Cloud Presentation

By
Aditya Chatterjee(A2305316011)
Abhishek Kapila(A2305316027)
 MODULE 3
1. GUEST HOPPING.
2. VM MITIGATION ATTACK.
3. DATA LOSS PREVENTION.
 VIRTUALIZATION
• Virtualization is the ability to run multiple operating systems on a single
physical system and share the underlying hardware resources*
• It is the process by which one computer hosts the appearance of many
computers.
• Virtualization is used to improve IT throughput and costs by using physical
resources as a pool from which virtual resources can be allocated.
• A Virtual machine (VM) is an isolated runtime environment (guest OS and
applications)
• Multiple virtual systems (VMs) can run on a single physical system
GUEST HOPPING
• Exploits vulnerabilities in hypervisors that attacks to
allows malware or remote attacks to compromise VM
separation protections and gain access t other VMs,
host or even the hypervisor itself.
• These attacks are often accomplished once attacker
has gained access to a low-value, thus secure, VM on
the host, which is then used as a launch point for
further attacks on the system.
• Some examples have or more compromised VMs in
collusion to enable a successful attack against
• Secured VMs or the hypervisor itself.
 VM Migration Attack
• A challenge for any cloud installation is the
constant tradeoff of availability versus security.
In general, the more fluid your cloud system
(i.e., making virtualized resources available on
demand more quickly and easily), the more
your system becomes open to certain
cyberattacks.

• For the most part, VM migration executed by

modern hypervisors, both commercial
proprietary and open source, satisfy the
security requirements of a typical private
cloud. Certain cloud systems, however, may
require additional security. For example,
consider a system that must provide greater
guarantees that the virtual resources and virtual
machine operations on a single platform are
isolated between different (and possible
competing) organizations. For these more
restrictive cloud installations, VM migration
becomes a potential weak link in a company’s
security profile.
How to address VM migration Cyber-attacks

• Spoofing: Man-in-the-middle attacks are well studied, and modern hypervisors should already utilize the proper
authentication protocols integrated within its migration process to prevent this class of attack. The most common variations
of Xen, for example, include public key infrastructure support for mutual authentication via certificate authorities or shared
keys to guard against MITM attacks.
• Thrashing: External DOS attacks are usually best addressed outside of the hypervisor, within the network infrastructure.
Systems that use orchestration software to automate VM migration for load balancing, or even defensive purposes, should
be configured to guard against DOS attacks as well.
• Smash and Grab: This attack attempts to disrupt the migration process at an opportune moment so that the VM state data
is corrupted or forced out of sync with the VM image at the source or destination server, rendering the VM either
temporarily or permanently disabled. A smash-and-grab attack could behave like DOS attack over the network, or could be
enacted by malware in the hypervisor.
• Bait and Switch: We can approach the bait-and-switch attack as a variation of the smash-and-grab attack, and the
mitigation of this threat is the same. For the bait-and-switch attack to succeed, a residual copy of the aborted VM
migration attempt must remain on the destination server.
DATA LOSS PREVENTION
Definition of Data Loss Prevention
Products that, based on central policies, identify, monitor, and protect data at
