Cloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, What Cloud Computing is and How it Works

(1)

ICAC Webinar Series NCJRL

Cloud Computing

TODAY’S TOPICS

• What “Cloud Computing” is and

How it Works

• Security & Privacy Issues

• Investigative Challenges

WHAT IS CLOUD COMPUTING?

• Cloud computing refers to software or

processes offered over the Internet as

opposed to the user’s computer

• Popular examples:

(2)

WHY “CLOUD COMPUTING”?

The name comes from the use of a

cloud-shaped symbol as an abstract diagram

for the process

http://www.nskinc.com

WHAT IS NOT CLOUD

COMPUTING?

• Files stored

internally on your

computer

• Accessing a simple

HTML website

CLOUD COMPUTING BENEFITS

• Reduced Cost

(3)

EXAMPLE OF BENEFIT

EMAIL

– If not in the cloud, every business and individual

would have to install their own server software

on their computer

– “Out-sourcing” services like e-mail

•Frees up internal resources

•Cheaper for one company to handle millions

than for each company to do their own

•Allows pooling and sharing of resources –

automatic deployment of new security

techniques

THE BIG PICTURE

• For many businesses, governments, and

individuals, the use of cloud computing

just makes sense

– AND It is growing in popularity, which

makes it important to learn and understand

• However, a downside exists

– Security and privacy issues

– Data release to a third party

(4)

DEPLOYMENT MODELS

• Many models for the cloud exist

– Public

•Available to general public

•Often free

•Access exclusively via the Internet

– Private

•Solely for one individual organization

•May operate internally or by a third party

•Keeps others out of the system, but lacks the

benefits of shared resources

DEPLOYMENT MODELS

– Community

•Not open to public, but shared by several related

organizations with common needs

•Costs shared over fewer users than public

clouds, but can be more secure

– Hybrid

•Combine public, community, and/or private

clouds

•Utilizes internal and external resources

(5)

PRIVATE MODEL

COMMUNITY MODEL

(6)

SERVICE MODELS

• Software as a

Service (SaaS)

– Programs accessed

in the cloud and

maintained there

•Examples: Microsoft

Office 360, Google

Apps, QuickBooks,

E-mail, Games

Cloudtweaks.com

SERVICE MODELS

• Platform as a Service (PaaS)

– The cloud provides an environment for an

organization to work

•Examples: Operating Systems, Web Server

SERVICE MODELS

• Infrastructure as a Service (IaaS)

– Enhances security, capacity, memory, or

similar without requiring user to physically

buy newer, larger, more powerful computers

•Examples

– Firewalls

(7)

SERVICE MODELS

• Many newer models, including:

– Storage as a service (STaaS)

– Security as a service (SECaaS)

– Data as a service (DaaS)

– Desktop as a service (DaaS)

– API as a service (APIaaS)

SERVICE MODELS

(8)

PLATFORM AS A SERVICE

EXAMPLE

Installed on

Microsoft’s

Servers

INFRASTRUCTURE AS A

SERVICE EXAMPLE

WHO HOSTS THE CLOUD?

• Many companies are competing for your

business in the cloud

• Amazon Web Services was one of the

first on the market (doing so in 2002)

– Hosts everything you’ve seen here and

more

(9)

If a person wants to sign up for a Gmail

account, which model are they using?

A. Hybrid

B. Public

C. Community

D. Private

QUIZ

Processing power can be acquired through

which cloud service model?

A. Software as a Service

B. Platform as a Service

C. Processing as a Service

D. Infrastructure as a Service

QUIZ

PUBLIC CLOUD SERVICES

• Many public cloud services are available,

often at no cost to the user, including:

(10)

FILE STORAGE

• Box

• Dropbox

• Google Drive

• Backup

– Carbonite

– Mozy

– Norton Online Backup

FILE STORAGE EXAMPLE:

GOOGLE DRIVE

• Acts like a folder on your computer(s),

and allows file access through your

online account

• 5GB of storage free

– 1 Terabyte (enough for a 3-month long

video) available for $50/month

• Allows file sharing and group editing

(11)

PHOTO SHARING

• Allows user to sync all photos and videos

from their computer and smartphone to

their cloud account

• Files can then be shared with others as

you choose

• Many allow online editing as well,

making them both SaaS and IaaS

PHOTO SHARING EXAMPLES:

• Flickr

• Picasa Web

Albums

• Photobucket

• Facebook

• Shutterfly

PASSWORD MANAGERS

• Many services allow users to save all of

their passwords in one central account

online

(12)

