andreleased with minimal management effort orservice provider interaction.

This cloud model promotes availability and is composedof five essential characteristics, three service models,and fourdeployment models.


10/93

5 Essential Cloud Characteristics

1.On-demand self-service2.Broad network access3.Resource pooling

1.Location independence4.Rapid elasticity5.Measured serviceThis is the key to what we talkedabout in the meeting.


11/93

3 Cloud Service Models

Cloud Software as a Service (SaaS)o Use providers applications over a network

Cloud Platform as a Service (PaaS)o Deploy customer-created applications to a cloud

Cloud Infrastructure as a Service (IaaS)o Rent processing, storage, network capacity, and other

fundamental computing resources To be considered cloud they must be deployed on

top of cloud infrastructure that has the keycharacteristics


12/93

Service Model Architectures


13/93

4 Cloud Deployment Models

Private cloudo enterprise owned or leased

Community cloudo shared infrastructure for specific community Public cloudo Sold to the public, mega-scale infrastructure

Hybrid cloudo composition of two or more clouds


14/93

Common Cloud Characteristics

Cloud computing often leverages:o Massive scaleo Homogeneityo

Virtualization

o Resilient computingo Low cost softwareo Geographic distributiono

Service orientation

oAdvanced security technologies


15/93

The NIST Cloud Definition Framework

CommunityCloud

PrivateCloud

Public Cloud

Hybrid Clouds

DeploymentModels

ServiceModels

EssentialCharacteristics

CommonCharacteristics

Software as a

Service (SaaS)

Platform as a

Service (PaaS)

Infrastructure as a

Service (IaaS)

Resource Pooling

Broad Network Access Rapid Elasticity

Measured Service

On Demand Self-Service

Low Cost Software

Virtualization Service Orientation

Advanced Security

Homogeneity

Massive Scale Resilient Computing

Geographic Distribution


16/93

Cloud Computing Security


17/93

Security is the Major Issue


18/93

Analyzing Cloud Security

Some key issues:o trust, multi-tenancy, encryption, compliance

Clouds are massively complex systems

can be reduced to simple primitives thatare replicated thousands of times andcommon functional units

Cloud security is a tractable problemo There are both advantages and challenges

Former Intel CEO, Andy Grove: only the paranoid survive


19/93

General Security Advantages

Shifting public data to a external cloudreduces the exposure of the internalsensitive data

Cloud homogeneity makes securityauditing/testing simpler

Clouds enable automated security

management

Redundancy / Disaster Recovery


20/93

General Security Challenges

Trusting vendors security model Customer inability to respond to audit findings Obtaining support for investigations Indirect administrator accountability Proprietary implementations cant be examined Loss of physical control


21/93

Security Relevant Cloud Components

Cloud Provisioning Services Cloud Data Storage Services Cloud Processing Infrastructure Cloud Support Services Cloud Network and Perimeter Security Elastic Elements: Storage, Processing, andVirtual Networks


22/93

Provisioning Service

Advantageso Rapid reconstitution of serviceso Enables availability

Provision in multiple data centers / multiple instancesoAdvanced honey net capabilities

Challengeso Impact of compromising the provisioning service


23/93

Data Storage Services

Advantageso Data fragmentation and dispersaloAutomated replicationo Provision of data zones (e.g., by country)o Encryption at rest and in transitoAutomated data retention

Challengeso Isolation management / data multi-tenancyo

Storage controller

Single point of failure / compromise?o Exposure of data to foreign governments


24/93

Cloud Processing Infrastructure

AdvantagesoAbility to secure masters and push out secure

images Challenges

oApplication multi-tenancyo Reliance on hypervisorso Process isolation / Application sandboxes


25/93

Cloud Support Services

Advantageso On demand security controls (e.g., authentication,

logging, firewalls) Challenges

oAdditional risk when integrated with customer

applicationso Needs certification and accreditation as a

separate applicationo Code updates

Cl d N t k d P i t


26/93

Cloud Network and PerimeterSecurity

Advantageso Distributed denial of service protectiono VLAN capabilitieso

Perimeter security (IDS, firewall, authentication)

Challengeso Virtual zoning with application mobility

Cloud Security Advantages


27/93

Cloud Security AdvantagesPart 1

Data Fragmentation and Dispersal Dedicated Security Team Greater Investment in Security Infrastructure Fault Tolerance and Reliability Greater Resiliency Hypervisor Protection Against Network Attacks Possible Reduction of C&A Activities (Access

to Pre-Accredited Clouds)

Cloud Security Advantages


28/93

Simplification of Compliance Analysis Data Held by Unbiased Party (cloud vendor

assertion) Low-Cost Disaster Recovery and Data

Storage Solutions On-Demand Security Controls Real-Time Detection of System Tampering

Rapid Re-Constitution of Services Advanced Honeynet Capabilities

Cloud Security AdvantagesPart 2

Cloud Security Challenges Part


29/93

Cloud Security Challenges Part1

Data dispersal and international privacy lawso EU Data Protection Directive and U.S. Safe Harbor

programo Exposure of data to foreign government and data

subpoenaso Data retention issues

Need for isolation management Multi-tenancy

Logging challenges Data ownership issues Quality of service guarantees

Cloud Security Challenges Part


30/93

Cloud Security Challenges Part2

Dependence on secure hypervisors Attraction to hackers (high value target) Security of virtual OSs in the cloud Possibility for massive outages Encryption needs for cloud computing

o Encrypting access to the cloud resource controlinterface

o Encrypting administrative access to OS instanceso Encrypting access to applicationso Encrypting application data at rest

Public cloud vs internal cloud security Lack of public SaaS version control


31/93

Additional Issues

Issues with moving PII and sensitive data to the cloudo Privacy impact assessments

Using SLAs to obtain cloud securityo Suggested requirements for cloud SLAso

Issues with cloud forensics

Contingency planning and disaster recovery for cloudimplementations

Handling complianceo FISMAo HIPAAo SOXo PCIo SAS 70 Audits

Secure Migration Paths


32/93

Secure Migration Pathsfor Cloud Computing


33/93

The Why and How of Cloud Migration

There are many benefits that explainwhy to migrate to cloudso Cost savings, power savings, green

savings, increased agility in softwaredeployment Cloud security issues may drive and

define how we adopt and deploy

cloud computing solutions

Balancing Threat Exposure and


34/93

Balancing Threat Exposure andCost Effectiveness

Private clouds may have less threatexposure than community clouds whichhave less threat exposure than public

clouds. Massive public clouds may be more cost

effective than large community clouds whichmay be more cost effective than smallprivate clouds.

Doesnt strong security controls mean that Ican adopt the most cost effective approach?

Cloud Migration and Cloud Security


35/93

Cloud Migration and Cloud SecurityArchitectures

Clouds typically have a single security architecturebut have many customers with different demandso Clouds should attempt to provide configurable security

mechanisms Organizations have more control over the security

architecture of private clouds followed bycommunity and then publico This doesnt say anything about actual security

Higher sensitivity data is likely to be processed onclouds where organizations have control over thesecurity model


36/93

Putting it Together

Most clouds will require very strong securitycontrols

All models of cloud may be used for differing

tradeoffs between threat exposure andefficiency

There is no one cloud. There are manymodels and architectures.

How does one choose?

Migration Paths for


37/93

Migration Paths forCloud Adoption

Use public clouds Develop private clouds

o Build a private cloudo Procure an outsourced private cloudo Migrate data centers to be private clouds (fully virtualized)

Build or procure community cloudso Organization wide SaaSo PaaS and IaaSo Disaster recovery for private clouds Use hybrid-cloud technologyo Workload portability between clouds

Possible Effects of


38/93

Cloud Computing

Small enterprises use public SaaS and publicclouds and minimize growth of data centers

Large enterprise data centers may evolve to act asprivate clouds

Large enterprises may use hybrid cloudinfrastructure software to leverage both internal andpublic clouds

Public clouds may adopt standards in order to runworkloads from competing hybrid cloudinfrastructures

Cloud Computing


39/93

p gand Standards

Cl d St d d Mi i


40/93

Cloud Standards Mission

Provide guidance to industry andgovernment for the creation andmanagement of relevant cloud computing

standards allowing all parties to gain themaximum value from cloud computing

NIST d St d d


41/93

NIST and Standards

NIST wants to promote cloud standards:o We want to propose roadmaps for needed

standardso We want to act as catalysts to help industry

formulate their own standards Opportunities for service, software, and hardware

providers

o We want to promote government and industryadoption of cloud standards

G l f NIST Cl d St d d Eff t


42/93

Goal of NIST Cloud Standards Effort

Fungible cloudso (mutual substitution of services)o Data and customer application portabilityo Common interfaces, semantics, programming

modelso Federated security serviceso Vendors compete on effective implementations

Enable and foster value add on servicesoAdvanced technologyo Vendors compete on innovative capabilities

A Model for Standardizationd P i t I l t ti


43/93

and Proprietary Implementation

Standardized CoreCloud Capabilities

Proprietary ValueAdd Functionality

Advancedfeatures

Core features

P d R lt


44/93

Proposed Result

Cloud customers knowingly choose thecorrect mix for their organization ofo standard portable featureso proprietary advanced capabilities

A proposal: A NIST Cloud


45/93

Standards Roadmap

We need to define minimal standardso Enable secure cloud integration, application

portability, and data portabilityoAvoid over specification that will inhibit innovationo Separately addresses different cloud models

Towards the Creation of


46/93

a Roadmap (I)

Thoughts on standards:o Usually more service lock-in as you move up the SPI

stack (IaaS->PaaS->SaaS)o IaaS is a natural transition point from traditionalenterprise datacenters

Base service is typically computation, storage, andnetworking

o The virtual machine is the best focal point forfungibility

o Security and data privacy concerns are the twocritical barriers to adopting cloud computing

Towards the Creation of


47/93

a Roadmap (II)

Result:o Focus on an overall IaaS standards roadmap as

a first major deliverableo Research PaaS and SaaS roadmaps as we moveforwardo Provide visibility, encourage collaboration in

addressing these standards as soon as possibleo Identify common needs for security and dataprivacy standards across IaaS, PaaS, SaaS

A Roadmap for IaaS


48/93

A Roadmap for IaaS

Needed standardso VM image distribution (e.g., DMTF OVF)o VM provisioning and control (e.g., EC2 API)o Inter-cloud VM exchange (e.g., ??)o Persistent storage (e.g., Azure Storage, S3, EBS,

GFS, Atmos)o VM SLAs (e.g., ??) machine readable

uptime, resource guarantees, storage redundancyo Secure VM configuration (e.g., SCAP)

A Roadmap for PaaS and SaaS


49/93

A Roadmap for PaaS and SaaS

More difficult due to proprietary nature A future focus for NIST Standards for PaaS could specify

o Supported programming languagesoAPIs for cloud services

Standards for SaaS could specifyo SaaS-specific authentication / authorizationo

Formats for data import and export (e.g., XML schemas)

o Separate standards may be needed for each applicationspace

Security and Data Privacy Across


50/93

y yIaaS, PaaS, SaaS

Many existing standards Identity and Access Management (IAM)

o IdM federation (SAML, WS-Federation, Liberty ID-FF)o Strong authentication standards (HOTP, OCRA, TOTP)o Entitlement management (XACML)

Data Encryption (at-rest, in-flight), Key Managemento PKI, PKCS, KEYPROV (CT-KIP, DSKPP), EKMI

Records and Information Management (ISO 15489)

E-discovery (EDRM)

Cloud Computing Publications


51/93

Cloud Computing Publications

Planned NISTCloud Computing Publication


52/93

Cloud Computing Publication

NIST is planning a series of publications on cloudcomputing

NIST Special Publication to be created in FY09o What problems does cloud computing solve?o What are the technical characteristics of cloud

computing?o How can we best leverage cloud computing and

obtain security?

Part II: Cloud Resources, Case Studies,d S it M d l


53/93

and Security Models

Thoughts on Cloud Computing


54/93

g p g



55/93


Galen Gruman, InfoWorld Executive Editor,and Eric Knorr, InfoWorld Editor in Chiefo A way to increase capacity or add capabilities on

the fly without investing in new infrastructure,training new personnel, or licensing newsoftware.

o The idea of loosely coupled services running onan agile, scalable infrastructure should eventuallymake every enterprise a node in the cloud.



56/93


Tim OReilly, CEO OReilly Media

I think it is one of the foundations of the nextgeneration of computing

The network of networks is the platform for all

computing

Everything we think of asa computer today is reallyjust a device thatconnects to the bigcomputer that we are allcollectively building



57/93


Dan Farber, Editor in Chief CNET News We are at the beginning of the age of planetary

computing. Billions of people will be wirelesslyinterconnected, and the only way to achieve that

kind of massive scale usage is by massive scale,brutally efficient cloud-based infrastructure.

