Chapter 22: Cloud Computing and Related Security Issues
description
Transcript of Chapter 22: Cloud Computing and Related Security Issues
Chapter 22: Cloud Computing Chapter 22: Cloud Computing and Related Security Issuesand Related Security Issues
Guide to Computer Network Security
IntroductionIntroductionCloud computing - is a model for enabling ubiquitous, Cloud computing - is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of convenient, on-demand network access to a shared pool of configurable computing resources like networks, servers, configurable computing resources like networks, servers, storage, applications and services that can be rapidly storage, applications and services that can be rapidly provisioned and released with minimal management effort provisioned and released with minimal management effort or service provider interaction. or service provider interaction.
This computing model as shown in Figure 22.1, is composed This computing model as shown in Figure 22.1, is composed of a number of essential characteristics, three service of a number of essential characteristics, three service models, and four deployment models. models, and four deployment models.
Kizza - Guide to Computer Network Kizza - Guide to Computer Network SecuritySecurity
22
Cloud Computing Infrastructure Characteristics Cloud Computing Infrastructure Characteristics Traditionally data center computing models were mainly Traditionally data center computing models were mainly based on a client-server model architecture and design based on a client-server model architecture and design relying firmly a three-tier architecture design that included relying firmly a three-tier architecture design that included access, distribution and core switches connecting relatively access, distribution and core switches connecting relatively few clients and meeting limited client needsfew clients and meeting limited client needs
Today’s cloud services models is bursting with activities Today’s cloud services models is bursting with activities and services with distinctly new characteristics that are and services with distinctly new characteristics that are now on demand, elastic, and the service is fully managed now on demand, elastic, and the service is fully managed by the provider.by the provider.
Let us now briefly look at each one of these characteristics:Let us now briefly look at each one of these characteristics:– Ubiquitous network access. Ubiquitous network access. – Measured serviceMeasured service– On-demand self-serviceOn-demand self-service– Rapid elasticityRapid elasticity– Resource poolingResource pooling
Kizza - Guide to Computer Network Kizza - Guide to Computer Network SecuritySecurity
33
Cloud Computing Service Models Cloud Computing Service Models
Cloud Infrastructure as a Service (IaaS) – a process of providing Cloud Infrastructure as a Service (IaaS) – a process of providing the customer with the ability and capability to manage and the customer with the ability and capability to manage and control, via a web-based virtual server instance API, system control, via a web-based virtual server instance API, system resources such as starting, stopping, accessing and configuring resources such as starting, stopping, accessing and configuring the virtual servers, operating systems, applications, storage, the virtual servers, operating systems, applications, storage, processing and other fundamental computing resources.processing and other fundamental computing resources.
Platform as a Service (PaaS) - a set of software and product Platform as a Service (PaaS) - a set of software and product development tools hosted on the provider's infrastructure and development tools hosted on the provider's infrastructure and accessible to the customer via a web-based virtual server accessible to the customer via a web-based virtual server instance API. Through this instance, the customer can create instance API. Through this instance, the customer can create applications on the provider's platform over the Internetapplications on the provider's platform over the Internet
Software as a Service (SaaS) – a process of acquiring software Software as a Service (SaaS) – a process of acquiring software with no upfront license fee. All software applications are retained with no upfront license fee. All software applications are retained by the provider and the customer has access to all applications of by the provider and the customer has access to all applications of choice from the provider via various client devices through either choice from the provider via various client devices through either a thin client interface, such as a web browser, a web portal or a a thin client interface, such as a web browser, a web portal or a virtual server instance API. virtual server instance API.