rest, in motion, and in use, through deep content analysis.
 Data Loss Protection
 Data Leak Prevention/Protection
 Information Loss Prevention/Protection
 Information Leak Prevention/Protection
 Extrusion Prevention System
 Content Monitoring and Filtering
 Content Monitoring and Protection
DLP Background
• Three different levels
of DLP solution
 Data in Motion
 Data which uses
HTTP, FTP, IM, P2P
and SMTP
protocols are
mirrored in the
DLP server for
inspection where
visibility is
enhanced
 Data at Rest
 Data in file
servers,
databases, hosts
computers set for
file sharing, etc.
 Data at End Points
 Data which sits on
end user hosts
(workstations and
notebooks)
DLP SOLUTION
The Selection
 Given that the business problem of to be able to exchange confidential information
securely and easily,
 We believe that a DLP solution have the ability to address such need by identifying and
securing confidential data in a comprehensive and efficient manner as described in the
guidelines above,
 We select Websense as a representative of such DLP solution which has met all criteria
mentioned above.
Websense
 Global leader in integrated Web security, data security, and email security solutions.
 Protects approximately 40 million employees at more than 40,000 organizations
worldwide
 Core strength in Web filtering, discovery and classification of content
• Data Monitor
 Monitors and
identifies what
customer data is at
risk; who is using
the data in real
time; and where
this data is going
 Precise ID
technology
 Module 5
1. Explore manufacturing processes in the cloud
2. AWS for manufacturing benefits
3. The Kellogg Company case study
1. Manufacturing processes in the AWS Cloud
• For more than 25 years, Amazon has designed and manufactured smart
products and distributed billions of products through its globally connected
distribution network using cutting edge automation, machine learning and
AI, and robotics, with AWS at its core.
• From product design to smart factory and smart products, AWS helps
leading manufacturers transform their manufacturing operations with the
most comprehensive and advanced set of cloud solutions available today,
while taking advantage of the highest level of security.
• AWS allows you to focus your resources on optimizing production, creating
new smart-product business opportunities, and improving operational
efficiencies across the value chain, not on the infrastructure to make it
happen.
Exploring the manufacturing processes
Product and Production Design
• High Performance Computing (HPC)
allows product developers and engineers
to solve complex problems using model-
based design and large-scale, parallel
simulations.
• Focus on product design, not the
infrastructure to make it happen
• Accelerate time-to-results and time-to-
market by running large numbers of
parallel tasks in the cloud
• Reduce costs by providing optimized CPU
Smart Factory
• Leverage AWS IoT Services, edge
computing, data lakes, and advanced
analytics tools to improve manufacturing
operations by capturing, analyzing,
visualizing, and executing on plant floor
data.
• Enabling access to disparate plant data to
improve Overall Equipment Effectiveness
(OEE)
• Adding AI and Machine Learning for real
time and predictive analytics capabilities
• Creating a disaster recovery plan in the
cloud
Smart Products and Services
• Create smart products using IoT and Data
Lakes. Innovate your smart connected
product offerings using AWS services such as
IoT, Machine Learning, Artificial Intelligence,
and Big Data to collect, process, store,
analyze, and act on machine data.
• Offer a product as a service
• Enable post sale revenue models

• Predict and proactively resolve issues in the

field to maintain SLAs or Service Level
Agreements.
2. AWS for manufacturing benefits
Improve operations
• AWS makes it easy to build and tailor
your data lake allowing you to
securely store, categorize, and analyze
all your data in one, centralized
repository.
• Add a wide variety of cost effective
and powerful analytics products to
process, analyze, and visualize data.
• Provide real-time and predictive
analytics to improve overall
equipment effectiveness (OEE),
service levels, product quality, and
supply chain efficiency.
Innovate Faster
• AWS virtually unlimited High
Performance Compute (HPC) capacity
allows you to improve your pace of
innovation without the need for large
capital investments.
• Running HPC in the cloud allows
designers, scientists and engineers to
solve complex, compute-intensive
problems quickly enabling you to
reduce time-to-results by scaling to
larger numbers of parallel tasks than
would be practical in most on-
premises environments.
Lower Infrastructure Costs
• Focus on improving business
operations and innovation, not
infrastructure.
• AWS pay-as-you-go micro services
and server less computing models
reduce the cost of running your
connected plant or smart product
programs.
• With minimum upfront investment
and nearly unlimited on-demand
capacity, you can focus on
differentiating your business not on
infrastructure.
Enhanced Security
• Cloud security at AWS is the highest
priority. As an AWS customer, you
benefit from a data center and
network architecture built to meet the
requirements of the most security-
sensitive organizations.
• Infrastructure cyber-attacks have
recently risen dramatically. Protect
your factory by leveraging S3 and
other storage services in the AWS
Cloud for a robust disaster recovery
plan.
3. The Kellogg Company Case Study
The company was founded in 1898 when founder W. K. Kellogg and his
brother, Dr. John Harvey Kellogg, accidentally flaked wheat berry—a
mistake that would result in the recipe for Kellogg’s Corn Flakes. The
company, which is headquartered in Battle Creek, Michigan, now
operates in 180 countries, providing ready-to-eat cereals and other
food products. Its 2013 reported net sales totaled $14.8 billion.
Kellogg’s brands include Froot Loops, Frosted Flakes, Special K, Rice
Krispies, Pop Tarts, Eggo Waffles, Nutri-Grain Bars, and of course,
Kellogg’s Corn Flakes.
The Challenge
• Margins are tight in the ready-to-eat cereal
industry. For a company like Kellogg, approximately
a third of its annual revenue is spent on
promotional costs or trade spend: every dollar
spent on coupons and special offers, promotions
for special pricing, sponsorships, even the location
each brand occupies on the grocery-store shelf.
“Any improvements we make to trade spend go
straight to our bottom line,” says Stover McIlwain,
Senior Director of IT Infrastructure Engineering at
Kellogg. “If we improve trade spend by just 1
percent, that’s $50 million dollars.”
• The company keeps a close eye on its trade spend,
analyzing large volumes of data and running
complex simulations to predict which promotional
activities will be the most effective. Kellogg had
been using a traditional relational database on
premises for data analysis and modeling, but by
2013, that solution was no longer keeping up with
the pace of demand
• Each day, Kellogg needed to run dozens of complex
data simulations on things like TV ad spend, digital
marketing, coupon campaigns and other
promotions, sales commissions, display and
shelving costs—but its system only had the
capacity to run just one simulation a day.
• “Margins are very tight in our industry, and even
slight changes in trade spend can swing market
share,” McIlwain says. “Revenue growth is flat in
some of our categories, so we need to be very
agile to stay competitive. We needed to eliminate
waste and invest more in the trade spend that
drives faster time to market and greater revenue.”
It was clear that Kellogg needed to move away
from its traditional on-premises infrastructure
Why Amazon Web Services??
• Amazon Web Services (AWS) offered a fully SAP-certified • Kellogg uses Amazon Cloud Watch for monitoring, which
HANA environment on a public cloud platform. Because SAP helps the company allocate costs to each department based
works on the AWS Cloud, the company knew it could achieve on their individual infrastructure use. “Cloud Watch helps our
the speed, performance, and agility it required without people make better decisions around the capacity they need,
making a significant investment in physical hardware. Kellogg so that they can avoid waste,” McIlwain says. Costs and
decided to start immediately with test and development benefits of this IT service can now be aligned so that Kellogg
environments for its US operations. can assess the true return on investment.
• The company is now running the SAP Accelerated Trade • For high availability, Kellogg leverages multiple AWS
Promotion Management (TPM) solution, powered by SAP Availability Zones (AZs) without the additional cost of
HANA and leveraging multiple AWS instance types for both maintaining a separate datacenter.
the SAP application and HANA database layers.
These Amazon Elastic Compute Cloud (Amazon EC2) instances
process 16 TB of sales data weekly from promotions in the
US, modeling dozens of data simulations a day.
• The company also uses Amazon Virtual Private
Cloud (Amazon VPC), which is connected directly to the
Kellogg data centers to allow access to SAP TPM directly for
employees who are on the company network.
The Benefits
• Using AWS saves us more than $900,000 and lets us run • It allows the team to quickly provision instances and avoid
dozens of data simulations a day so we can reduce trade having to repeatedly install and configure the software.
spend. It’s a win-win, and a pretty compelling business case
for moving to the cloud.
• Kellogg is using AWS for its US operations, and plans to
• By using AWS, the company is also able to be more agile. expand worldwide in 2014 — which should increase the
Instead of having to wait 30 days to make changes to its trade amount of data being processed from 16 TB to 50 TB.
spend analysis system, the company can spin up instances
immediately to perform the necessary data simulations (or
calculations). Staff can deploy instances 90 percent faster
than with our previous on-premises solution,” McIlwain says.
“The AWS Cloud drives a lot of business benefits for Kellogg.”
• Kellogg engineers liked the accessibility and familiarity of the
AWS platform, which enabled them to easily apply their
existing knowledge and infrastructure skills to the AWS
Cloud. In addition, by using AWS, the IT team’s internal
customers can now self-fund IT projects—saving the IT team
from having to budget for projects from other departments
and driving more efficient use of resources.