cloud security Cloud computing  Traditional methods versus cloud computing  Cloud by youssefadham

VIEWS: 345 PAGES: 14

security of cloud

More Info
									Cloud computing
      Traditional methods versus cloud computing
      Cloud Computing Defined
      Essential Characteristics of Cloud Computing
      Cloud Service Models
      The SPI Framework for Cloud Computing
      Relevant Technologies in Cloud Computing
      Cloud Deployment Models
      Cloud security
          1. infrastructure security
                   the network level
                   the host level
                   the application level
          2. data security
          3. identity and access management IAM
          4. security management in the cloud

Traditional methods versus cloud computing
Traditional methods of purchasing software involved the customer loading the
software onto his own hardware in return for a license fee (a capital expense, known
as CapEx). The customer could also purchase a maintenance agreement to receive
patches to the software or other support services. The customer was concerned with
the compatibility of operational systems, patch installations, and compliance with
license agreements.

In a SaaS model, the customer does not purchase software, but rather rents it for use
on a subscription or pay-per-use model (an operational expense, known as OpEx). In
some cases, the service is free for limited use. Typically, the purchased service is
complete from a hardware, software, and support perspective. The user accesses the
service through any authorized device

Cloud Computing Defined
Our definition of cloud computing is based on five attributes: multitenancy (shared
resources), massive scalability, elasticity, pay as you go, and self-provisioning of

Multitenancy (shared resources)
Unlike previous computing models, which assumed dedicated resources (i.e.,
computing facilities dedicated to a single user or owner), cloud computing is based on
a business model in which resources are shared (i.e., multiple users use the same
resource) at the network level, host level, and application level.
Massive scalability
Although organizations might have hundreds or thousands of systems, cloud
provides the ability to scale to tens of thousands of systems, as well as the ability to
massively scale bandwidth and storage space.
Users can rapidly increase and decrease their computing resources as needed, as well
as release resources for other uses when they are no longer required.
Pay as you go
Users pay for only the resources they actually use and for only the time they require
Self-provisioning of resources
Users self-provision resources, such as additional systems (processing capability,
software, storage) and network resources.

One of the attributes of cloud computing is elasticity of resources. This cloud
capability allows users to increase and decrease their computing resources as needed,
as Figure 1 illustrates.

There is always an awareness of the baseline of computing resources, but predicting
future needs is difficult, especially when demands are constantly changing. Cloud
computing can offer a means to provide IT resources on demand and address spikes in

Interest in the cloud is growing because cloud solutions provide users with access to
supercomputer-like power at a fraction of the cost of buying such a solution outright.
More importantly, these solutions can be acquired on demand; the network becomes
the supercomputer in the cloud where users can buy what they need when they need
it. Cloud computing identifies where scalable IT-enabled capabilities are delivered as
a service to customers using Internet technologies
FIGURE 1. Attribute of elasticity

Essential Characteristics of Cloud Computing
Cloud services exhibit five essential characteristics that demonstrate their relation to,
and differences from, traditional computing approaches:

On-demand self-service. A consumer can unilaterally provision computing
capabilities such as server time and network storage as needed automatically,
without requiring human interaction with a service provider.
Broad network access. Capabilities are available over the network and accessed
through standard mechanisms that promote use by heterogeneous thin or thick client
platforms (e.g., mobile phones, laptops, and PDAs) as well as other traditional or
cloud based software services.
Resource pooling. The provider‟s computing resources are pooled to serve
multiple consumers using a multi-tenant model, with different physical and virtual
resources dynamically assigned and reassigned according to consumer demand.
There is a degree of location independence in that the customer generally has no
control or knowledge over the exact location of the provided resources, but may be
able to specify location at a higher level of abstraction (e.g., country, state, or
datacenter). Examples of resources include storage, processing, memory, network
bandwidth, and virtual machines. Even private clouds tend to pool resources
between different parts of the same organization.
 Rapid elasticity. Capabilities can be rapidly and elastically provisioned — in some
cases automatically — to quickly scale out; and rapidly released to quickly scale in.
To the consumer, the capabilities available for provisioning often appear to be
unlimited and can be purchased in any quantity at any time.
 Measured service. Cloud systems automatically control and optimize resource
usage by leveraging a metering capability at some level of abstraction appropriate to
the type of service (e.g., storage, processing, bandwidth, or active user accounts).
Resource usage can be monitored, controlled, and reported — providing
transparency for both the provider and consumer of the service.
It is important to recognize that cloud services are often but not always utilized in
conjunction with, and enabled by, virtualization technologies. There is no
requirement, however, that ties the abstraction of resources to virtualization
technologies and in many offerings virtualization by hyper visor or operating system
container is not utilized.

