The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New Strategies We Must Consider

11/6/2013

1

The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New Strategies We Must Consider

We are living in an age where the velocity of information growth has reached new speeds, the volume of information that we keep and use is exploding, and the increasing variety of information sources is creating a new demand to expand our definition of security. No longer is it just security in our enterprise, but across an expanded infrastructure and an ever-expanding collection of devices. This talk will explore this changing universe, the emerging paradigms, the impacts on security and suggestions on how to manage the risk.

Key Takeaways•A future view of where Cloud Computing and Bid Data are headed•How these futures and new paradigm will impact security•What we need to do to meet the new needs

David [email protected]/in/davidsmithaustin

The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New Strategies We Must Consider

11/6/2013

2

Cyberspace will become orders of magnitude more complex and confused very quickly

Overall this is a very positive development and will enrich human society

It will be messy but need not be chaotic!

Cyber security research and practice are loosing ground

VOLUME / VELOCITY / VARIETY Change everything

The Internet of Things will Change it all3

Origin of the term “Cloud Computing”

• “Comes from the early days of the Internet where we drew the network as a cloud… we didn’t care where the messages went… the cloud hid it from us” – Kevin Marks, Google

• First cloud around networking (TCP/IP abstraction)

• Second cloud around documents (WWW data abstraction)

• The emerging cloud abstracts infrastructure complexities of servers, applications, data, and heterogeneous platforms– (“muck” as Amazon’s CEO Jeff Bezos calls it)

11/6/2013

3

A “cloud” is an IT service delivered to users that has:• A user interface that makes the infrastructure underlying the service transparent to the

user• Near-zero incremental management costs when additional IT resources are added• A service management platform

Industry Trends Leading to Cloud Computing

Grid Computing

• Solving large problems with parallel computing

• Made mainstream by Globus Alliance

Software as a Service

• Network-based subscriptions to applications

• Gained momentum in 2001

Cloud Computing

• Next-Generation Internet computing

• Next-Generation Data Centers

19901998

20002010

Utility Computing

• Offering computing resources as a metered service

• Introduced in late 1990s

Even as clouds take hold, the IT landscapeis changing rapidly…

Technology is rapidly being commoditized

Businesses are more willing and able to shop for IT services

In-house IT infrastructure is increasingly seen as complex and rigid

Unstructured data is the new gold © Harvard Business Review

11/6/2013

4

Cloud Computing 'Platform as a service' (PaaS) Infrastructure as a Service (IaaS) Software as a service (SaaS)

Public Clouds Application-centric cloud platforms

Public clouds reduce corporate IT jobs and spend. CIOslead the charge. Private clouds become THE strategic decision for enterprise IT

Private Clouds enterprise owned or leased

Hybrid cloud composition of two or more clouds

Community cloud shared infrastructure for specific community

Copyright, 2010 © HBMG, Inc

A Crisis of Complexity. The Need for Progress is Clear.

85% idleIn distributed computing environments, up to 85% of computing capacity sits idle.

Explosion of information driving 54% growth in storage shipments every year.

1.5x

70¢ per $170% on average is spent on maintaining current IT infrastructures versus adding new capabilities.

70%+ Neverrecover

Of business never recover from a major data disaster. Howard Levenson, IBM

11/6/2013

5

Users Wait Too Long For New Servers

SubmitRequest

AcquireHW &SW

Install &Config.

HW

Install &Config

SW

DeployServer

RequesterRequester

Three to six months to provision a new server!

Howard Levenson, IBM

From http://geekandpoke.typepad.com

11/6/2013

6

...service sourcing and service value

Cloud Computing Delivery Models

ORGANIZATION CULTURE GOVERNANCE

Flexible Delivery Models

Public …•Access by Service provider owned and managed.

•subscription.•Delivers select set of standardized business process, application and/or infrastructure services on a flexible price per use basis.

Private …•Privately owned and managed.

•Access limited to client and its partner network.