OPERATING SYSTEMS

• Computers run an entire operating

system from a cloud server

• User never has to install updates

• Makes installing applications easy and

only one copy is needed – saves time

and storage space

• Makes it less likely that a computer will

get a virus or malware

OPERATING SYSTEMS

EXAMPLE: JOLICLOUD

OPERATING SYSTEMS

EXAMPLE: JOLICLOUD

• Runs entirely within your browser

• Is open source (= free)

(13)

EyeOS

MOBILE PHONE SYSTEMS

• Many phone developers have created

cloud computing systems for users to

share and sync:

– Contacts

– Files

– Calendar

– Photos and videos

– Applications

– Track devices and remote lock/wipe

(14)

MICROSOFT SKYDRIVE

ORGANIZATIONS IN THE

CLOUD

• All of the preceding examples have both

individual and organizational uses

• Organizations may choose to utilize a

common cloud service (such as Google

Apps) or may seek to have a service

completely customized for their needs

Which of the following is an example of

how a home user may use cloud

computing?

A. Backup files

B. Share photos

C. Sync calendar data across devices

D. Save their passwords

E. All of the above

(15)

Security & Privacy Issues

Cloudtweaks.com

“With the cloud, you don't

own anything. You already

signed it away … the more we

transfer everything onto the

web, onto the cloud, the less

we're going to have control

over it.”

- Steve Wozniak, Apple Co-Founder

THE REAL FEAR

• Theft of confidential or private data

– For example

(16)

ALREADY IN THE CLOUD

• Financial institutions

• Energy

• Military

– Currently moving e-mail to a private cloud

•Projected to reduce cost of e-mail

•May save the Army alone $320 million over a

five-year period

• Nearly every major corporation

AUTHENTICATION

• There are ways to authenticate a user to

ensure they are who they say they are

• Passwords are used for authentication,

but there are many other means

– Location-based / IP Ranges

– Biometrics

– Card or token

– Digital certificate

ENCRYPTION

• Cloud host may encrypt all data

– May not even have access to the individual

files

(17)

OTHER SECURITY

• Firewalls

• Malware/virus protection

• Log inspection

UNAUTHORIZED ACCESS

• Hacking

– Cloud may create a larger target while also

offering better security

• Cloud host issues

– Using the cloud often requires relinquishing

physical control over the data – it’s stored

outside of your building

– Gives the host’s employees access to the

data. May require special agreement.

(Gramm-Leach-Bliley Act, HIPAA)

LEGAL ETHICS

• Many states have ethics opinions dealing with

attorneys’ use of cloud computing

– Must take reasonable care to ensure confidentiality

– Evaluate backup strategies

– Vermont – must discuss with client if especially

sensitive

(18)

Which is NOT a form of authentication?

A. Retina scan

B. Firewalls

C. Password

D. Digital certificate

E. IP Ranges

QUIZ

Investigative Challenges

WHERE IS THE DATA?

(19)

WHERE IS THE DATA?

INSIDE THE BOX

• Computer’s hard drive

and other memory

– Documents

– Pictures

– Outlook Emails

– Internet Cache

• CD’s and floppy disks

• iPods

• Cell Phones

• External Hard Drives

What the computer owner actually has possession of

INSIDE THE BOX

(20)

OUTSIDE THE BOX

• Online Email Accounts (Gmail and Yahoo)

• Internet Shopping Accounts

• Social Networking Accounts

• Backups of text messages

• Cell Site Location Data

• Subscriber account records

• Contents of Websites

What is not stored on the owner’s computer

OUTSIDE THE BOX

What is not stored on the owner’s computer

IMPORTANT DISTINCTION

• Inside the box

– Likely Fourth Amendment protection

• Outside the box

– Generally, no reasonable expectation of

privacy

•Fourth Amendment applicability doubtful

•Highly debatable, unsettled question, at best

(21)

DISCOVERY

• Documents under custody, control or

possession (Fed. R. Civ. P. 34)

• Cloud host may or may not have the

ability to preserve and collect data

• Host may keep documents longer than

the company normal retains them

ENCRYPTION

• Provides security for the creator of the

information but makes an investigation

nearly impossible

– Unless you can compel production of the

password

•Few courts have dealt with the issue, and no

pattern has yet to develop

Where might a person hide an incriminating

file?

A. Smartphone

B. Computer

C. E-mail account

D. Social networking account

E. All of the above

(22)

Which of the following is NOT considered

“outside the box”?

A. Internet cache

B. Cell site location data

C. Online e-mail account

D. Shopping account

E. Contents of websites

QUIZ

CONCLUSION

• Thank you for attending

• Put our next webinar on your calendar

– October 2, 2012

“HIDING TRACKS: Proxy Servers and

Private Networks”

– To be presented by Priscilla Grantham,

NCJRL Senior Research Counsel