This document discusses cloud computing service models and current concerns and challenges with cloud computing. It describes three main service models:
1) Software as a Service (SaaS) which provides software through online access rather than local installation.
2) Infrastructure as a Service (IaaS) which provides virtual computing resources like servers and storage.
3) Platform as a Service (PaaS) which provides a platform to develop, run, and manage applications without complex infrastructure configuration.
Current concerns discussed include security issues like data theft, legal issues around data location and responsibility, and decreased flexibility from dependency on cloud providers. The document outlines some security measures used and challenges around co-existence of multiple cloud systems
2. Cloud Service Models
• Software as a Service (SaaS)
– It is a software product that is provided to you when you logon to the
cloud
– These services are meant to be accessible to everyone with a
computer and an internet provider – Unless you have dialup.
– It is used for creating, storing, accessing, and manipulating your files
from any internet connection.
– Some examples are: Boise State Gmail, Google Docs, or any other
application you access exclusively through the internet.
3. Cloud Service Models
• Infrastructure as a Service (IaaS)
– It is a computer/s that exist on the cloud.
– It is used for adding virtual machines to a network or for the
capacity to expand and contract dynamically as you need it.
– As a user, my computer becomes nothing but the means to
access another more powerful computer.
• Do NOT need corporate software installed on the company
PC!
• Do NOT need a specific operating system!
4. Cloud Service Models
• Platform as a Service (PaaS)
– Like IaaS, PaaS is geared towards providing a platform on which a
developer may develop, publish, and maintain their source code.
– It can be defined as an IaaS that will connect to a PC instead of the
other way around.
– Think, email that is pushed to your phone and not pulled.
6. Current Concerns and Challenges
• Security
• Dependency
• Legal Issues
• Decreased flexibility
7. Security
Security of Cloud Computing refers to policies, technologies and controls deployed
to protect data, application and the associated infrastructure.
Security and Privacy
Security Issues faced by Cloud providers Security Issues faced by Cloud customers
• Data Loss / Data theft • Data/ Service Access
• System Boundaries • Data confidentiality
8. Traditional System Cloud Architecture
architecture
App App
Server Server
virtualization
port
Network Network
9. Mobility
App App App
Server Server 1 Server 2
virtualization virtualization
port
Network Network Network
Do they share same
policy/security
layer?
10. Are they
interacting?
Co-existence
App 1 App 2 App 1 App 2
Server 1 Server 2 Server 1
virtualization
port port
Network Network Network
11. Multiple Level Security
Datacenter facility security Operating systems and application level
• Physical controls • Directory Federation (SAML)
• Access controls • Access control and monitoring
• Video surveillance • Anti malware and anti-Spam
• Background checks • Patch and configuration management
• Secure engineering.
Network Level Data Level
• Edge routers • Access control lists
• Multiple-layer firewalls • User level access and authorization.
• Intrusion detection • Field and data integrity.
• Vulnerability scanning
• Encryption
12. Dependency (loss of control)
• No or little insight in CSP contingency procedures. Especially backup, restore and
disaster recovery.
• No easy migration to an other CSP.
• Measurement of resource usage and end user activities lies in the hands of the
CSP
• Tied to the financial health of another Company.
• Quality problems with CSP(Cloud Service Providers).
• No influence on maintenance levels and fix frequency when using cloud services
from a CSP
13. Legal and Contractual issues around
Cloud Computing
Few important legal issues that must be taken care before signing up with the CSP:
1. Physical Location of data:
• Customer should know actual physical location of their data.
• In case of dispute arises between vendor and customer which country’s court
system will settle the conflict? (e.g. customer is in China and vendor is in US.)
2. Responsibility of your data:
• What if data center is hit by a disaster?
• Is there any liability coverage for breach of data?
• What can be done if data center gets hacked?
3. Intellectual Property Rights:
• Is your data protected under the intellectual property rights?
• Third party access
DataLoss / Data theftData may get lost because of facts like equipments/software failures or stolen by hackers because of shared resource nature of Cloud. The providers must make efforts to overcome such problems as they may loose trust of their clientsSystem BoundariesDue to virtual nature of cloud, there is no specific system boundary. Resources are shared across clouds and so any data transferred should be properly encrypted using proper encryption algorithms and SSL-encrypted communication based on sensitivity of dataData ConfidentialityDue to virtual nature of cloud, one cannot be sure where the data or/and application are physically located and what is the protective mechanism in that place. The existence of a “super user” in the enterprise providing cloud computing services to carry out the management and maintenance of data, is a serious threat to user privacy.Data AccessPredictable access to their data and application at all times and conditions.Failure management and recovery
The traditional architecture has a server connected to a network on which application resides.So you have only a single access point for the network into the server. In contrast the cloud environment resides on a virtualization framework. So the network now goes into theVirtualization layer. Thus you have more than one access points and environment to manage. This includes managing network switching policies, firewall policies and access policies.
1. In a traditional system architecture we have an appln running on one particular server2. Now in a cloud there are multiple servers and the application migrates from one server to another for load balancing, failure recovery etc.3. This migration is not guaranteed to be in the same data center/server farm .4. There is always a question if the new location shares the same security policies on each of the layers is not exposed to any specific vulnerability.
1. In a typical system, the user had the control to separate applications completely and make them run separately on servers .2. Thus a nice isolation layer can be created between them using firewall or any other hardware features.3. In a cloud, we may have multiple applications running on same server. 4. We cannot guarantee if the two applications may interact. For all we know one app may be snooping traffic /data of another application?Hence It’s a challenge to maintain the isolation between the applications and scale it on multiple physical servers with mobility
To handle the above security challenges following levels of security should be applied.
In Cloud architecture data is stored at the CSP’s side. So we have mentioned Dependencies:No or little knowledge of the way the backup or restore of data is done.No easy migrations to an other CSP.In cloud architecture you only pay for what you use. So measurement of resource usage lies in hands of the CSP.Tied to the financial health of CSP.Quality problems with CSP. (e.g. CSP might use cheap disk drives etc)No influence on data maintenance.
Customer should know the physical location of their data so as to be clear of the provisions of prevailing law in particular nation.Same as screenWill the Insurance company compensate for loss of your business?Same as screenThough all the CSP’s try their best to provide data security, no security is assumed to be full proof. So if data centre is hacked can you move against vendor/CSP.What means do you have if data gets infringed.The customer must always be notified when vendors provide third party access to customers stored data, whether it is a legal authority or internal employee.