Cloud Computing Security: A New Class of Network-Based Computing

Cloud computing is a general term that describes a new class of network-based computing taking place over the Internet. It involves a collection of integrated hardware, software, and Internet infrastructure, providing services to clients with a simplified interface or API. The umbrella term encompasses Internet-based development and services with characteristics like remote hosting, ubiquitous access, and a utility computing model. Cloud architecture involves shared computing resources and on-demand network access. Security services ensure data confidentiality, integrity, and availability. Basic cloud characteristics include scalability, flexibility, and transparency to users and applications. Cloud systems can be built in various ways using clusters of servers and off-the-shelf components.

• Cloud Computing
• Security Services
• Network-Based
• Internet Infrastructure
• Scalability

amy_ley Follow

Uploaded on Mar 09, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Cloud Computing Security

2. What is Cloud Computing? Cloud Computing is a general term used to describe a new class of network based computing that takes place over the Internet, a collection/group of integrated and networked hardware, software and Internet infrastructure (called a platform). Using the Internet for communication and transport provides hardware, software and networking services to clients These platforms hide the complexity and details of the underlying infrastructure from users and applications by providing very simple graphical interface or API (Applications Programming Interface). 2

3. Cloud Summary Cloud computing is an umbrella term used to refer to Internet based development and services A number of characteristics define cloud data, applications services and infrastructure: Remotely hosted: Services or data are hosted on remote infrastructure. Ubiquitous: Services or data are available from anywhere. Commodified: The result is a utility computing model similar to traditional that of traditional utilities, like gas and electricity - you pay for what you would want! 3

4. Cloud Architecture 4

5. What is Cloud Computing APPLICATIO NS SERVICE S COMPUTER NETWORK STORAGE (DATABASE) SERVERS Shared pool of configurable computing resources On-demand network access 5 Provisioned by the Service Provider Adopted from: Effectively and Securely Using the Cloud Computing Paradigm by peter Mell, Tim Grance

6. Security Services Authorized to Know Confidentiality Data Has Not Been Tampered With Data Never Loss Machine Never Fail Availability Integrity 6

7. Basic Cloud Characteristics The no-need-to-know in terms of the underlying details of infrastructure, applications interface with the infrastructure via the APIs. The flexibility and elasticity allows these systems to scale up and down at will utilizing the resources of all kinds CPU, storage, server capacity, load balancing, and databases The pay as much as used and needed type of utility computing and the always on!, anywhere and any place type of network-based computing. 7

8. Basic Cloud Characteristics Cloud are transparent to users and applications, they can be built in multiple ways branded products, proprietary open source, hardware or software, or just off-the-shelf PCs. In general, they are built on clusters of PC servers and off- the-shelf components plus Open Source software combined with in-house applications and/or system software. 8

9. What is the purpose and benefits? Cloud computing enables companies and applications, which are system infrastructure dependent, to be infrastructure-less. By using the Cloud infrastructure on pay as used and on demand , all of us can save in capital and operational investment! Clients can: Put their data on the platform instead of on their own desktop PCs and/or on their own servers. They can put their applications on the cloud and use the servers within the cloud to do processing and data manipulations etc. 9

10. Cloud Service Models Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) SalesForce CRM LotusLive Google App Engine Amazon Web Services Dedicated Server, Managed Hosting Web Hosting from Rackspace 10 Adopted from: Effectively and Securely Using the Cloud Computing Paradigm by peter Mell, Tim Grance

11. Cloud Storage Several large Web companies are now exploiting the fact that they have data storage capacity that can be hired out to others. allows data stored remotely to be temporarily cached on desktop computers, mobile phones or other Internet-linked devices. Amazon s Elastic Compute Cloud (EC2) and Simple Storage Solution (S3) are well known examples Mechanical Turk 11

12. Cloud Security !! A major Concern Security concerns arising because both customer data and program are residing at Provider Premises. Security is always a major concern in Open System Architectures Customer Data Customer Customer Code Provider Premises 12

13. Why Cloud Computing brings new threats? Traditional system security mostly means keeping bad guys out The attacker needs to either compromise the auth/access control system, or impersonate existing users 13

14. Why Cloud Computing brings new threats? Cloud Security problems are coming from : Loss of control Lack of trust (mechanisms) Multi-tenancy These problems exist mainly in 3rd party management models Self-managed clouds still have security issues, but not related to above 14

15. Who is the attacker? Insider? Malicious employees at client Malicious employees at Cloud provider Cloud provider itself Outsider? Intruders Network attackers? 15

16. Challenges for the attacker How to find out where the target is located How to be co-located with the target in the same (physical) machine How to gather information about the target 16

17. Security Issues from Virtualization Virtualization providers provide is using- ParaVirtualization or full system virtualization. Instance Isolation:ensuring that Different instances running on the same physical machine are isolated from each other. Control of Administrator on Host O/s and Guest o/s. Current VMs do not offer perfect isolation: Many bugs have been found in all popular VMMs that allow to escape from VM! Virtual machine monitor should be root secure , meaning that no level of privilege within the virtualized guest environment permits interference with the host system. 17

18. Streamlined Security Analysis Process Identify Assets Which assets are we trying to protect? Identify Threats What other threats are there (natural disasters, etc.)? Identify Countermeasures How can we counter those attacks? 18

19. Failures in Provider Security Explanation Provider controls servers, network, etc. Customer must trust provider s security Failures may violate CIA principles Countermeasures Verify and monitor provider s security Notes Outside verification may suffice For SMB, provider security may exceed customer security 19

20. Perimeter Security Model 20

21. Perimeter Security with Cloud Computing? 21

22. Integrating Provider and Customer Security Threat Disconnected provider and customer security systems Fired employee retains access to cloud Misbehavior in cloud not reported to customer Countermeasures At least, integrate identity management Consistent access controls Better, integrate monitoring and notifications 22

23. What, When, How to Move to the Cloud Identify the asset(s) for cloud deployment Data Applications/Functions/Process Evaluate the asset Determine how important the data or function is to the organization 23

24. Evaluate the Asset How would we be harmed if The asset became widely public & widely distributed? An employee of our cloud provider accessed the asset? The process of function were manipulated by an outsider? The process or function failed to provide expected results? The info/data was unexpectedly changed? The asset were unavailable for a period of time? 24

25. Map Asset to Models 4 Cloud Models Public Private (internal, external) Community Hybrid 25

26. Cloud Domains Service contracts should address these 13 domains Architectural Framework Governance, Enterprise Risk Mgt Legal, e-Discovery Compliance & Audit Information Lifecycle Mgt Portability & Interoperability 26

27. Cloud Domains Security, Business Continuity, Disaster Recovery Data Center Operations Incident Response Issues Application Security Encryption & Key Mgt Identity & Access Mgt Virtualization 27

28. Minimize Lack of Trust Policy Language Certification Minimize Loss of Control Monitoring Utilizing different clouds Access control management Identity Management (IDM) Minimize Multi-tenancy Possible Solutions 28

29. Possible Solutions Loss of Control Take back control Data and apps may still need to be on the cloud But can they be managed in some way by the consumer? Lack of trust Increase trust (mechanisms) Technology Policy, regulation Contracts (incentives): topic of a future talk Multi-tenancy Private cloud Takes away the reasons to use a cloud in the first place Strong separation 29

30. Bottom Line on Cloud Computing Security Engage in full risk management process for each case For small and medium organizations Cloud security may be a big improvement! Cost savings may be large (economies of scale) For large organizations Already have large, secure data centers Main sweet spots: Elastic services Internet-facing services 30