•Drives efficiency, standardization and best practices while retaining greater customization and control

Cloud Services 

Cloud Computing Model

.… Customization, efficiency, availability, resiliency, security 

and privacy 

.…Standardization, capital preservation, flexibility and 

time to  deploy  

Hybrid …•Access to client, partner network, and third party resources

Growth of Data

11/6/2013

7

Virtualization for Client Computing

Hosted Virtual DesktopsArchitectural equivalent of

the blade PCFull "thick-client" image,

thin-client delivery model

Server Hardware

VMM

Application

PC OS PC OS

Application

PC OS

Application

Portable Personalities• Carry the bubble, not the

hardware• Portable media, stored on

the network• Bubbles of various sizes:

some with OS, some without

.

Source: Matthew Gardiner, Computer Associates

11/6/2013

8

Big Data Numbers

How many data in the world?

– 800 Terabytes, 2000

– 160 Exabytes, 2006

– 500 Exabytes(Internet), 2009

– 2.7 Zettabytes, 2012

– 35 Zettabytes by 2020

How many data generated ONE day?

– 7 TB, Twitter

– 10 TB, Facebook

Big data: The next frontier for innovation, competition, and productivity

McKinsey Global Institute 2011

Tapping into the Data

• Data Storage• Reporting• Analytics• Advanced Analytics

– Computing with big datasets is a fundamentally different challenge than doing “big compute” over a small dataset

Unutilized data that can be available to business

Utilized data

11/6/2013

9

Business, Knowledge, and Innovation Landscape

• Typically 80% of the key knowledge (and value) is held

by 20% of the people – we need to get it to the right

people

• Only 20% of the knowledge in an organization is

typically used (the rest being undiscovered or under-

utilized)

• 80-90% of the products and services today will be

obsolete in 10 years – companies need to innovate &

invent faster

Copyright 2012@ HBMG Inc.

Computer generated data Application server logs (web sites, games) Sensor data (weather, water, smart grids) Images/videos (traffic, security cameras)

Human generated data Twitter “Firehose” (50 mil tweets/day 1,400% growth

per year) Blogs/Reviews/Emails/Pictures

Social graphs Facebook, linked-in, contacts

Device generated data– …………..

11/6/2013

10

“Big Data” and it’s close relatives “Cloud Computing”, “Social Media” and "Mobile"

are the new frontier of innovation.

Driven by Advance Analytics

Big Data and It’s Brothers

Volume

Variety

Velocity

………..

11/6/2013

11

Volume

Volume is increasing at incredible rates. With more people using high speed internet connections than ever, plus these people becoming more proficient at creating content and just more people in general contributing information are combined forces that are causing this tremendous increase in Volume.

Variety

Next in breaking down Big Data into easily digestible bite-size chunks is the concept of Variety. Take your personal experience and think about how much information you create and contribute in your daily routine. Your voicemails, your e-mails, your file shares, your TV viewing habits, your Facebook updates, your LinkedIn activity, your credit card transactions, etc.

Whether you consciously think about it or not the Variety of information you personally create on a daily basis which is being collected and analyzed is simply overwhelming.

11/6/2013

12

Velocity

The speed at which data enters organizations these days is absolutely amazing. With mega internet bandwidth nearly being common place anymore in conjunction with the proliferation of mobile devices, this simply gives people more opportunity than ever to contribute content to storage systems.

CRM Data

GP

S

Demand

Sp

ee

d

Velocity

Transactions

Opp

ortu

nitie

s

Se

rvice C

alls

Customer

Sales Orders

Inventory

Em

ails

Tw

eets

Planning

Things

Mobile

Instant Messages

Worldwide digital content will double in 18 months, and every 18 months thereafter.

VELOCITY

In 2005, humankind created 150 exabytes of information. In 2011, over 1,200 exabytes was created.

VOLUME VARIETY

80% of enterprise data will be unstructured, spanning traditional and non traditional sources.

