This is Willbros Senior GIS Consultant Peter Veenstra's presentation from the 2012 GITA Oil & Gas Pipeline Conference. The presentation address cloud computing security concerns and explains how cloud computing can help with data integrity management.
1. Up in the Clouds:
Cloud Computing and GIS
Peter Veenstra & Jason Cradit
Willbros Engineering
2. Overview
• Technical Overview
– Part I - Terminology - What is the cloud?
– Part II - Security - How secure is enough?
– Part III – Cloud Computing and GIS – The practical and potential?
• Summary and Thoughts
2
3. Introduction
• This is not a paper arguing for or against Cloud Computing.
• This is a wide-ranging and complex topic.
– New stuff every day
• Focus is on explaining cloud computing.
• Examine current applications and future applicability of pipeline GIS
in the Cloud.
3
4. Part I: Cloud Computing
Terminology, Definitions, Rationale
4
5. What is Cloud Computing?
• The first meaning of the term
Cloud:
noun 1. a visible mass of condensed
cloud is pretty
water vapor floating in the atmosphere, typically straightforward.
high above the ground.
verb 2. figurative [trans.] make (a
matter or mental process) unclear or uncertain; • However, when you add
confuse.“ 'computing' to it, you get an
approximation of the second
definition: something unclear
and nebulous.
5
6. What is Cloud Computing?
• The first meaning of the term
Cloud:
noun 1. a visible mass of condensed
cloud is pretty
water vapor floating in the atmosphere, typically straightforward.
high above the ground.
verb 2. figurative [trans.] make (a
matter or mental process) unclear or uncertain; • However, when you add
confuse.“ 'computing' to it, you get an
approximation of the second
51% Of People Think definition: something unclear
and nebulous.
Stormy Weather Affects
'Cloud Computing'
6
7. What is Cloud Computing?
• Intelligence and National Security Alliance
Cloud: (INSA) defines the cloud as follows:
noun 1. a visible mass of condensed
water vapor floating in the atmosphere, typically • Cloud Computing as an adjective: a
high above the ground. method of computing that provides It
verb 2. figurative [trans.] make (a capacity in elastic ways to expand to meet
matter or mental process) unclear or uncertain;
user needs and contract when demand
confuse.“
decreases.
• Cloud Computing as a noun: an
51% Of People Think
infrastructure of on-demand capabilities
Stormy Weather Affects using virtualized resources. This involves
'Cloud Computing' pools of storage, network, processing, and
other computational resources that can be
efficiently allocated when requested and
quickly provisioned in a highly automated
fashion.
7
11. Terminology and Definitions
• Deployment Model:
– Public, Private or Hybrid Clouds
• Service Model:
– PaaS - Platform as a Service (Build)
– I need computers to do stuff
– IaaS - Infrastructure as a Service (Host)
– I need specific computers to host specific software
– SaaS - Software as a Service (Consume)
– IaaS and PaaS is what we use to create SaaS
• Intrastructure Components
11
12. What is Cloud Computing?
• Cloud computing is IaaSPaaS business model. Lease or rent the
computers that you need as you need them.
• Not only the computers but the software on top of them (SaaS)
• Five characteristics of cloud computing:
1. On-demand self-service
2. Ubiquitous network access
3. Location independent resource pooling
4. Rapid elasticity
5. Measured service with pay-per-use
Source: INSA White Paper - ttp://www.insaonline.org/assets/files/White%20Papers/INSA_Cloud_Computing_2012_FINAL.pdf
12
13. Reasons for using Cloud Computing
• CapEx to Opex – Avoid the IT Cue
• Extends capabilities of IT
• Focus on business not IT (Getting things done)
• Standardization of Infrastructure (Abstraction)
• Ubiquitous access (TCPIP)
• Elastic (Expand to meet demand)
• Service based - get billed for what you use
• Speed - deployment and access
• Cheap(er) (Superior Economics)
• On Demand (No long term contracts)
• Application and OS Independent
• Free of SW/HW Installation (Log in and go)
13
17. Cloud vs. On-Premise Security
• IT Security considerations are the same for in premise or on the
cloud!
• Confidentiality
– Keeping information confidential
• Integrity
– Keeping information unaltered unless authorized
• Availability
– Ability to have information available when requested
17
18. Inherent Security
• Geographically disparate
– No ice storm, earthquake, hurricane can bring it down - impacting availability
(if designed appropriately)
• Massively redundant infrastructure
– Multiple networks, servers hard-drives...etc...
18
20. Inherent Security
• Geographically disparate
– No ice storm, earthquake, hurricane can bring it down - impacting availability
(if designed appropriately)
• Massively redundant infrastructure
– Multiple networks, servers hard-drives...etc...
