Security in Cloud

Computing

Presented by : Ahmed Alalawi

Outline

Introduction

Cloud Computing Components.

Security Issues.

Information Security requirements (ISR)

Policy Based and Layered Infrastructure Security :

Dynamic Infrastructure Security Model

Conclusion

Why we use Cloud Computing ?- Single point of control delivered over the web lets you

manage multiple layers of complex infrastructure .

- Support is just a call away . Real-time human tech. assistance will help you resolve your problem .

- Enterprise Grade Infrastructure-as-a –service system deliver unbeatable computing power.

- On-demand Compute ,Network and Storage components add storage capacity in minutes.

- Pay-as-you-use gives you choice and control over paying .

Cloud Computing Components

Cloud Computing is a class of the next generation highly scalable distributed computing

Cloud Computing Components :

Five Characteristics

Three Delivery Models

Three Deployment Models (Clouds Type)

Five Characteristics:

1. On – Demand self-service

2. Broad network access

3. Resource Pooling

4. Rapid elasticity

5. Measured Service

Three Delivery Models:

1. Infrastructure as a Service (IaaS).

2. Platform as a Service (PaaS).

3. Software as a Service (SaaS).

Types of Clouds:

1. Public Available to public

2. Private Available to particular group

3. Hybrid is composition of two or more clouds

Types of Clouds: Public Cloud

A public cloud is a model which allows users’ access to the cloud via interfaces mainstream web browsers.

Typically based on a pay-per-use model.

Public clouds are less secure than the other cloud models

Types of Clouds: Private Cloud

A private cloud is set up within an organization’s internal enterprise datacenter.

All the cloud resources and application are managed by the organization itself.

More secure than the Public cloud.

Types of Clouds: Hybrid Cloud

A hybrid cloud is a private cloud linked to one or more external cloud services, centrally managed, provisioned as a single unit.

It provides virtual IT solutions through a mix of both public and private clouds.

It Provides more secure control of the data and application and allows various parties to access information over the internet.

It has an open architecture that allows interfaces with other management systems.

Cloud Computing Delivery Models:

Infrastructure as a Service (IaaS)

Infrastructure as a Service is a single tenant cloud layer where the Cloud computing vendor’s dedicated resources are only shared with contacted clients at a pay-per-use fee.

Minimizes the need for huge investment in computing hardware such as servers, networking devices as processing power.

Cloud Computing Delivery Models:

Software as a Service (SaaS)

Software as a Service operates on the virtualized and pay-per-use costing model whereby software applications are leased out to contracted organization by specialized SaaS vendors.

SaaS applications are accessed using web browsers over the internet , therefore web security is very important .

SaaS providers may host the software in their own datacenters or may themselves be outsourced to IaaS providers.

Cloud Computing Delivery Models:

Platform as a Service (PaaS)

Platform as a service cloud layer works like IaaS but it provides an additional level of ‘rented’ functionality.

PaaS offerings facilitate deployment of application without the cost and complexity of buying and managing underlying hardware and software and provisioning hosting capabilities.

PrivateCloud

Public Cloud

SAAS (Software as a Service)

IAAS (Infrastructure as a Service)

PAAS (Platform as a Service)

HybridCloud

Security Issues Privileged access: Who has specialized/privileged access to data? Who decides about the hiring and management of such administrators?

Regulatory compliance: Is the could vender willing to undergo external audits and/or security certification?

Data location: Does the cloud vender allow for any control over the location of data?

Data segregation : Is encryption schemes designed and tested by experienced professionals ?

Continue Security Issues Recovery : What happens to data in the case of a disaster, and does the vendor offer complete restoration, and , if so, How long does that process take ?

Investigative Support : Does the vendor have the ability to investigate any inappropriate or illegal activity?

Long – term viability: What happens to data if the cloud vendor goes out of business, Is clients’ data returned and in what format?

Data Availability: Can the cloud vendor move all their clients’ data onto a different environment should the existing environment become compromised or unavailable ?

Information Security Requirements (ISR)

ISR

Identification &

Authentication

Authorization Confidentiality Integrity Non-repudiation Availability

ISR: Identification & Authentication

This process is targeting at verifying and validating individual cloud users by employing usernames and passwords protecting their cloud profile.

ISR: Authorization

Authorization is an important to ensure referential integrity is maintained.

Authorization is maintained by the system administrator in a Private Cloud.

ISR: Confidentiality

Confidentiality plays a major part in maintaining control over origination data situated across multiple distributed databases.

It is must when employing a Public Cloud due to public clouds accessibility nature.

ISR: Integrity

The Integrity requirements lies in applying the due diligence within the cloud domain mainly accessing data.

The ACID ( Atomicity, Consistency, Isolation and Durability) should be applied across all Cloud Computing Deliver Models.

ISR: Non-repudiation

Non-repudiation can be obtained by applying the traditional E-Commerce security protocols and token provisioning to data transmission with cloud applications.

ISR: Availability

Availability is the most critical ISR ,because it is a key decision factor when choosing between Public, Private or Hybrid Cloud as well as the delivery models.

Conclusion

It is clear that although the use of cloud computing has rapidly increased, cloud computing security still a major issue in the cloud computing environment

The area of Security on Cloud Computing still open area and there are many challenges in it.

Questions & Comments

Yildiz M, Abawajy J, Ercan T., Bernoth A., ALayered Security Approach for Cloud ComputingInfrastructure, ISPAN, pp.763-767, 10th InternationalSymposium on Pervasive Systems, Algorithms, andNetworks, 2009

Ramgovind, S. Eloff and M.M. Smith, E.,“The management of security in Cloud computing”, inInformation Security for South Asia (ISSA), 2010, pp. 1-7.

Chen, Jianyong; Wang, Yang; Wang, Xiaomin; , "On-Demand Security Architecture for Cloud Computing," Computer , vol.45, no.7, pp.73-78, July 2012doi: 10.1109/MC.2012.120

http://www.idc.com

http://www.netmagicsolutions.com

http://www.salesforce.com

http://www.katescomment.com/iaas-paas-saas-definition

http://en.wikipedia.org/wiki/Cloud_computing

http://aws.amazon.com/ec2

References