Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UKEssays.com.
Cloud Computing are data and applications that are accessible through servers around the world (Clouds), and it can be reached at any time, from any device without installing that specific application to your computer. Data management within cloud involves extreme parallelization and distribution of data. Its goals are to provide quickness in which applications are deployed, increase the technology, and lower costs, all while increasing business agility. The different types of services including IaaS, PaaS, SaaS have been projected for cloud computing. But, consumers want effective and efficient security for their virtual machines. There is some cloud providers that offer security-as-a-service based on VM introspection that promise the best of both worlds: efficient centralization and effective protection. Since customers can move data and apps from one cloud to another, an effective solution requires learning what providers to work with and what they secure.
This report will provide detailed understanding of cloud computing and its major security issues. This will include the history of Cloud Computing, the models, its characteristics, deployment models, applications, advantages and disadvantages, security issues and other concerns.
This Report is organized the following:
Chapter 1: Introductions
Chapter 2: Defining Cloud Computing
Chapter 3: Cloud Security
Chapter 4: Conclusion/Future Research
“Clouds” is a metaphor for the Internet, the term “Cloud Computing” for computation over the Internet. It allows users to access resources database and Internet applications from anywhere as long as needed without worrying about maintenance or management of real resources. In addition, the databases in the cloud are very dynamic and evolving.
Cloud Computing is unlike grid computing, utility computing, or autonomic computing. In fact, it is a very independent platform in terms of computing. The best example of cloud computing if Google Apps where any application can be accessed using a browser and it can be deployed on thousands of computer through the internet. Most of the data is stored on local networks with servers that may be clustered and sharing storage. This approach has had time to be developed into stable architecture, and provide decent redundancy when deployed right. Pinal Dave.” Introduction to Cloud Computing Published” 10 Apr 2009
This new technology, cloud computing, requires the attention and it changes rapidly the direction of the technology. Whether it is Google’s file system or Microsoft Azure, it is clear that cloud computing has arrived with much to learn. In dealing with the abstract concept of the cloud, it is easy to misunderstand the structure and function.
Defining Cloud Computing
What is Cloud Computing?
Cloud computing is a type of computation over the Internet. It shares resources instead of using a software or hardware on a physical computer. Cloud computing can be software and infrastructure. And, it can improve collaboration, mobility, size and availability features.
It also improves cost reduction by offering a centralized platform for use when needed, and the reduction of energy consumption. Unlike grid computing, cloud computing can be hosted externally, but also internally, especially for companies who have businesses around the world.
Consumers will no longer have to download and install memory-hogging applications and software on their device and will instead have access to everything they need via the browser. With this model, most of the computing software will be rented on an as-needed basis rather than being bought as an expensive one-off purchase. “what is cloud computing and how to use it”. February 11, 2010
There are many definitions that try to answer the clouds of today’s point of view of developers, researchers, administrators, engineers and consumers. This report focuses on a definition that is specifically tailored to the unique perspectives of IT network and security professionals.
2.2. History of Cloud Computing
Originally, Cloud Computing was an unclear term for a vague and distant future in which computing would occur in a few remote locations without the need for very much human intervention. Infinite computing resources would be available for every need at prices approaching zero. Certainly, users would not care about how the computers, their software, or the network functioned.
The idea of an “intergalactic computer network” was introduced in the 60s by J.C.R. Licklider, who was responsible for enabling the development of ARPANET (Advanced Research Projects Agency Network) in 1969.
His vision was for everyone on the globe to be interconnected and accessing programs and data at any site, from anywhere, explained Margaret Lewis, product marketing director at AMD. “It is a vision that sounds a lot like what we are calling cloud computing.” “History of cloud computing” Computer Weekly (2009).
Computer scientist John McCarthy, who attributed the cloud concept, proposed the idea of computation being delivered as a public utility, similar to the service bureaus which date back to the 60s. Since the 60s, cloud computing has developed along a number of lines, with Web 2.0 being the most recent evolution. However, since the internet only started to offer significant bandwidth in the 90s, cloud computing for the masses has been something of a late developer.
In the past, the computers were connected from a larger computer. It was a common technique in industry. The technique enabled you to configure the computer to talk to each other with specially designed protocols to balance the computational load across machines. As a user you didn’t care about what CPU was running the program, and cluster management software ensured that the best CPU at that time was used to execute the code.