Kizza - Guide to Computer Network Kizza - Guide to Computer Network SecuritySecurity
44
Cloud Computing Deployment ModelsCloud Computing Deployment Models
There are three cloud deployment models which are There are three cloud deployment models which are actually cloud types:actually cloud types:– Public clouds- provides access to computing resources Public clouds- provides access to computing resources
for the general public over the Internet allowing for the general public over the Internet allowing customers to self-provision resources typically via a web customers to self-provision resources typically via a web service interface on a pay-as-you-go basis. One of the service interface on a pay-as-you-go basis. One of the benefits of public clouds is to offer large pools of benefits of public clouds is to offer large pools of scalable resources on a temporary basis without the scalable resources on a temporary basis without the need for capital investment in infrastructure by the user.need for capital investment in infrastructure by the user.
– Private cloud - gives users immediate access to Private cloud - gives users immediate access to computing resources hosted within an organization's computing resources hosted within an organization's infrastructure and premises. infrastructure and premises.
– Hybrid cloud - combines the computing resources of Hybrid cloud - combines the computing resources of both the public and private clouds. both the public and private clouds.
Kizza - Guide to Computer Network Kizza - Guide to Computer Network SecuritySecurity
55
Virtualization and Cloud ComputingVirtualization and Cloud Computing
Virtualization is a fundamental feature in cloud computing. Virtualization is a fundamental feature in cloud computing. Virtualization allows applications from different customers Virtualization allows applications from different customers to run on different virtual machines; hence, providing to run on different virtual machines; hence, providing separation and protection.separation and protection.
Kizza - Guide to Computer Network Kizza - Guide to Computer Network SecuritySecurity
66
Benefits of Cloud ComputingBenefits of Cloud Computing
Automatic UpdatesAutomatic Updates
Reduced CostReduced Cost
Green Benefits of Cloud computing Green Benefits of Cloud computing
Remote AccessRemote Access
Disaster ReliefDisaster Relief
Self-service provisioning Self-service provisioning
ScalabilityScalability
Reliability and fault-tolerance Reliability and fault-tolerance
Ease of Use Ease of Use
Skills and Proficiency Skills and Proficiency
Response TimeResponse Time
MobilityMobility
Increased Storage Increased Storage
Kizza - Guide to Computer Network Kizza - Guide to Computer Network SecuritySecurity
77
Cloud Computing, Power Consumption and Cloud Computing, Power Consumption and Environmental IssuesEnvironmental Issues
TThere is a heated debate on-going pitting those claiming here is a heated debate on-going pitting those claiming that cloud computing is gobbling up resources as large that cloud computing is gobbling up resources as large cloud and social networking sites need daily megawatts of cloud and social networking sites need daily megawatts of power to feed insatiable computing needs and those who power to feed insatiable computing needs and those who claim that the computing model is indeed saving power claim that the computing model is indeed saving power from millions of servers left idling daily and consuming from millions of servers left idling daily and consuming more power. more power.
What is your opinion?What is your opinion?
Kizza - Guide to Computer Network Kizza - Guide to Computer Network SecuritySecurity
88
Cloud Computing Security, Reliability, Availability Cloud Computing Security, Reliability, Availability and Compliance Issuesand Compliance Issues
Cloud users normally “trust” cloud service providers with Cloud users normally “trust” cloud service providers with their data like they trust banks with their money.their data like they trust banks with their money.
This means that they expect the three issues of security, This means that they expect the three issues of security, availability and performance to be of little concern to them availability and performance to be of little concern to them as they are with their banks. This depends on:as they are with their banks. This depends on:– Cloud Computing Actors, Their Roles and ResponsibilitiesCloud Computing Actors, Their Roles and Responsibilities– Security of Data and Applications in the CloudSecurity of Data and Applications in the Cloud
Hypervisor SecurityHypervisor Security
Securing Load BalancersSecuring Load Balancers
Virtual Operating Systems SecurityVirtual Operating Systems Security
– Security of Data in Transition - Cloud Security Best PracticesSecurity of Data in Transition - Cloud Security Best PracticesService Level Agreements (SLAs)Service Level Agreements (SLAs)
Data Encryption Data Encryption
Web Access Points Security Web Access Points Security
ComplianceCompliance
Kizza - Guide to Computer Network Kizza - Guide to Computer Network SecuritySecurity
99