Вы находитесь на странице: 1из 9

QUESTION 1: SECURITY ISSUES TO CONSIDER FOR CLOUD SERVICES

On a broad level, the following table highlights the major threats in cloud computing:
THREAT DESCRIPTION
Account or service
hijacking

An account theft can be performed by different ways such as social engineering
and weak credentials. If an attacker gains access to a users credential, he can
perform malicious activities such as access sensitive data, manipulate data, and
redirect any transaction

Data scavenging

Since data cannot be completely removed from unless the device is destroyed,
attackers may be able to recover this data

Data leakage

Data leakage happens when the data gets into the wrong hands while it is being
transferred, stored, audited or processed

Customer-data
manipulation

Users attack web applications by manipulating data sent from their application
component to the servers application.

Following things need to be considered for the cloud security offerings:
With SaaS, the burden of security lies with the cloud provider. In part, this is because of
the degree of abstraction, the SaaS model is based on a high degree of integrated
functionality with minimal customer control or extensibility.
By contrast, the PaaS model offers greater extensibility and greater customer control.
Largely because of the relatively lower degree of abstraction, IaaS offers greater tenant or
customer control over security than do PaaS or SaaS.
PaaS as well as SaaS are hosted on top of IaaS; thus, any breach in IaaS will impact the
security of both PaaS and SaaS services, but also it may be true on the other way around.
Since PaaS offers a platform to build and deploy SaaS applications, such an
actionincreases the security dependency between them. As a consequence of these deep
dependencies, any attack to any cloud service layer can compromise the upper layers.
A SaaS provider may rent a development environment from a PaaS provider, which might
also rent an infrastructure from an IaaS provider. Each provider is responsible for securing
his own services, which may result in an inconsistent combination of security models. It
also creates confusion over which service provider is responsible once an attack happens.

PRIVACY ISSUES TO CONSIDER FOR CLOUD SERVICES:
Privacy and confidentiality risks can arise from sharing or storage by users of their information
on remote servers owned or operated by others and accessed through the Internet or other
connections. Some of the most important issues for companies to consider before engaging in
cloud computing are a provider's terms of service, as well as the location and data restrictions on
information put in the cloud. Because companies might be storing documents that should not be
made public, there lot of concerns about what can happen to the information if data is leaked
through the cloud.
Also, information stored in the cloud is much more accessible by a private litigant or the
government. Traditionally, if an enterprise has information in its possession that a government
wants, the government must come directly to the owner of the information to get it. But if it's in
the hands of a third party, the information potentially could be released without the owner's
knowledge. In that scenario, the owner of the information wouldn't have been able to object to the
disclosure let alone even know their information has been released. Further, the location of the
cloud provider is also an important consideration. If, for example, the cloud provider is located in
the European Union, the data could be permanently subject to EU laws, which would be different
from the Indian laws.
Encrypting data that is put in the cloud might solve many of the data privacy issues. But
on the down side, encrypting data might make it harder for the users to access the data.

AMAZON CLOUD SECURITY:
AMAZON Web Services provides security up to the hypervisor, meaning they will address
security controls such as physical security, environmental security, and virtualization security.
The cloud customer is responsible for security controls that relate to the IT system, including the
guest operating system, middleware technologies and applications.
AMAZONs customers are responsible for the security of their workloads running on
AWS. This includes protecting instances such as AWS IAM (Identity & Access Management)
service, Multi Factor Authentication (MFA) solution, and security groups, to help with security
responsibilities. In addition, AMAZON recommends leveraging third party security solutions to
create a complete end-to-end secure environment for all workloads.




AMAZON CLOUD PRIVACY:
AMAZON participates in the safe harbor programs described in their Privacy Policy. The
customer may specify the AWS regions in which his content will be stored and accessible by end
users. AMAZON states that they wont move their Content from their selected AWS regions
without notifying the customer, unless required to comply with the law or requests of
governmental entities.


QUESTION 2: COMPARISON OF AMAZON EC2, GOOGLE APP ENGINE, AND
MICROSOFT AZURE

S.N
o.
Characte
ristics
Amazon EC2 Microsoft Azure Google App Engine

1 Cloud
Services
Paas , Iaas Paas , Iaas

Paas , Saas

2 Platform
Supported
Windows Server
2003/2008
Microsoft SQL Server
Standard 2005
Fedora Gentoo Linux
Red Hat Enterprise
Linux
Windows Server
2003/2008
Oracle Enterprise
Linux
OpenSolaris
OpenSUSE Linux
Ubuntu Linux
Fedora
Gentoo Linux
Debian.
Operating
Systems
Windows 7
Windows Server
2008
Windows Vista
Java Runtime
Environment
Python Runtime
Environment
In addition to
managed code
languages
supported by .NET,
Azure will support
more programming
languages and
development
environments in the
near future.
3 Languages
Supported
Any VB.NET
C#
PHP
Java
Python
4 Cloud
Services
and tools
Amazon Elastic
Compute Cloud (EC2)
AWS GovCloud (US)
AmazonRelational
Database Service
(RDS)
Windows Azure
Platform Training
Kit
Windows Azure
Software
Development Kit
Microsoft Visual
Google Search
Gmail
Chrome browser
Google Maps

