Cloud Computing Webinar Powerpoint (final 09-04-12) WEBINARS/Cloud Computing... · EyeOS ICAC...
Transcript of Cloud Computing Webinar Powerpoint (final 09-04-12) WEBINARS/Cloud Computing... · EyeOS ICAC...
ICAC Webinar – Cloud Computing September 4, 2012
1
ICAC Webinar Series NCJRL
Cloud Computing
ICAC Webinar Series NCJRL
TODAY’S TOPICS
• What “Cloud Computing” is and How it Works
• Security & Privacy Issues
• Investigative Challenges
ICAC Webinar Series NCJRL
WHAT IS CLOUD COMPUTING?
• Cloud computing refers to software or processes offered over the Internet as opposed to the user’s computer
• Popular examples: – E-mail
– Photo sharing
– File backup
ICAC Webinar – Cloud Computing September 4, 2012
2
ICAC Webinar Series NCJRL
WHY “CLOUD COMPUTING”?
The name comes from the use of a cloud-shaped symbol as an abstract diagram
for the process
http://www.nskinc.com
ICAC Webinar Series NCJRL
WHAT IS NOT CLOUD COMPUTING?
• Files stored internally on your computer
• Accessing a simple HTML website
ICAC Webinar Series NCJRL
CLOUD COMPUTING BENEFITS
• Reduced Cost
• Device and Location Independence
• Easier Maintenance
ICAC Webinar – Cloud Computing September 4, 2012
3
ICAC Webinar Series NCJRL
EXAMPLE OF BENEFITEMAIL
– If not in the cloud, every business and individual would have to install their own server software on their computer
– “Out-sourcing” services like e-mail
•Frees up internal resources
•Cheaper for one company to handle millions than for each company to do their own
•Allows pooling and sharing of resources –automatic deployment of new security techniques
ICAC Webinar Series NCJRL
THE BIG PICTURE
• For many businesses, governments, and individuals, the use of cloud computing just makes sense– AND It is growing in popularity, which
makes it important to learn and understand
• However, a downside exists– Security and privacy issues
– Data release to a third party
ICAC Webinar Series NCJRL
CLASSIFICATIONS
• Deployment Models– Public
– Community
– Hybrid
– Private
• Service Models– Infrastructure
– Platform
– Software
– Many others
ICAC Webinar – Cloud Computing September 4, 2012
4
ICAC Webinar Series NCJRL
DEPLOYMENT MODELS
• Many models for the cloud exist– Public
•Available to general public
•Often free
•Access exclusively via the Internet
– Private•Solely for one individual organization
•May operate internally or by a third party
•Keeps others out of the system, but lacks the benefits of shared resources
ICAC Webinar Series NCJRL
DEPLOYMENT MODELS– Community
•Not open to public, but shared by several related organizations with common needs
•Costs shared over fewer users than public clouds, but can be more secure
– Hybrid•Combine public, community, and/or private
clouds
•Utilizes internal and external resources
ICAC Webinar Series NCJRL
PUBLIC MODEL
ICAC Webinar – Cloud Computing September 4, 2012
5
ICAC Webinar Series NCJRL
PRIVATE MODEL
ICAC Webinar Series NCJRL
COMMUNITY MODEL
ICAC Webinar Series NCJRL
HYBRID MODEL
ICAC Webinar – Cloud Computing September 4, 2012
6
ICAC Webinar Series NCJRL
SERVICE MODELS
• Software as a Service (SaaS)– Programs accessed
in the cloud and maintained there
•Examples: Microsoft Office 360, Google Apps, QuickBooks, E-mail, Games
Cloudtweaks.com
ICAC Webinar Series NCJRL
SERVICE MODELS
• Platform as a Service (PaaS)– The cloud provides an environment for an
organization to work•Examples: Operating Systems, Web Server
ICAC Webinar Series NCJRL
SERVICE MODELS
• Infrastructure as a Service (IaaS)– Enhances security, capacity, memory, or
similar without requiring user to physically buy newer, larger, more powerful computers
•Examples– Firewalls
– Intensive data processing
– File storage
ICAC Webinar – Cloud Computing September 4, 2012
7
ICAC Webinar Series NCJRL
SERVICE MODELS
• Many newer models, including:– Storage as a service (STaaS)
– Security as a service (SECaaS)
– Data as a service (DaaS)
– Desktop as a service (DaaS)
– API as a service (APIaaS)
ICAC Webinar Series NCJRL
SERVICE MODELS
To think of it a different way, cloud computing has two categories of shared resources:
– Software
– Hardware
www.howtonetworks.net
ICAC Webinar Series NCJRL
SOFTWARE AS A SERVICEEXAMPLE
Installed on Google’s Servers
Individual in New York
Business in Tokyo
ICAC Webinar – Cloud Computing September 4, 2012
8
ICAC Webinar Series NCJRL
PLATFORM AS A SERVICEEXAMPLE
Installed on Microsoft’s
Servers
ICAC Webinar Series NCJRL
INFRASTRUCTURE AS A SERVICE EXAMPLE
ICAC Webinar Series NCJRL
WHO HOSTS THE CLOUD?
