Академический Документы
Профессиональный Документы
Культура Документы
INTRODUCTION
CLOUD
COMPUTING
INTERNET SERVICES
SHARED SCALABLE
VIRTUALISATION
Figure:1
“Cloud Computing is a method of running application software and storing related data
in central computer systems and providing customers or other users access to them
through the internet.”
1
(1.2) Characteristics of Cloud
2
CHAPTER 2
In the industry there are four types of Cloud Deployment Models that are generally
accepted; most prominently by the American National Institute of Standards and
Technology (NIST).
1. On-Premise Private Cloud: This type of cloud is hosted within an organization’s own
facility. A businesses IT department would incur the capital and operational costs for the
physical resources with this model. On-Premise Private Clouds are best used for
applications that require complete control and configurability of the infrastructure and
security.
2. Externally Hosted Private Cloud: Externally hosted private clouds are also exclusively
used by one organization, but are hosted by a third party specializing in cloud
infrastructure. The service provider facilitates an exclusive cloud environment with full
guarantee of privacy. This format is recommended for organizations that prefer not to use
a public cloud infrastructure due to the risks associated with the sharing of physical
resources.
Undertaking a private cloud project requires a significant level and degree of engagement
to virtualized the business environment, and it will require the organization to reevaluate
decisions about existing resources. Private clouds are more expensive but also more
3
secure when compared to public clouds. An Info-Tech survey shows that 76% of IT
decision-makers will focus exclusively on the private cloud, as these clouds offer the
greatest level of security and control.
Public clouds are made available to the general public by a service provider who hosts
the cloud infrastructure. Generally, public cloud providers like Amazon AWS, Microsoft
and Google own and operate the infrastructure and offer access over the Internet. With
this model, customers have no visibility or control over where the infrastructure is
located. It is important to note that all customers on public clouds share the same
infrastructure pool with limited configuration, security protections and availability
variances.
Public Cloud customers benefit from economies of scale, because infrastructure costs are
spread across all users, allowing each individual client to operate on a low-cost, “pay-as-
you-go” model. Another advantage of public cloud infrastructures is that they are
typically larger in scale than an in-house enterprise cloud, which provides clients with
seamless, on demand scalability. These clouds offer the greatest level of efficiency in
shared resources; however, they are also more vulnerable than private clouds.
4
(2.3) Community Cloud
The Community Cloud has many similarities with the Private Cloud in that it delivers
services to a specific group of organizations and/or individuals that share a common goal.
Examples are regional or national educational or research institutes, community centers
or even commercial organizations wishing to share very high security facilities for
transaction processing like stock exchange trading companies.
The main goal for creating a Community Cloud is the ease of sharing data and platforms
and applications which otherwise would be too expensive to purchase like research
equipment. Another goal of sharing Cloud facilities with your own community may be to
reduce costs, improve performance and privacy and security without raising TCO in a
significant way. Some specific advantages could not easily be gained by runni9ng your
own local computing facilities: 24/7 access and support, shared service and support
contracts and the economics of scale.
Hybrid Clouds are a composition of two or more clouds (private, community or public)
that remain unique entities but are bound together offering the advantages of multiple
deployment models. In a hybrid cloud, you can leverage third party cloud providers in
either a full or partial manner; increasing the flexibility of computing. Augmenting a
traditional private cloud with the resources of a public cloud can be used to manage any
unexpected surges in workload.
Hybrid cloud architecture requires both on-premise resources and off-site server based
cloud infrastructure. By spreading things out over a hybrid cloud, you keep each aspect of
your business in the most efficient environment possible. The downside is that you have
to keep track of multiple cloud security platforms and ensure that all aspects of your
business can communicate with each other.
Your company wants to use a SaaS application but is concerned about security.
5
Your company offers services that are tailored for different vertical markets. You
can use a public cloud to interact with the clients but keep their data secured
within a private cloud.
You can provide public cloud to your customers while using a private cloud for
internal IT.
6
CHAPTER 3
There are many types of Cloud services like webmail, hosted Exchange, online storage,
online backup, social media, etc. All these services can be grouped under three main
Cloud service models: Software as a Service (SaaS), Platform as a Service (PaaS) and
Infrastructure as a Service (IaaS).
This is the most common type of Cloud service. SaaS is a break with tradition that
organizations buy or develop their own business applications and run and manage them
on their own IT infrastructure. Applications hosted by the third party goes back to the
mainframe days, and came into maturity with the ASP industry that emerged in the early
2000’s. Many types of SaaS services were developed from ASP solutions (i.e. application
hosting, pay per license, emulation, terminal services, etc) into Cloud solutions (i.e.
multi-tenancy, pay-per-use, web based interfaces, elastic, etc).
Key Characteristics:
Provides the same software to different customers via a network, usually the
Internet.