In the early 1990s Ian Foster and Carl Kesselman came up with a new concept of “The Grid”. The analogy used was of the electricity grid where users could plug into the grid and use a metered utility service. If companies don’t have their own powers stations, but rather access a third party electricity supply, why can’t the same apply to computing resources? Plug into a grid of computers and pay for what you use. Cloud Expo: Article A Brief History of Cloud Computing: Is the Cloud There Yet?” Paul Wallis August 22, 2008
One of the first milestones for cloud computing was the arrival of Salesforce.com in 1999, which pioneered the concept of delivering enterprise applications via a simple website. The services firm paved the way for both specialist and mainstream software firms to deliver applications over the internet. The next development was Amazon Web Services in 2002, which provided a suite of cloud-based services including storage, computation and even human intelligence through the Amazon Mechanical Turk. Then in 2006, Amazon launched its Elastic Compute cloud (EC2) as a commercial web service that allows small companies and individuals to rent computers on which to run their own computer applications. “Amazon EC2/S3 was the first widely accessible cloud computing infrastructure service,” said Jeremy Allaire, CEO of Brightcove, which provides its SaaS online video platform to UK TV stations and newspapers. “A history of cloud computing” Arif Mohamed Friday 27 March 2009
Another big milestone came in 2009, as Web 2.0 hit its stride, and Google and others started to offer browser-based enterprise applications, though services such as Google Apps.
Today, many companies are setting up data centers, sometimes as an extension of their own needs, sometimes only to serve customers. Originally, the idea of these clouds was to provide power and storage capacity. Everything else will be taken up by the customer. Now providers offer many services depending on the consumer needs.
2.3. SPI for Cloud Computing
“SPI”. This abbreviation stands for the three major services in the cloud. Software-as-a-Service, Platform-as-a-Service, and Infrastructure-as-a-Service.
2.4. Delivery Models
Infrastructure as a Service (IaaS)- Instead of wasting money on servers, software, hardware, racks..etc. the provider would resource the service. This will be on demand computing and whatever the amount is consumed that what the consumer will be charged. This service can be hosted or via VPS(virtual private servers)
Major Infrastructure Vendors – Below are companies that provide infrastructure services:
Google (GOOG) – Managed hosting, development environment
International Business Machines (IBM) – Managed hosting
SAVVIS (SVVS) – Managed hosting
Terremark Worldwide (TMRK) – Managed hosting
Amazon.com (AMZN) – Cloud storage
Rackspace Hosting (RAX) – Managed hosting & cloud computing
Cloud platform services (PaaS)- delivers a platform or a solution stack as a service. This makes the delivery of applications easier without the cost of hardware or software. Like Salesforce.com’s, which lets subscribers access their applications over the cloud. Amazon, Google, and Microsoft have also allow the users access their applications from centralized servers.
Software as a service (SaaS)- is software in the cloud. This deployment model is absolutely through the web browser. This eliminates the installation of applications on the consumer’s computer making it easy to access as simplifying maintenance and support.
Characteristic of SaaS:
Availability via a web browser
on demand availability
payment terms based on usage
minimal IT demands
2.5. Deployment Models
Private cloud- This is used only for organizations. Can be managed by the organization or to third parties and can exist on premise or off premise.
Community cloud- This is used by many organizations working together, and is compatible with a particular community, which shared the concerns (eg, mission, security requirements, policy and compliance). It can be managed by organizations or third parties and can exist on premise or off premise.
Public cloud- This is owned by cloud providers and is used by a larger organization or the general public.
Hybrid cloud- Cloud Infrastructure is composed of two or more clouds (private, community or the public), that remain unique entities, but are caused by a standardized or proprietary technology that enables data and applications.
2.6. Essential Characteristics What is Cloud Computing?
On-demand self-service- A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.
Broad network access- Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).
Resource pooling- The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that, the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). This includes storage, processing, memory, network bandwidth, and virtual machines.
Rapid elasticity- Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.
Measured Service- Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.
3.1. Pros and Cons
The main question is whether users are prepared to use the service from your local computer and are moving into the cloud because cloud computing has advantages and disadvantages to all potential users, but may have different meanings for different users.
Reduced Cost: Cloud technology is paid incrementally (you pay only for what you need), saving organizations money in the short run. Money saved can be used for other important resources.
Increased Storage: Companies can save more data than on servers.
Highly Automated: IT staff not needed to keep software up to date as maintenance is the job of the service provider on the cloud.
More Mobility: Employees can access information wherever they are.
Allows IT to Shift Focus: No longer having to worry about constant server updates and other computing issues, government organizations will be free to concentrate on innovation.
Security: standards depending on company and global location
Reliance on 3rd Party: Control over own data is lost in the hands of an “difficult-to-trust” provider
Cost of transition: Is it feasible for me to move from the existing architecture of my data center to the architecture of the cloud?
Uncertainty of benefits: Are there any long term benefits?
Today, customers are looking expand their on-premises infrastructure, but cannot afford the risk of compromising the security of their applications and data.
In this survey of IDC, security ranked first as the greatest challenge or issue in cloud computing.