• Many companies are competing for your business in the cloud
• Amazon Web Services was one of the first on the market (doing so in 2002)– Hosts everything you’ve seen here and
more
• IBM and Cisco also have significant shares of the market
ICAC Webinar – Cloud Computing September 4, 2012
9
ICAC Webinar Series NCJRL
If a person wants to sign up for a Gmail account, which model are they using?
A. Hybrid
B. Public
C. Community
D. Private
QUIZ
ICAC Webinar Series NCJRL
Processing power can be acquired through which cloud service model?
A. Software as a Service
B. Platform as a Service
C. Processing as a Service
D. Infrastructure as a Service
QUIZ
ICAC Webinar Series NCJRL
PUBLIC CLOUD SERVICES
• Many public cloud services are available, often at no cost to the user, including:– File storage
– Photo sharing
– Password managers
– Operating systems
– Mobile phone services
ICAC Webinar – Cloud Computing September 4, 2012
10
ICAC Webinar Series NCJRL
FILE STORAGE
• Box
• Dropbox
• Google Drive
• Backup– Carbonite
– Mozy
– Norton Online Backup
ICAC Webinar Series NCJRL
FILE STORAGE EXAMPLE:GOOGLE DRIVE
• Acts like a folder on your computer(s), and allows file access through your online account
• 5GB of storage free– 1 Terabyte (enough for a 3-month long
video) available for $50/month
• Allows file sharing and group editing
ICAC Webinar Series NCJRL
FILE STORAGE EXAMPLE:GOOGLE DRIVE
ICAC Webinar – Cloud Computing September 4, 2012
11
ICAC Webinar Series NCJRL
PHOTO SHARING
• Allows user to sync all photos and videos from their computer and smartphone to their cloud account
• Files can then be shared with others as you choose
• Many allow online editing as well, making them both SaaS and IaaS
ICAC Webinar Series NCJRL
PHOTO SHARING EXAMPLES:
• Flickr
• Picasa Web Albums
• Photobucket
• Shutterfly
ICAC Webinar Series NCJRL
PASSWORD MANAGERS
• Many services allow users to save all of their passwords in one central account online
• May allow password sharing with others
ICAC Webinar – Cloud Computing September 4, 2012
12
ICAC Webinar Series NCJRL
OPERATING SYSTEMS
• Computers run an entire operating system from a cloud server
• User never has to install updates
• Makes installing applications easy and only one copy is needed – saves time and storage space
• Makes it less likely that a computer will get a virus or malware
ICAC Webinar Series NCJRL
OPERATING SYSTEMS EXAMPLE: JOLICLOUD
ICAC Webinar Series NCJRL
OPERATING SYSTEMS EXAMPLE: JOLICLOUD
• Runs entirely within your browser
• Is open source (= free)
• All of your files are also accessible on your smartphone or tablet
ICAC Webinar – Cloud Computing September 4, 2012
13
ICAC Webinar Series NCJRL
EyeOS
ICAC Webinar Series NCJRL
MOBILE PHONE SYSTEMS
• Many phone developers have created cloud computing systems for users to share and sync:– Contacts
– Files
– Calendar
– Photos and videos
– Applications
– Track devices and remote lock/wipe
ICAC Webinar Series NCJRL
MOBILE PHONE EXAMPLE: iCLOUD
ICAC Webinar – Cloud Computing September 4, 2012
14
ICAC Webinar Series NCJRL
MICROSOFT SKYDRIVE
ICAC Webinar Series NCJRL
ORGANIZATIONS IN THE CLOUD
• All of the preceding examples have both individual and organizational uses
• Organizations may choose to utilize a common cloud service (such as Google Apps) or may seek to have a service completely customized for their needs
ICAC Webinar Series NCJRL
Which of the following is an example of how a home user may use cloud computing?
A. Backup files
B. Share photos
C. Sync calendar data across devices
D. Save their passwords
E. All of the above
QUIZ
ICAC Webinar – Cloud Computing September 4, 2012
15
ICAC Webinar Series NCJRL
Security & Privacy Issues
Cloudtweaks.com
ICAC Webinar Series NCJRL
“With the cloud, you don't own anything. You already signed it away … the more we transfer everything onto the web, onto the cloud, the less we're going to have control over it.”