Cloud Service Models
Cloud service delivery is divided among three models. The three fundamental
classifications are often referred to as the “SPI Model,” where „SPI‟ refers to
Software, Platform or Infrastructure (as a Service), respectively — defined thus:

 Cloud Software as a Service (SaaS). The capability provided to the consumer is
to use the provider‟s applications running on a cloud infrastructure. The applications
are accessible from various client devices through a thin client interface such as a
web browser (e.g., web-based email). The consumer does not manage or control the
underlying cloud infrastructure including network, servers, operating systems,
storage, or even individual application capabilities, with the possible exception of
limited user specific application configuration settings.
 Cloud Platform as a Service (PaaS). The capability provided to the consumer is
to deploy onto the cloud infrastructure consumer-created or acquired applications
created using programming languages and tools supported by the provider. The
consumer does not manage or control the underlying cloud infrastructure including
network, servers, operating systems, or storage, but has control over the deployed
applications and possibly application hosting environment configurations.
 Cloud Infrastructure as a Service (IaaS). The capability provided to the
consumer is to provision processing, storage, networks, and other fundamental
computing resources where the consumer is able to deploy and run arbitrary
software, which can include operating systems and applications. The consumer does
not manage or control the underlying cloud infrastructure but has control over
operating systems, storage, deployed applications, and possibly limited control of
select networking components (e.g., host firewalls).

The SPI Framework for Cloud Computing
“SPI.” This acronym stands for the three major services provided through the cloud:
software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-
service (IaaS). Figure 2 illustrates the relationship between services, uses, and types
of clouds.
                      FIGURE 2. SPI service model

Relevant Technologies in Cloud Computing

Cloud computing isn’t so much a technology as it is the combination of many
preexisting technologies. These technologies have matured at different rates and in
different contexts, and were not designed as a coherent whole; however, they have
come together to create a technical ecosystem for cloud computing. New advances in
processors, virtualization technology, disk storage, broadband Internet connection,
and fast, inexpensive servers have combined to make the cloud a more compelling
solution. FIGURE 3 illustrates the Architecture for relevant technologies

      Cloud access devices
      Browsers and thin clients
      High-speed broadband access
      Data centers and server farms
      Storage devices
      Virtualization technologies

Virtualization is a foundational technology platform fostering cloud computing, and it
is transforming the face of the modern data center. The term virtualization refers to
the abstraction of compute resources (CPU, storage, network, memory, application
stack, and database) from applications and end users consuming the service. The
abstraction of infrastructure yields the notion of resource democratization—whether
infrastructure, applications, or information— and provides the capability for pooled
resources to be made available and accessible to anyone or anything authorized to
utilize them via standardized methods.

FIGURE 3. Architecture for relevant technologies

Cloud Deployment Models
Regardless of the service model utilized (SaaS, PaaS, or IaaS) there are four
deployment models for cloud services, with derivative variations that address specific
 Public Cloud. The cloud infrastructure is made available to the general public or a
large industry group and is owned by an organization selling cloud services.
 Private Cloud. The cloud infrastructure is operated solely for a single organization.
It may be managed by the organization or a third party, and may exist on-premises or
Community Cloud. The cloud infrastructure is shared by several organizations
and supports a specific community that has shared concerns (e.g., mission, security
requirements, policy, or compliance considerations). It may be managed by the
organizations or a third party and may exist on-premises or off-premises.
Hybrid Cloud. The cloud infrastructure is a composition of two or more clouds
(private, community, or public) that remain unique entities but are bound together by
standardized or proprietary technology that enables data and application portability
(e.g., cloud bursting for load-balancing between clouds).

Cloud security
Today, enterprises are looking toward cloud computing horizons to expand
their on-premises infrastructure, but most cannot afford the risk of compromising
the security of their applications and data. For example, IDC recently conducted a survey
1 (see Figure 4) of 244 IT executives/CIOs and their line-of-business (LOB) colleagues
to gauge their opinions and understand their companies’ use of IT cloud services.
Security ranked first as the greatest challenge or issue of cloud computing.

       Figure 4. Results of IDC survey ranking security challenges.
    Cloud security taxonomy


          Infrastructure            Data   
To top