Source: IDC Enterprise Panel
What is Cloud Security?
Security in the cloud, is not different than security control. But, because of the cloud models for contractual services, business models and technologies are used to cloud services, cloud computing different risks of a traditional organization of IT solutions can have. Cloud Computing is to lose control and accountability at the same time, but operational responsibility lies with one or more other parties.
Not all services are the same. This depends on the provider you choose. This picture below illustrates the issue in SaaS where the contracts are negotiable; service levels, privacy, and compliance are all issues to be dealt with legally in contracts. In an IaaS, the remainder of the stack is the responsibility of the costumer. PaaS offers a balance in between, where the provider is in charge of securing the platform, but securing the application developed against the platform and developing them securely, both belong to the consumer.
The technology has many advantages for employers. It is a simple solution that is cost effective, and can be updated easily and as quickly as the business grows, especially during peak sales. Many entrepreneurs do not do their homework when registering with a provider of cloud, and neglect to ask whether sensitive data can be isolated or not, or what layers of security is available.
Cloud Security Top Threats
According to CSA (Cloud Security Alliance) “The report, titled “Top Threats to Cloud Computing V1.0”, These are the following threats in cloud computing:
Abuse and Nefarious use of Cloud Computing: Attackers can find a way to upload malware to thousands of computers and use the power of the cloud infrastructure to attack other machines.â€¨â€¨
Insecure Application Programming Interfaces: The reuse and combination of existing code to rapidly build applications often sacrifices quality assurance for agility and quick turnaround, resulting in insecure APIs.
Malicious Insiders: One that gains in importance as many providers still don’t reveal how the hire people, how they grant them access to assets or how they monitor them. Transparency is, in this case, vital to a secure cloud offering, along with compliance reporting and breach notification.
Shared Technology Vulnerabilities: Sharing infrastructure is a way of life for IaaS providers. Unfortunately, the components on which this infrastructure is based were not designed for that. To ensure that customers don’t thread on each other’s “territory”, monitoring and strong compartmentalization is required, not to mention scanning for and patching of vulnerabilities that might jeopardize this coexistence.
Data Lose/Leakage: Using security control to protect the inside data in a company. This control is hard to apply to new environment. There is a lack of having the ability to monitor and control what is going on.
Accounting, Services and Traffic Hijacking: The cloud is vulnerable to hacking. Like being redirected to malicious sites.
Unknown risk profile: The customer are not well informed on where their applications are being reside, nor the configurations of the systems.
Access Control in the Cloud
In a traditional network, access control focuses on protecting from unauthorized users based on host-based attributes. Which sometimes is inadequate, this can cause inaccurate accounting. In the cloud, the access control works as a cloud firewall policy. This is by using rules using TCP/IP parameters, including the source of IP, the source port, the IP destination and the port destination. Unlike the network-based access control, the access should be strongly focused in the cloud by binding the user’s identity to the resource in the cloud and will help protect access control, data protection and users accounts.
ISO/IEC 27002 has defined six access control objectives that cover end user, privileged user, network, application, and information access control.
The objective is to ensure that the authorized user have access the right information and unauthorized users are prevented from accessing the systems. A procedure should take place and should cover all stages in the lifecycle of the user access, staring from the registration of the new user to the final step which is denying the user who will no longer need to access the information in the system.
The following are the six control statements:
â€¢ Control access to information.
â€¢ Manage user access rights.
â€¢ Encourage good access practices.
â€¢ Control access to network services.
â€¢ Control access to operating systems.
â€¢ Control access to applications and systems.
The reasons for this six control statements from the view of IT security, is providing access to information and applications to authorized users. The objective of this task is to provide the right users the right services, while preventing access to unauthorized users.
Cloud computing is increasingly popular. Industry leaders like Microsoft, Google and IBM, have been promoting cloud computing and have gain a lot of costumer. But the rest of the public that are still doing research on the topic are still doubting and afraid to migrate to the cloud.
There are still many questions left without any answer and the most important one is security. On the other hand, Cloud Computing is the most amazing technology that has happened recently. It is easy to use, cheaper, faster, and convenient. The question is whether the users are ready to move and if so, what providers to move to.
Security technology must be developed specifically for the protection of the business in the cloud. The technology has changed and security needs to keep up with it.
According to btsecurethinking.com, Breach Security is working with partners, such as Akamai, to provide web application security in the cloud. Example, when deployed with Akamai’s Web Application Firewall service, Breach’s WebDefend Global Event Manager is the first web application security management solution to defend against global application security threats by enabling customers to make distributed cloud and data center defense-in-depth architectures operational.
CSA and HP are still doing research on top threats and intended to alert businesses to current and future cloud computing risks.
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this essay and no longer wish to have your work published on the UKDiss.com website then please: