The Intersection of Cloud Computing and Cyber Security

1
The Intersection of Cloud Computing and Cyber
Security
Network Centric Operations Industry Consortium

• Melvin Greer, NCOIC Vice Chair, Cloud Computing
  Working Group
• Chief Strategist, Cloud Computing Lockheed Martin
• 11 June 2010

Approved for Public Release Distribution
Unlimited NCOIC-DefDailyCyber-ML20100611
2
Globally Impactful and Pervasive

• NCOIC Cloud Computing Working Group Charter
• Collaboration engagement with other Cloud
  groups to look at standards-based solutions
• Engage Governments, standard bodies, vendors,
  NCOIC member companies
• Focus on peer-to-peer interoperability, improved
  usability/ trust of the cloud, and portability
  across clouds.

3
Global recognition of NIST Definition
4
Definition
On-demand, scalable, elastic service
5
Security Impacting Global Cloud Adoption
Cloud Computing Security Concerns Source
Lockheed Martin Cyber Security Alliance
Awareness, Trust and Security to Shape
Government Cloud Adoption Paper
6
Security vs. Privacy and Confidentiality
Security freedom from danger, risk, etc.
safety. Privacy The state of being free from
unsanctioned intrusion Confidential spoken,
written, acted on, etc., in strict privacy or
secrecy, information, the unauthorized disclosure
of which poses a threat
7
NCOIC Net-centric Patterns
8
Hybrid Cloud Computing Capability Pattern

• Abstract The Hybrid Cloud Computing (HCC)
  capability pattern provides a practical,
  pragmatic guide for development of cloud
  computing capability focused on interoperability
  and design for affordability. This capability
  pattern seeks to balance the cost, speed, and
  agility afforded cloud computing consumers with
  the required security, privacy and
  confidentiality.
• Goal Make Government more agile and adaptive
  with a focus on collaboration, openness and
  transparency
• NCOIC Hybrid Cloud Computing Pattern Service
  Oriented Government Powered by Cloud Computing
• Leverage net-centric thinking to power Government
  transformation

9
Evolving Design Pattern

• Maintain security and control of personal
  identifiable information on premise (I.e., from
  personal identity theft).
• Obtain agility and cost benefits from public
  cloud
• Develop cloud bursting capability to right sized
  private cloud
• Extend to mobile devices

Public Cloud
Private Cloud
Data
Browser Applications
Mobile Devices
On Premise Environment
Source Lockheed Martin Cloud Computing Research
Investigation
10
Influencing Global Standards
Source Dr. Craig A. Lee (Open Grid Forum)
11
Cloud / Cyber Intersection

• Develop global meaning to Cloud Computing
• Create awareness and impact of global cloud
  initiatives
• Provide net-centric patterns that drive security,
  privacy and confidentially concerns
• Influence global standards guiding cloud
  certification, accreditation and security
  standards

12
Net-EnabledFuture
Stovepiped Systems,
Point-to-PointNetworks