- Steve Wozniak, Apple Co-Founder
ICAC Webinar Series NCJRL
THE REAL FEAR
• Theft of confidential or private data– For example
•Attorneys
•Trade secrets
•Identity theft
ICAC Webinar – Cloud Computing September 4, 2012
16
ICAC Webinar Series NCJRL
ALREADY IN THE CLOUD
• Financial institutions
• Energy
• Military– Currently moving e-mail to a private cloud
•Projected to reduce cost of e-mail
•May save the Army alone $320 million over a five-year period
• Nearly every major corporation
ICAC Webinar Series NCJRL
AUTHENTICATION
• There are ways to authenticate a user to ensure they are who they say they are
• Passwords are used for authentication, but there are many other means– Location-based / IP Ranges
– Biometrics
– Card or token
– Digital certificate
ICAC Webinar Series NCJRL
ENCRYPTION
• Cloud host may encrypt all data– May not even have access to the individual
files
• Encryption of communications
ICAC Webinar – Cloud Computing September 4, 2012
17
ICAC Webinar Series NCJRL
OTHER SECURITY
• Firewalls
• Malware/virus protection
• Log inspection
ICAC Webinar Series NCJRL
UNAUTHORIZED ACCESS
• Hacking
– Cloud may create a larger target while also offering better security
• Cloud host issues
– Using the cloud often requires relinquishing physical control over the data – it’s stored outside of your building
– Gives the host’s employees access to the data. May require special agreement. (Gramm-Leach-Bliley Act, HIPAA)
ICAC Webinar Series NCJRL
LEGAL ETHICS
• Many states have ethics opinions dealing with attorneys’ use of cloud computing
– Must take reasonable care to ensure confidentiality
– Evaluate backup strategies
– Vermont – must discuss with client if especially sensitive
– Alabama - stay abreast of best practices regarding data safeguards
ICAC Webinar – Cloud Computing September 4, 2012
18
ICAC Webinar Series NCJRL
Which is NOT a form of authentication?
A. Retina scan
B. Firewalls
C. Password
D. Digital certificate
E. IP Ranges
QUIZ
ICAC Webinar Series NCJRL
Investigative Challenges
ICAC Webinar Series NCJRL
WHERE IS THE DATA?
• Suppose you know that someone has a copy of a certain file, and you, the forensics investigator, needs to find it…
ICAC Webinar – Cloud Computing September 4, 2012
19
ICAC Webinar Series NCJRL
WHERE IS THE DATA?
ICAC Webinar Series NCJRL
INSIDE THE BOX
• Computer’s hard drive and other memory– Documents
– Pictures
– Outlook Emails
– Internet Cache
• CD’s and floppy disks
• iPods
• Cell Phones
• External Hard Drives
What the computer owner actually has possession of
ICAC Webinar Series NCJRL
INSIDE THE BOXWhat the computer owner actually has possession of
ICAC Webinar – Cloud Computing September 4, 2012
20
ICAC Webinar Series NCJRL
OUTSIDE THE BOX
• Online Email Accounts (Gmail and Yahoo)
• Internet Shopping Accounts
• Social Networking Accounts
• Backups of text messages
• Cell Site Location Data
• Subscriber account records
• Contents of Websites
What is not stored on the owner’s computer
ICAC Webinar Series NCJRL
OUTSIDE THE BOXWhat is not stored on the owner’s computer
ICAC Webinar Series NCJRL
IMPORTANT DISTINCTION
• Inside the box– Likely Fourth Amendment protection
• Outside the box– Generally, no reasonable expectation of
privacy•Fourth Amendment applicability doubtful
•Highly debatable, unsettled question, at best
– Stored Communications Act primary authority
ICAC Webinar – Cloud Computing September 4, 2012
21
ICAC Webinar Series NCJRL
DISCOVERY
• Documents under custody, control or possession (Fed. R. Civ. P. 34)
• Cloud host may or may not have the ability to preserve and collect data
• Host may keep documents longer than the company normal retains them
ICAC Webinar Series NCJRL
ENCRYPTION
• Provides security for the creator of the information but makes an investigation nearly impossible– Unless you can compel production of the
password•Few courts have dealt with the issue, and no
pattern has yet to develop
ICAC Webinar Series NCJRL
Where might a person hide an incriminating file?
A. Smartphone
B. Computer
C. E-mail account
D. Social networking account
E. All of the above
QUIZ
ICAC Webinar – Cloud Computing September 4, 2012
22
ICAC Webinar Series NCJRL
Which of the following is NOT considered “outside the box”?
A. Internet cache
B. Cell site location data
C. Online e-mail account
D. Shopping account
E. Contents of websites
QUIZ
ICAC Webinar Series NCJRL
CONCLUSION
• Thank you for attending
• Put our next webinar on your calendar– October 2, 2012
“HIDING TRACKS: Proxy Servers and
Private Networks”
– To be presented by Priscilla Grantham,NCJRL Senior Research Counsel
ICAC Webinar Series NCJRL
Presented by
Don MasonAssociate/Acting Director, NCJRL
ncjrl.org