Core objectives of Cloud Computing


58/93

Core objectives of Cloud Computing

Amazon CTO Werner Vogels Core objectives and principles that

cloud computing must meet to besuccessful:o Securityo Scalabilityo Availabilityo Performanceo Cost-effectiveo Acquire resources on demando Release resources when no longer neededo Pay for what you useo Leverage others core competencieso Turn fixed cost into variable cost

A sunny vision


59/93

of the future

Sun Microsystems CTO Greg Papadopouloso Users will trust service providers with their data like

they trust banks with their moneyo Hosting providers [will] bring brutal efficiency for

utilization, power, security, service levels, and idea-to-deploy time CNET article

o Becoming cost ineffective to build data centerso Organizations will rent computing resourceso Envisions grid of 6 cloud infrastructure providers

linked to 100 regional providers

Foundational Elements of CloudComputing


60/93

Computing

Foundational Elementsof Cloud Computing


61/93

of Cloud Computing

Virtualization Grid technology Service OrientedArchitectures Distributed Computing Broadband Networks Browser as a platform Free and Open Source

Software

Autonomic Systems Web 2.0 Web applicationframeworks Service Level

Agreements

Primary Technologies Other Technologies

Web 2.0Consumer Software Revolution


62/93

eb 0

Is not a standard but an evolution in using the WWW Dont fight the Internet CEO Google, Eric Schmidt Web 2.0 is the trend of using the full potential of the

webo Viewing the Internet as a computing platformo Running interactive applications through a web browsero Leveraging interconnectivity and mobility of deviceso The long tail (profits in selling specialized small market

goods)o Enhanced effectiveness with greater human participation

Tim O'Reilly: Web 2.0 is the business revolution in thecomputer industry caused by the move to the Internetas a platform, and an attempt to understand the rules

Software as a Service (SaaS)Enterprise Software Revolution


63/93

( )

SaaS is hosting applications on the Internetas a service (both consumer and enterprise)

Jon Williams, CTO of Kaplan Test Prep on

SaaS

o I love the fact that I don't need to deal with servers,staging, version maintenance, security, performance

Eric Knorr with Computerworld says that

[there is an] increasing desperation on thepart of IT to minimize application deploymentand maintenance hassles

Three Features ofMature SaaS Applications


64/93

Mature SaaS Applications

Scalableo Handle growing amounts of work in a graceful manner

Multi-tenancyo One application instance may be serving hundreds of

companieso Opposite of multi-instance where each customer is

provisioned their own server running one instance Metadata driven configurability

o Instead of customizing the application for a customer(requiring code changes), one allows the user to configurethe application through metadata

SaaS Maturity Levels


65/93

y

Level 1: Ad-Hoc/Custom Level 2: Configurable Level 3: Configurable,

Multi-Tenant-Efficient Level 4: Scalable,

Configurable, Multi-

Tenant-Efficient

Source: Microsoft MSDN Architecture Center

Utility Computing


66/93

y p g

Computing may someday be organized as apublic utility - John McCarthy, MITCentennial in 1961

Huge computational and storage capabilitiesavailable from utilities Metered billing (pay for what you use) Simple to use interface to access the

capability (e.g., plugging into an outlet)

Service Level Agreements(SLAs)


67/93

(SLAs)

Contract between customers and serviceproviders of the level of service to beprovided

Contains performance metrics (e.g., uptime,throughput, response time) Problem management details Documented security capabilities Contains penalties for non-performance

Autonomic System Computing


68/93

y p g

Complex computing systems that manage themselves Decreased need for human administrators to perform

lower level tasks Autonomic properties: Purposeful, Automatic,

Adaptive, Aware IBMs 4 properties: self-healing, self-configuration, self-

optimization, and self-protectionIT labor costs are 18 times that of equipment costs.The number of computers is growing at 38% each year.

Grid Computing


69/93

Distributed parallel processing across a network Key concept: the ability to negotiate resource-sharing arrangements

Characteristics of grid computingo

Coordinates independent resources

o Uses open standards and interfaceso Quality of serviceoAllows for heterogeneity of computerso Distribution across large geographical boundarieso Loose coupling of computers

Platform Virtualization


70/93

[Cloud computing] relies on separating yourapplications from the underlying infrastructure -Steve Herrod, CTO at VMware

Host operating system provides an abstraction layer

for running virtual guest OSs Key is the hypervisor or virtual machine monitoro Enables guest OSs to run in isolation of other OSso Run multiple types of OSs

Increases utilization of physical servers Enables portability of virtual servers betweenphysical servers

Increases security of physical host server

Web Services


71/93

Web Services

Web Serviceso Self-describing and stateless modules that perform discrete

units of work and are available over the networko Web service providers offer APIs that enable developers to

exploit functionality over the Internet, rather than deliveringfull-blown applications. - Infoworld

o Standards based interfaces (WS-I Basic Profile) e.g., SOAP, WSDL, WS-Security Enabling state: WS-Transaction, Choreography

o Many loosely coupled interacting modules form a singlelogical system (e.g., legos)

Service Oriented Architectures


72/93

Service Oriented Architectureso Model for using web services

service requestors, service registry, service providerso Use of web services to compose complex,

customizable, distributed applicationso Encapsulate legacy applicationso Organize stovepiped applications into collective

integrated serviceso Interoperability and extensibility

Web application frameworks


73/93

Coding frameworks for enabling dynamic web siteso Streamline web and DB related programming operations

(e.g., web services support)o Creation of Web 2.0 applications

Supported by most major software languages Example capabilities

o Separation of business logic from the user interface (e.g.,Model-view-controller architecture)

oAuthentication, Authorization, and Role Based Access

Control (RBAC)

o Unified APIs for SQL DB interactionso Session managemento URL mapping

Wikipedia maintains a list of web application

Free and Open Source Software


74/93

External mega-clouds must focus on usingtheir massive scale to reduce costs

Usually use free softwareo Proven adequate for cloud deploymentso Open sourceo Owned by provider

Need to keep per server cost lowo

Simple commodity hardware

Handle failures in software

Public Statistics on Cloud Economics


75/93

Cost of Traditional DataCenters


76/93

Centers

11.8 million servers in data centers Servers are used at only 15% of their capacity 800 billion dollars spent yearly on purchasing and

maintaining enterprise software

80% of enterprise software expenditure is oninstallation and maintenance of software

Data centers typically consume up to 100 times moreper square foot than a typical office building

Average power consumption per server quadrupledfrom 2001 to 2006.

Number of servers doubled from 2001 to 2006

Energy Conservation and DataCenters


77/93

Centers

Standard 9000 square foot costs $21.3 millionto build with $1 million in electricity costs/year

Data centers consume 1.5% of our Nations

electricity (EPA)o .6% worldwide in 2000 and 1% in 2005

Green technologies can reduce energy costs

by 50%

IT produces 2% of global carbon dioxideemissions

Cloud Economics


78/93

Estimates vary widely on possible cost savings If you move your data centre to a cloud provider, it will

cost a tenth of the cost. Brian Gammage, GartnerFellow

Use of cloud applications can reduce costs from 50%to 90% - CTO of Washington D.C.

IT resource subscription pilot saw 28% cost savings -Alchemy Plus cloud (backing from Microsoft)

Preferred Hotelo Traditional: $210k server refresh and $10k/montho Cloud: $10k implementation and $16k/month

Cloud Economics


79/93

George Reese, founder Valtira andenStratuso Using cloud infrastructures saves 18% to 29%

before considering that you no longer need to buy

for peak capacity

Cloud Computing Case Studiesand Security Models


80/93

Google Cloud User:City of Washington D.C.


81/93

y g Vivek Kundra, CTO for the District (now OMB e-gov

administrator) Migrating 38,000 employees to Google Apps Replace office software

o Gmailo Google Docs (word processing and spreadsheets)o Google video for businesso Google sites (intranet sites and wikis)

It's a fundamental change to the way our governmentoperates by moving to the cloud. Rather than owning theinfrastructure, we can save millions., Mr. Kundra

500,000+ organizations use Google Apps GE moved 400,000 desktops from Microsoft Office to Google

Apps and then migrated them to Zoho for privacy concerns

Are Hybrid Clouds in our Future?


82/93

OpenNebula Zimory IBM-Juniper Partnership

o "demonstrate how a hybrid cloud could allowenterprises to seamlessly extend their privateclouds to remote servers in a secure publiccloud...