Studio 2008
Service Pack 1
Windows Azure
platform
AppFabric SDK
V1.0
Windows 7
Training Kit For
Developers
5 Maximum
Limits
Amazon S3 - Store
object up to 5 GB
Amazon EC2 [Elastic
Block storage] -
Volume sizes ranging
from 1GB to 1TB
(20 TB/account limit
while in beta)
Azure has a
64MB limit on
individual blobs
and also allows
you to split a blob
into blocks of
4MB each
Automatic scaling
is built in with App
Engine
No matter how
many users you
have or how much
data your
application stores,
App Engine can
scale to meet your
needs
6 Security AWS network
provides significant
protection and also
enables customer to
implement further
protection
Uses SSL (encryption)
to maintain
confidentiality
Filtering Routers
Firewalls
Cryptographic
Protection of
Messages
Software Security
Patch
Management
centralized
monitoring,
Googles 2 step
verification

correlation, and
analysis systems
Network
Segmentation
Service
Administration
Access
Googles 2 step
verification
Physical Security
7 Service
Resource
Pricing

Amazon S3 - Storage
Used / Data Transfer
In or Data Transfer
Out/PUT, COPY,
POST, LIST or GET
request (No charge for
delete requests)
Amazon RDS - Based
on per DB Instance-
hour consumed, from
the time a DB Instance
is launched until it is
terminated.
Each partial DB
Instance-hour
consumed will be
billed as a full
hour/based on
provisioned storage

Billing is based
on Compute,
Storage, Storage
transactions and
Data transfers

An efficient
application on a
free account can
use up to 500MB
of storage and up
to 5 million page
views a month.
When you are
ready for more,
you can enable
billing, set a
maximum daily
budget, and
allocate your
budget for each
resource
according to
your needs.
Billing is based
and number of I/O
requests /After the DB
Instance is terminated,
backup storage/ data
transferred in and
out of Amazon RDS
Amazon EC2 - Pricing
is per instance-hour
consumed for each
instance type, from the
time an instance is
launched until it is
terminated. Each
partial instance-hour
consumed will be
billed as a full hour.
on the following
parameters -
Outgoing
Bandwidth
Incoming
Bandwidth
CPU Time CPU
Stored Data
Recipients
Emailed
8 Scalability
/Reliabilit
y
Automatic scaling.
Highly - increase or
decrease capacity
within minutes.
One can select a
configuration of
memory, CPU, and
instance storage that is
optimal for ones
choice of operating
system and
application.

Automatic scaling
and highly
scalable.
Open platform
supports both
Microsoft and
non-Microsoft
languages and
environments

Automatic scaling.
"Massively
scalable" App
Engine datastore
and services.
Sandbox flexible
enough for you to
break abstractions
at will.

9 Reliability 99.95% availability. A
few performance-
Fabric Controller
technology
Generally 100%
available, but not
related outages over
the past few years.

reroutes work
instantaneously if
a server goes
down; 99.9% -
99.95% uptime
guaranteed at
100%.
Transparent uptime
visual offered.
10 Key
Features
Designed to make
web-scale computing
easier for developers.
Currently offering
a "development
accelerator"
discount plan. 15-
30% discount off
consumption
charges for first 6
months
No limit to the free
trial period if you
do not exceed the
quota allotted.

11 Pricing Linux/Unix ranges
from $0.10 to $0.80
per hour for Standard
on-demand instances.
Windows ranges from
$0.125 to $1.00 per
hour.
High CPU on-demand
instance for Linux
range from $0.20 to
$0.80 per hour
Windows usage ranges
from $0.30 to $1.20
per hour.
Pure pay-as-you-
go:
$0.12 per hour for
computing
$0.15 per GB for
storage
$0.10 per 10,000
storage
transactions
SQL Azure
database:
$9.99 - basic Web
edition (1 GB
DB)
$99.99 - Business
Edition (10 GB
DB)
Network
Free quota of 500
MB of storage and
around 5M page
views per month.
After bandwidth
outgoing/incoming
per GB:
$0.12/$0.10. CPU
time $0.10 per CPU
hour, stored data
$0.15 per GB per
month, Email
$0.0001 per
recipient.

bandwidth:
$0.10-$0.15 per
GB.
.