Gartner

IDC

The Economist

11/6/2013

13

But I Believe there are Four V4

Clouds and Crowds

Interactive Cloud Analytic Cloud People Cloud

Data Acquisition

Transactionalsystems

Data entry

… + Sensors(physical & software)

… + Web 2.0

Computation Get and Put Map ReduceParallel DBMS

Stream Processing

… + Collaborative Structures (e.g.,Mechanical Turk,

Intelligence Markets)

Data Model Records Numbers, Media … + Text, Media, Natural Language

ResponseTime

Seconds Hours/Days … +Continuous

The Future Cloud will be a Hybrid of These.

.

11/6/2013

14

As the world gets smarter, infrastructure demands will grow

Smart traffic

systems

Smart water management

Smart energy grids

Smart healthcare

Smart food

systems

Smart oil field

technologies

Smart regions

Smart weather

Smart countries

Smart supply chains

Smart cities

Smart retail

.

11/6/2013

15

The Threat Landscape Has Evolved…

HACKTIVISTSSTATE-

SPONSORED ATTACKERS

CYBERCRIMINALS

29

FINANCIALLY MOTIVATED

NATIONALISTICALLYMOTIVATED

POLITICALLY MOTIVATED

ATA/APT GRADE

DDOS

Ransom & fraud

Gov’t, enterprise & infrastructure

targets

Public data leakage

DefacementDATATHEFT

MALWARE

BADSTUFF IN

GOOD STUFF OUT

The Malware Problem –Overwhelming Odds

1/3of malware is customized (no signature available at

time of exploit)

85%of breaches took weeks

or more to discover (+6%)

(VzB, 2012) (VzB, 2012) (Ponemon)

91%of organizations believe exploits bypassing their

IDS and AV systems

30

11/6/2013

16

Why is Security Hard?

No system can be 100% secure– Reality is risk mitigation, not risk avoidance

Difficult to prove good security– Bad security gets proven for us!

Good security and no security can look the same– How does one know how secure they are?

Many things to secure– People, equipment, OS, network, Application Servers,

applications, phones, and databases

Balancing the Business

Usability

PerformanceSecurity

x

Add Devices and Thing to Things and it gets very BAD

11/6/2013

17

Mobile Devices

Mobile computers:– Mainly smartphones,

tablets– Sensors: GPS, camera,

accelerometer, etc.– Computation: powerful

CPUs (≥ 1 GHz, multi-core)

– Communication: cellular/4G, Wi-Fi, near field communication (NFC), etc.

Many connect to cellular networks: billing system

Cisco: 7 billion mobile devices will have been sold by 2012

Organization

Data Mining as a Threat to Security

Data mining gives us “facts” that are not obvious to human analysts of the data

Enables inspection and analysis of huge amounts of dataPossible threats:

– Predict information about classified work from correlation with unclassified work (e.g. budgets, staffing)

– Detect “hidden” information based on “conspicuous” lack of information

– Mining “Open Source” data to determine predictive events (e.g., Pizza deliveries to the Pentagon)

It isn’t the data we want to protect, but correlations among data items

Published in Chris Clifton and Don Marks, “Security and Privacy Implications of Data Mining”, Proceedings of the ACM SIGMOD Workshop on Research Issues in Data Mining and Knowledge Discovery

11/6/2013

18

KnowledgeEconomy

DiverseWorkforce

InformationExplosion

SustainableDevelopment

FiniteResources

InternationalPartnerships

GlobalizationAccelerating Change

Life-LongLearning

ComplexTechnologies

Challenges in the 21st century

CitizenEngagement

Safety & Security

Mega Trends to Consider…

• Digitization of all content (listening = getting!)

• Distribution is the default (just having a network

won’t be enough)

• Virtualization (location matters less and less)

• Niche-ization of content & lifestyles

• Mass-Personalization of media will become

standard

• Democratization of creation, & peer production

• Amateurization of the entire value chain (but

NOT to the detriment of experts)

• “Godzilla-zation” of users/consumers

11/6/2013

19

0

500

1,000

1,500

2,000

2,500

3,000

3,500

4,000

2003 2004 2005 2006 2007 2008 2009 2010 2011

Year

Pet

abyt

es/D

ay G

loba

l

• Mobile • Device to Device • Sensors • Entertainment• Smart Home• Distributed Industrial• Autos/Trucks• Smart Toys

2012

ConvergedContent

Traditional Computation

Growth at the Edge of the Network

11/6/2013

20

Internet of Things

• a system . . . that would be able to instantaneously identify any kind of object.