• Business Reputation
– They have more skin in the game - no ability to hide security incidents
20
21. Cloud security is a shared responsibility
• Cloud providers secure their infrastructure better than you
– ISO 27001
– FISMA - Moderate
– PCI DSS
– SAS 70 Type II
• YOU own the responsibility for securing the application layer
(Hypervisor)
– Use private cloud spaces
– Encrypted data; in-flight and at-rest
– Two Point Authentication (2FA)
• Service Level Agreement (SLA)
• Security’s weakest link: People
21
22. Legal Concerns
• Critical Infrastructures Act of 2002
• US Department of Transportation (PHMSA) subscribes to a
voluntary security model
– No current regulations for CyberSec - coming?
– Guidelines available
– American Pipeline Institute - ISO 27001/2
– Department of Homeland Security
– Transportation Sector-Specific Plan (NIST)
• You can implement all of these security standards in the cloud
– SOX, ISO 9000, ISO 27000
22
24. Security: Final Comments
• In 2011 the CIO of the United States called for moving $20 Billion, or one
quarter of all federal IT spending into the cloud.
– Department of Homeland Security
– US Citizenship and Immigration
– US Dept. of Justice
– FEMA
– FAA
– Recovery.gov
– US Dept. Agriculture – (Email 27 to 1, Data Portability Built-In)
– Intelligence and National Security Alliance (INSA)
Source: ComputerWorld - 07/2011 - http://www.computerworld.com/s/article/9218702/Cloud_security_fears_exaggerated_says_federal_CIO
24
25. Security: Final Comments, cont.
"A lot of people are sort of driving this notion of fear around security, and the
reason I think that's been amplified, frankly, is because it preserves the status
quo.“
“The U.S. also has a rule to pull funding from any IT project that isn't delivering
value six months from implementation” - Vivek Kundra, Federal CIO
•Increases competition among providers for Government Services
(https://www.apps.gov)
•Amazon GovCloud (http://aws.amazon.com/govcloud-us/)
Source: ComputerWorld - 07/2011 - http://www.computerworld.com/s/article/9218702/Cloud_security_fears_exaggerated_says_federal_CIO
25
26. Part III: GIS and the Cloud
Examples, Discussion, & Terminology
26
27. What is GIS?
• Traditionally pipeline GIS has been
implemented in a server, with a
RDBMS, using a data model
(networked, linear referencing)
– Data Warehouse, Business
Intelligence, Analytics
• Part of IT
• A integration point for other systems
based on ability to manage or be the
‘system or record’ for location
27
28. GIS in the Cloud
• IaaSPaaS (Cloud Utilization)
– ArcGIS Server for Amazon EC2
– Open Geo Suite (SkygoneAmazon EC2)
• SaaS
– Basic mapping services
– ArcGIS OnlineGoogle Earth Fusion TablesOpen Street Map
– Value added geoprocessing services
– ArcGIS OnlineGoogle Earth BuilderGoogle Maps EngineMapBoxGeoIQCartoDBeSpatial
– http://itouchmap.com/latlong.html
– http://www.batchgeo.com
– Specialty Applications
– Socium – Data Validation
– ESRI Business Analyst – Business Retail Location
– Digital Map Products – Government and Real Estate 28
Source: http://www.directionsmag.com/articles/navigating-through-the-nebulous-arena-of-the-cloud/259505
30. Pipeline GIS Cloud Potential
• Staging and Deployment, Rapid Development
• Operational GIS
• Operational Data Store (ROVILI)
• Situational Awareness (Story Board, Media, Risk)
• Visualization (Wow!, Lightweight)
• Scalable Map Services
• Real Time Data Integration (Scada, ILI, Tracking)
• Geo-Collaboration (VGI, Tag, Parse, Target - RISK)
• Street View (3D View, Altered Reality - HCA)
• Non SQL Databases (10GenMongoDB)
• Data Verification (MAOP, RISK, What we don’t know …)
•…
Source: http://www.informationisbeautiful.net 30
31. Smart Phones and Location-based Services
• 50% of all US Adults have smart-phones or tablets
• Vendors are making plays for location based services companies
• People are experimenting with new ways to utilize location
Source: http://www.fastcompany.com/3001809/5-reasons-location-smartphones-killer-map
31
33. Thoughts
• Part of this is cloud utilization
• Geo-Services
• Data structures and models could potentially become less relevant
as long as people can get to their data and can present it coherently
(storage vs. processing and structure vs. agility – noSQL)
• Access to and querying of data will become key - human language
constructs.