Managed by third party venders
Accessible via any computer without any downloads
Pay only for what you used.
User entangled with vendor
User entangles with vendor
Software on demand
The key benefits are that the customer does not need to worry about the development and
management of these applications. The provider is responsible for updates and managing
licenses, and most service management parameters like scalability, availability, and
maintenance and service continuity. Customer pays by means of pay-use-use model.
7
Typical examples of SaaS solutions are CRM, Billing and invoices, Web hosting, E-
commerce, Transaction processing, Online collaboration, etc.
Key Characteristics:
PaaS offerings can provide for every phase of software development and testing, or they
can be specialized around a particular area such as content management. Commercial
examples of PaaS include the Google Apps Engine, which serves applications on
Google’s infrastructure. PaaS services such as these can provide a powerful basis on
which to deploy applications, however they may be constrained by the capabilities that
the cloud provider chooses to deliver.
Some examples of PaaS service providers are Force.com, the first PaaS provider, and
smaller players like Bungee and Heroku. A latest entry is Google with its new App
Engine.
8
(3.3) Infrastructure as a Service (IaaS):
Key characteristics:
Examples of IaaS are hosting services supporting e-commerce, web hosting services that
include broadband connections and storage. Many of these on demand IaaS infrastructure
are built on components from leading vendors like CISCO, HP, NetApp and VMware.
SaaS-Software as a Service
Paas-Platform as a Service
9
CHAPTER 4
Cloud computing means sharing, the internet, multi-tenancy, a mix of free and non-free
services, data stored in any place of the world, anonymous customer, unclear SLAs,
many standards are used on the technical side. However, hardly any, like ISO/IEC 20000,
are used for compliance. By realizing the security risks, a customer will be able to assess
prospective providers and choose the right services that will not compromise their own
compliance to legislation and regulations.
Data loss/leakage: Data in the cloud has many advantages, but can be
compromised in many ways. It can be altered or deleted without a backup; it may
be unli9nked from its context or accessed by unauthorized people.
Shared technology vulnerabilities: A multi-tenant architecture has its own
challenges. Some components may not have been developed for this type of use
and may cause security issues.
Insecure application interfaces: Application interfaces, or APIs, are key
components for must Cloud services. If these interface are not properly designed
for security they can become a risk ‘waiting to happen’.
Malicious insiders: If Cloud providers are a cross-section of our society,
statistically seen, some of their staff or sub-contractor staff may be
untrustworthy.
Abuse and nefarious use of Cloud computing: Many Cloud providers give very
easy, and sometimes free for a trial period, access to their services. Registration is
relatively anonymous and can and will attract ‘darker customers’ like spammers
and hackers. Your Cloud provider may not only host your data and applications,
but also malicious software.
10
Unknown risk profile and account: Moving into the Cloud may make it more
difficult for organizations to provide their compliance to legislation and
regulations during external audits.
Account, service and traffic hijacking: Most private users of e-mail and the
internet will be aware of fraudulent tactics like phishing, password hacking and
identity theft. Passwords giving access to Cloud services go outside your own
company IT domain, and therefore can be compromised. For businesses this can
mean they are vulnerable to industrial espionage or can lose important business
data or processes.
SECURITY MITIGATIONS
RISKS
Data Loss/Leakage Authentication, Audit, Authorization, Use of
Encryption and Proper backup strategy
Shared Technology - Enhanced operations procedures for
Vulnerabilities monitoring and escalations when security
breaches
- Application of good security practice for
installation, configuration and application of
patches.
Insecure Application - Designing for security and proper testing
Interfaces methods
- Understanding how they interact with other
interfaces
-Strong authentication and access control
11
Malicious Insiders - Good HR vetting procedures
-Strong information security policies and
procedures
Abuse and Nefarious - Validation of credentials
use of Cloud - Increased monitoring of traffic between
Computing customers and known suspicious sites
Unknown risk profile - Good SLA structure including Cloud provider
and Account compliance audits
Account, service and - Strong authentication techniques
traffic hijacking - Monitoring of user behavior
Before letting any user/customer to enter the cloud, it is necessary to recognize the
user/customer for security and privacy purposes. Once the user/customer is recognized
then the verification technique will let them enter into the cloud.
In a Private Cloud VM can take over the role of the domain controller or security server,
but in Hybrid Clouds scenarios it becomes more diffused. In this case the additional
security of VPN is needed for the connections between the Private and Public or
Community Cloud parts.
The real problems appear with Public Clouds. In this scenario security can be handled or
not handled in many ways, for example using the Lightweight Directory Access Protocol
(LDAP), user-id and password lookup in a database or, if you are ‘lucky’, Kerberos ( a
network authentication protocol designed to provide strong authentication for
12
client/server applications by using secret key cryptography. ). Furthermore, if you are
using different solutions from the same or even different providers it is very unlikely that
there is a single sign-on system in place like in you Private Cloud.