• network of objects . .

• one major next step in this development of the Internet, which is is to progressively evolve from a network of interconnected computers to a network of interconnected objects …

• from communicating people (Internet)

... to communicating items …

• from human triggered communication …

• ... to event triggered communication

11/6/2013

21

Tomorrow’s ubiquitous world of tags, sensors and smart systems

Sensor Data Volume

How do we handle all this data?“Rebalancing Collection & PED may be Necessary”

11/6/2013

22

The “Fat Pipe”

Data

Desktop

11/6/2013

23

.

EmbeddednessThe Invisible Computer

EmbeddednessDigital convergence technologies will “form the invisible technical infrastructure for human actionanalogous to the visible infrastructure provided by buildings and cities.”

Embeddedness is driven by cost-effective computing, Moore’s Law, miniaturization, ubiquitous communication, and advanced materials and sensing devices.

In 2000, 98% of computing devices sold are embedded in products and are not apparent to the product’s user.

11/6/2013

24

Emerging Technology Sequence

EmergingTechnology

Vectors

CellularArray

Defect Tolerant

BiologicallyInspired

QuantumComputing

BiologicalBased Architecture

1-D Structures

ResonantTunneling SET Molecular Spin

TransistorQCA Logic

NanoFG

FloatingBody DRAM SET

InsulatorResistance

ChangeMolecular Quantum DNA Memory

UTB SingleGate FET

Source/DrainEngineered FET

UTB MultipleGate FET

QuasiBallistic FET Hybrid Non-Classical

CMOS

RiskSource: Technology Futures, Inc.

Risk Management And Needed Security

Unacceptable Risk

Acceptable Risk

Security engineering defines probability

Probability of exploit

Impa

ct to

bus

ines

s

Low High

High

Bus

ines

s de

fines

impa

ct

Risk management drives risk to an acceptable level

11/6/2013

25

Cyber Security is all about tradeoffs

49

Productivity Security

Let’s build itCash out the benefitsNext generation can secure it

Let’s not build itLet’s bake in super-security tomake it unusable/unaffordableLet’s sell unproven solutions

There is a middle groundWe don’t know how to predictably find it

Exposures

1. Increased Dependency on Complex Technologies and Business Processes

2. Steep Decline of Barriers to Trade

3. Speed of Transactions

4. The Death of Distance

5. The Adoption of Advanced Communications

6. Consolidation/Transformation of Traditional Industries

7. The Internet and the Abundance of Information

8. Infrastructure

9. Overcommitted Agencies

10.Changing Social Constructs

11.The Device to Device Computing Growth

11/6/2013

26

Top 5 Most Appreciated Technologies

Microwave Oven 77.3%

Universal Remote Control 66.6%

Garage Door Opener 64.6%

Telephone Answering Machine (For Home) 61.7%

Ear Thermometer 59.5%

11/6/2013

27

Big Data

“85% of eBay’s analytic workload is new and unknown. We are architected for the unknown.”

Oliver Ratzesberger, eBay

Data exploration – data as the new oil The exploration for data, rather than the exploration of data

Uncovering pockets of untapped data

Processing the whole data set, without sampling

eBay’s Singularity platform combines transactional data with behavioral data, enabled identification of top sellers, driving increased revenue from those sellers

53

11/6/2013

28

Cyberspace will become orders of magnitude more complex and confused very quickly

Overall this is a very positive development and will enrich human society

It will be messy but need not be chaotic!

Cyber security research and practice are loosing ground

VOLUME / VELOCITY / VARIETY Change everything

The Internet of Things will Change it all55

In Parting: Be Paranoid

“Sooner or later, something fundamental in your business

world will change.”

Andrew S. Grove, Founder, Intel“Only the Paranoid Survive”

“Sooner or later, something fundamental in your business

world will change.”

Andrew S. Grove, Founder, Intel“Only the Paranoid Survive”