The technologies behind big data and cloud computing are converging quickly, offering businesses new capabilities for fast, easy, wide-ranging access to data. However, to capitalize on the cost-efficiencies and time-to-value opportunities of analytics in the cloud, big data and cloud technologies must be integrated and managed properly. Pythian's Director of Big Data and Data Science, Danil Zburivsky will explore: The main technology components and best practices being deployed to take advantage of data and analytics in the cloud, Architecture, integration, governance and security scenarios and Key challenges and success factors of moving data and analytics to the cloud| By Reuven Cohen | Article Rating: |
|
| April 14, 2009 08:45 AM EDT | Reads: |
18,188 |
Often when those who say the cloud is too early or not ready for wide-scale enterprise usage they point to "security" as being a key concern. Although they are quick to point out the security of a third-party provider is an obvious point of weakness, they typically lack any specific examples of what these possible weak points actually are. So I thought I'd point out a few.
When looking at the potential vulnerabilities that cloud computing introduces, I typically recommend looking at the low-hanging fruit, the stuff that a novice user could exploit with little or no technical capabilities. Right now the simplest exploits involve something I call "cloud jacking" or "cloud hijacking". This is when a unscrupulous element takes either partial or complete control of your cloud infrastructure typically by using a simple
automated exploit script (kiddie script). An example of this in action is found within the world of botnets in which an existing series of compromised computing resource are used to create an exploit map of the cloud.
The basic premise of "cloud exploit mapping" is to use a technique similar to that of Celestial navigation, which was a navigational positioning technique that was devised to help sailors cross the featureless oceans without having to rely on dead reckoning to enable them to strike land. Similarly cloud exploit mapping is used in order to navigate and locate the optimal targets for exploitation across the cloud. Once the potential vulnerable machines have been mapped, all a potential hacker needs to do is hijack a series of already exploited machines by crawling the structure of an existing botnet basically using it as a guide to the easiest targets replacing the previous command and control with a new set. Generally speaking, botnet controllers don't plug existing holes, so it's fairly easily to exploit the previous vulnerabilities.
When looking at Security in the cloud Richard Reiner, formerly the founder of Assurent Secure Technologies and Advisor for Enomaly puts it another way.
"Securing the cloud doesn't present radically new challenges, although new technology may be required. For example, rather than implementing firewall and IPS functions exclusively in the physical network, some of these network security functions may need to be delivered within the virtual switch provided by a hypervisor, and products specifically adapted to this deployment will be required. Host-based security agents may also require some modification to run well in this environment, as they need to handle events such as migration of the guest instance form one host to another.
When an enterprise makes use of public cloud resources (e.g., Amazon EC2, or Rackspace's Mosso cloud services), additional issues arise. Here there is a new trust issue. The customer's compute tasks are now executing within the cloud providers infrastructure, and the "servers" these tasks are operating on are guests under the cloud's hypervisors -- i.e. essentially fictions created by the hypervisor software. The hypervisor is software, so it is easily modified; and it is all-powerful with respect to the guest instances running under it -- the hypervisor can copy, modify, or delete data from within the guest at will. This is a new trust problem: the customer must trust that the cloud provider's hypervisors and management software are behaving appropriately and haven't been tampered with.
Unlike traditional hosting, the problem can't be solved by locking the physical servers in a cage that only the customer has access to, since these are virtual servers running on shared hardware."
For cloud providers, the next major issue may be in addressing multi-tenant cloud federation and security. When a series of applications or machines have been exploited the next generation of cloud platforms will need to provide a quick and secure way to quarantine those machines before they can further harm or potentially bring down the entire cloud. Most security products were never made to hand the management of ten of thousands or more of transient physical and virtual machines that could be used by anyone at anytime for any reason. This is the new reality facing public cloud providers and their customers.
Published April 14, 2009 Reads 18,188
Copyright © 2009 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
More Stories By Reuven Cohen
An instigator, part time provocateur, bootstrapper, amateur cloud lexicographer, and purveyor of random thoughts, 140 characters at a time.
Reuven is an early innovator in the cloud computing space as the founder of Enomaly in 2004 (Acquired by Virtustream in February 2012). Enomaly was among the first to develop a self service infrastructure as a service (IaaS) platform (ECP) circa 2005. As well as SpotCloud (2011) the first commodity style cloud computing Spot Market.
Reuven is also the co-creator of CloudCamp (100+ Cities around the Globe) CloudCamp is an unconference where early adopters of Cloud Computing technologies exchange ideas and is the largest of the ‘barcamp’ style of events.
The technologies behind big data and cloud computing are converging quickly, offering businesses new capabilities for fast, easy, wide-ranging access to data. However, to capitalize on the cost-efficiencies and time-to-value opportunities of analytics in the cloud, big data and cloud technologies must be integrated and managed properly. Pythian's Director of Big Data and Data Science, Danil Zburivsky will explore: The main technology components and best practices being deployed to take advantage of data and analytics in the cloud, Architecture, integration, governance and security scenarios and Key challenges and success factors of moving data and analytics to the cloudJun. 24, 2018 03:00 PM EDT |
By Yeshim Deniz Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with extensive global expertise as a strategist, technologist, innovator, marketer, and communicator. For over 30 years across five continents, he has built success with Fortune 500 corporations, vendors, governments, and as a leading research analyst and consultant.Jun. 24, 2018 02:15 PM EDT Reads: 3,220 |
By Liz McMillan Jun. 24, 2018 01:45 PM EDT Reads: 2,979 |
By Elizabeth White Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value extensible storage infrastructure has in accelerating software development activities, improve code quality, reveal multiple deployment options through automated testing, and support continuous integration efforts. All this will be described using tools common in DevOps organizations. Jun. 24, 2018 01:30 PM EDT Reads: 5,209 |
By Liz McMillan Jun. 24, 2018 12:15 PM EDT Reads: 2,941 |


Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with extensive global expertise as a strategist, technologist, innovator, marketer, and communicator. For over 30 years across five continents, he has built success with Fortune 500 corporations, vendors, governments, and as a leading research analyst and consultant.
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value extensible storage infrastructure has in accelerating software development activities, improve code quality, reveal multiple deployment options through automated testing, and support continuous integration efforts. All this will be described using tools common in DevOps organizations. 
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical Infrastructure as a Service cloud provider but it's been des...
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the...
Wooed by the promise of faster innovation, lower TCO, and greater agility, businesses of every shape and size have embraced the cloud at eve...
Traditional on-premises data centers have long been the domain of modern data platforms like Apache Hadoop, meaning companies who build thei...