• Change the paradigm of application development and delivery
(Software as a Service).
• Data must be discoverable, accessible, and exploitable (Large Data,
Rapid Dissimination, Broad User Base)
33
34. How to start moving into the cloud
• Identify restrictions and gray areas
• Start running experiments with Software-as-a-Service (SaaS)
• Do your next development project in the cloud
• Talk with your core enterprise software vendors to understand their
plans for the cloud
Source: What Every CEO Needs to Know about the Cloud: Harvard Business Review, 2011: http://hbr.org/search/R1111J (
http://hbr.org/2011/11/what-every-ceo-needs-to-know-about-the-cloud/ar/1)
34
35. Moving to the Cloud
• This isn’t a GIS or IT or Legal Decision – It is a C-Level Decision – it
will be about business
• Do they want to build another GIS or operate a pipeline?
• Delegating to the IT Department isn’t necessarily the right idea
• Expect un-anticipated Cloud Benefits
• Typical concerns of security are red-herrings
Source: What Every CEO Needs to Know about the Cloud: Harvard Business Review, 2011: http://hbr.org/search/R1111J (
http://hbr.org/2011/11/what-every-ceo-needs-to-know-about-the-cloud/ar/1)
35
37. Key Sources (in alphabetical order …)
Amazon Web Services: http://aws.amazon.com/
ArcGIS Online: http://www.arcgis.com/about/features.html#reach-your-users
Arc GIS Online Help: http://resources.arcgis.com/en/help/main/10.1/index.html#//016w00000036000000
Data Governance: http://www.sas.com/resources/whitepaper/wp_50387.pdf
Directions Magazine – Channel on Cloud Computing - http://www.directionsmag.com/channels/cloud-computing/
GIS and the Cloud: http://www.directionsmag.com/articles/navigating-through-the-nebulous-arena-of-the-cloud/259505
Google Data Centers: http://www.google.com/about/datacenters/gallery/#/all’
Google Fusion Tables: http://www.google.com/fusiontables/Home/
Google Map Engine: http://www.google.com/enterprise/mapsearth/products/mapsengine.html
Google Security and Privacy:
http://static.googleusercontent.com/external_content/untrusted_dlcp/www.google.com/en/us/a/help/intl/en-GB/admins/pdf/ds_gsa_apps_whitepaper_0207
INSA White Paper - ttp://www.insaonline.org/assets/files/White%20Papers/INSA_Cloud_Computing_2012_FINAL.pdf
37
38. Key Sources (in alphabetical order, cont.)
NIST: http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
NoSQL Databases: http://www.10gen.com/static/downloads/nosql_bi.pdf
Pipeline CyberSecurity: Federal Policy: http://www.fas.org/sgp/crs/homesec/R42660.pdf
Pipeline GIS Data Governance: http://eaglemap.com/pipeline-executives/
What Every CEO Needs to Know about the Cloud: Harvard Business Review, 2011: http://hbr.org/search/R1111J (http://hbr.org/2011/11/what-
every-ceo-needs-to-know-about-the-cloud/ar/1)
Visualization: http://www.informationisbeautiful.net/2012/announcing-the-information-is-beautiful-awards-shortlist/?
utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+InformationIsBeautiful+%28Information+Is+Beautiful%29
Security: http://www.computerworld.com/s/topic/17/Security
38
Editor's Notes
Main Point Fairly straightforward concept. There is some confusion. Additional Points Ninety-five percent of those claiming they never use the cloud actually do so via online banking and shopping, social networking, and storing photos and music. Source: Demystifying Cloud Computing - CIO - http://www.cio.com/article/439814/Demystifying_Cloud_Computing Source: Business Insider - 51% Of People Think Stormy Weather Affects 'Cloud Computing' http://www.businessinsider.com/people-think-stormy-weather-affects-cloud-computing-2012-8 Source: INSA White Paper - http://www.insaonline.org/assets/files/White%20Papers/INSA_Cloud_Computing_2012_FINAL.pdf NIST Definition on Cloud Computing: http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf INSA (Intelligence and National Security Alliance) White Paper Definition: Use the term “cloud” in one of two ways: as an adjective or a noun. Both uses of the phrase “cloud computing” are used in the rest of this document. Cloud Computing as an adjective: a method of computing that provides It capacity in elastic ways to expand to meet user needs and contract when demand decreases. Cloud Computing as a noun: an infrastructure of on-demand capabilities using virtualized resources. this involves pools of storage, network, processing, and other computational resources that can be efficiently allocated when requested and quickly provisioned in a highly automated fashion. NIST: National Institute of Standards and Technology (US Department of Commerce)