VMWare VCloudo Federate resources between internal IT and

external clouds

vCloud Initiative


83/93

Goal:o Federate resources between internal IT and

external cloudso

Application portability

o Elasticity and scalability, disaster recovery,service level management

vServices provide APIs and technologies

Microsoft Azure Services


84/93

Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das

Windows Azure Applications,Storage, and Roles


85/93

Cloud Storage (blob, table, queue)

Web RoleLB

n

Worker Role

m

Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das

Case Study: Facebooks Use of OpenSource and Commodity Hardware (8/08)


86/93

Jonathan Heiliger, Facebook's vice president oftechnical operations

80 million users + 250,000 new users per day 50,000 transactions per second, 10,000+ servers Built on open source software

o Web and App tier: Apache, PHP, AJAXo Middleware tier: Memcached (Open source caching)o Data tier: MySQL (Open source DB)

Thousands of DB instances store data in distributedfashion (avoids collisions of many users accessing the

same DB) We don't need fancy graphics chips and PCI cards," hesaid. We need one USB port and optimized power andairflow. Give me one CPU, a little memory and onepower supply. If it fails, I don't care. We are solving the

Case Study: IBM-Google Cloud(8/08)


87/93

Google and IBM plan to roll out a worldwidenetwork of servers for a cloud computinginfrastructure Infoworld

Initiatives for universities Architecture

o Open source Linux hosts Xen virtualization (virtual machine monitor)Apache Hadoop (file system)

open-source software for reliable, scalable, distributed computingo IBM Tivoli Provisioning Manager

Case Study: Amazon Cloud


88/93

Amazon cloud componentso Elastic Compute Cloud (EC2)o Simple Storage Service (S3)o SimpleDB

New Features

oAvailability zones Place applications in multiple locations for failovers

o Elastic IP addresses Static IP addresses that can be dynamically remapped to

point to different instances (not a DNS change)

Amazon Cloud Users:New York Times and Nasdaq (4/08)


89/93

Both companies used Amazons cloud offering New York Times

o Didnt coordinate with Amazon, used a credit card!o Used EC2 and S3 to convert 15 million scanned news articles to PDF

(4TB data)o Took 100 Linux computers 24 hours (would have taken months on NYT

computerso It was cheap experimentation, and the learning curve isn't steep. Derrick Gottfrid, Nasdaq

Nasdaqo Uses S3 to deliver historic stock and fund informationo Millions of files showing price changes of entities over 10 minute

segmentso The expenses of keeping all that data online [in Nasdaq servers] was too

high. Claude Courbois, Nasdaq VPo Created lightweight Adobe AIR application to let users view data

Case Study:Salesforce.com in Government


90/93

5,000+ Public Sector and Nonprofit Customers useSalesforce Cloud Computing Solutions

President Obamas Citizens Briefing Book Based onSalesforce.com Ideas applicationo Concept to Live in Three Weekso 134,077 Registered Userso 1.4 M Voteso 52,015 Ideaso Peak traffic of 149 hits per second

US Census Bureau Uses Salesforce.com CloudApplicationo Project implemented in under 12 weekso 2,500+ partnership agents use Salesforce.com for 2010 decennial censuso Allows projects to scale from 200 to 2,000 users overnight to meet peak

periods with no capital expenditure

Case Study:Salesforce.com in Government


91/93

New Jersey Transit Wins InfoWorld 100 Awardfor its Cloud Computing Projecto Use Salesforce.com to run their call center, incident management,

complaint tracking, and service portalo 600% More Inquiries Handledo 0 New Agents Requiredo 36% ImprovedResponse Time

U.S. Army uses Salesforce CRM for Cloud-basedRecruitingo U.S. Army needed a new tool to track potential recruits who visited its

Army Experience Center.o Use Salesforce.com to track all core recruitment functions and allows

the Army to save time and resources.

Questions?

P t M ll


92/93

Peter Mell NIST, Information Technology Laboratory Computer Security Division Tim Grance NIST, Information Technology Laboratory Computer Security Division

Contact information is available from:http://www.nist.gov/public_affairs/contact.htm

Cloud: 2020 Ala Yesha


93/93

1.90% of what we will use in computer -- will bebased on cloud. (application)

2.99% of data will be stored in the cloud.3.No such thing as private or public. Just cloud.4.Rate of innovation with cloud.

5.Rate ofcollaboration with cloud.6.Multiple sensors (input and output).7.New ways to pay for services.8.The device is not critical9.No need to fix. Tools that work!10. Security!!! will not be an issue!!!! trust me :-)11. Lock in with your cloud vendor!!!

yesha sivan

Documents