Since the Cloud is internet based, security will have to based on ‘Internet-routable’
protocols, and such standardization between different Cloud component infrastructure
and service providers does not yet exist.
Triple-A or AAA are the security corner stones of IP based network management and
policy administration.
Accounting means the tracking of resource usage by users, and can for example be used
as part of an audit trail, costing or billing, or capacity monitoring.
One of the authentication challenges is formed by the fact that Cloud based security
infrastructure is distributed. Security features and algorithms are spread all over a certain
domain. A solution for this problem is offered by the SSO principle. All distributed
security elements are consolidated on one SSO-server. As a result, a user only needs to
sign on once using a security measure like a smart-card or a security token. SSO
architecture uses the so-called SOAP protocol, a protocol for the exchange of information
in the implementation of Web Services in the Cloud or any other network.
13
CHAPTER 5
Like any service model, Cloud has many benefits, but also some down sides.
SECURITY
COSTS
LOCATION
OF DATA
STORAGE
COMPLIANCE
BENEFITS
FLEXIBILITY
LIMITATIONS
INTERNET
DEPENDENCY
GREEN
SERVICE
LEVELS
MOBILITY MIGRATION
The following are some benefits of cloud computing -based services and applications:
Cost Saving: The most important benefit one can get by using cloud computing is
cost saving and especially this has work really well for small sized companies.
Companies can reduce their capital expenditures and use operational expenditures
14
for increasing their computing capabilities. This is a lower barrier to entry and
also requires fewer in -house IT resources to provide system support.
Reduced time for implementation: Cloud computing provides the processing
power and data storage as needed at the capacity required. This can be obtained in
real time instead of weeks or months that occur when a new business initiative is
brought online in a traditional way.
Dynamic scalability: Many enterprises include a reasonably large buffer from
their average computing requirement, just to ensure that capacity is in place to
satisfy peak demand. Cloud computing provides an extra processing buffer as
needed at a low cost and without the capital investment or contingency fees to
users.
Shortened development life cycle: Cloud computing adopts the shorter
development life cycle that required by the traditional development approach.
Any new business application can be developed online, connecting proven
functional application building blocks together.
Reliability: Services using multiple redundant sites can support business
continuity and disaster recovery.
Maintenance: Cloud service providers do the system maintenance, and access is
through application programming interfaces that do not require application
installations onto PCs, thus further reducing maintenance requirements.
Mobile Accessible: Mobile workers have increased productivity due to systems
accessible in an infrastructure available from anywhere .
Monitor projects more effectively: Stay within budget and ahead of completion
cycle times. This option is really helpful for small companies or individual as they
use the resources according to their requirement and keeping in mind their
projected budget.
Less personnel training is needed: It takes fewer people to do more work on a
cloud, with a minimal learning curve on hardware and software issues. This result
in less spending on infrastructure and company would spend more on their
projects.
15
Minimize licensing new software: Stretch and grow without the need to buy
expensive software licenses or programs. Cloud does not require you to buy
hardware and software because all the maintenance will be look after by the
venders.
More elasticity means less control: While public clouds are great for quickly scaling up
and down your resources, companies that require complete and total control over their
data and applications will need to avoid the public cloud. Alternative solutions include
hybrid clouds, private clouds.
Not everything fits into the cloud: Depending on the cloud provider, you may face
restrictions on available applications, operating systems, and infrastructure options.
Complicating matters more is the simple fact that not all platforms can live in the cloud.
To combat this, it is important to ensure that the cloud provider you choose also offers
physical services. Then if your platform in the cloud needs to speak to applications on
other platforms, this flexibility of physical collocation will work to ensure successful
interoperation.
Data location: Cloud computing technology allows cloud servers to reside anywhere,
thus the enterprise may not know the physical location of the server used to store and
process their data and applications. Although from the technology point of view, location
is least relevant, this has become a critical issue for data governance requirements. It is
essential to understand that many Cloud Service Providers (CSPs) can also specifically
define where data is to be located.
Data Safety: Application sharing and multi-tenancy of data is one of the characteristics
associated with cloud computing. Although many CSPs have multi-tenant applications
that are secure, scalable and customizable, security and privacy issues are still often
16
concerns among enterprises. Data encryption is another control that can assist data
confidentiality.
Cloud security policy / procedures transparency: Some CSPs may have less
transparency than others about their information security policy. The rationalization for
such difference is the policies may be proprietary. As a result, it may create conflict with
the enterprise’s information compliance requirement. The enterprise needs to have
detailed understanding of the service level agreements (SLAs) that stipulated the desired
level of security provided by the CSPs.
Cloud date ownership: In the contract agreements it may state that the CP owns the data
stored in the cloud computing environment. The CSP may demand for significant service
fees for data to be returned to the enterprise when the cloud computing SLAs terminates.
17