IS-851: Cloud Computing Security Week 1: Cloud Definition Feb 18, 2019 Slides prepared by: Asst. Prof. Dr Shahzaib Tahir MCS, NUST What’s a Cloud • “A large pool of easily usable and accessible virtualized resources … dynamically allocated” - Association of Computing Machinery • “A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources” - NIST • What about Security??? Common Qualities • • • • • • • Pool of resources Billed consumption Virtualized resources Dynamically reconfigured Scalable Guaranteed by the infrastructure provider Founded on the SLA (Service Level Agreement) Security goals have not changed Confidentiality Availability Integrity • Security is costly and often a secondary issue. • Cloud prioritizes the goals as Availability>Integrity>Confidentiality • Cloud uses the concept of BYOE (Bring Your Own Encryption) Business Drivers • Capacity Planning • Cost Reduction • Organizational Agility Capacity Planning Strategies • Lead Strategy – adding capacity to an IT resource in anticipation of demand. (predictive) • Lag Strategy – adding capacity when the IT resource reaches its full capacity. (preventive) • Match Strategy – adding IT resource capacity in small increments, as demand increases. (incremental) Cost Reduction • The cloud is an effort geared towards cost reduction of operations: • Common Costs include: – Technical staff – Upgrades/ patching costs – Utility bills/ cooling costs – Security/ access control costs – Administrative staff for management Organizational Agility • Newer organizations need to reduce upfront costs to enable growth of the enterprise. • The ability to tailor needs according to resource demand is required for success. • Business changes dictate scaling of IT resources. • Cloud provides a suitable backup plan for disaster planning roles. Essential Attributes of using the Cloud? • Off-premise • Simplified Management • Elasticity • Affordable Resources • Flexible Billing • Multi-tenancy • Virtualization • Service-level • Service delivery • Universal access management/Agreement Cloud Attributes(1) Off-premise The service is hosted and delivered from a location that belongs to a service provider. This usually has two implications: the service is delivered over the public Internet and the processing occurs outside the company firewall. Cloud Attributes(2) Elasticity The inherent scalability of the service provider is made available to the end-user. The model goes much further in providing an elastic provisioning mechanism so that re-sources can be scaled both up and down very rapidly as required. Cloud Attributes(3) Flexible Billing Fine-grained metering or resource usage, combined with on-demand service provisioning, facilitate a number of options for charging customers. Fees can be levied on a subscription basis or can be tied to actual consumption, or reservation, of resources Cloud Attributes(4) Virtualization Services are usually offered through an abstracted infrastructure. They leverage various virtualization mechanisms and achieve cost optimization through multi-tenancy Cloud Attributes(5) Service Delivery Functionality is available as a service of some form. While there is great variance in the nature of these services, typically the services offer programmatic interfaces in addition to the user interfaces. Cloud Attributes(6) Universal Access Cloud aims to ensure pooled resources are available to anyone authorized to utilize them. At the same time, location independence and high levels of resilience allow for an always-connected user experience. Cloud Attributes(7) Simplified management Administration is simplified through automatic provisioning to meet scalability requirements, user self-service to expedite business processes and programmatically accessible resources that facilitate integration into enterprise management frameworks. Cloud Attributes(8) Affordable Resources The cost of resources is reduced: – No need for fixed purchases – Economy of scale as service provider can optimize cost with relation to demand Cloud Attributes(9) Multi tenancy Resources are used by many organizations (tenants) and include mechanisms to protect and isolate each tenant from all others. Pooling resources across customers is an important factor in achieving scalability and cost savings. Cloud Attributes(10) Service Level Agreement The cloud environment is governed by an SLA which sets out the expectations of the user and the responsibilities of the service provider. Cloud Computing Services Cloud is an amalgamation of heterogeneous services including: • Communications as a Service • Software as a Service • Infrastructure as a Service • Database as a Service • Security as a Service • Blockchain as a Service • Storage as a Service • Monitoring as a Service • Platform as a Service Cloud Services(1) Communications as a Service Communications as a service (CaaS) is a collection of different vendor services that facilitate business communications. Organizations may use these and similar services to lower costs and increase efficiency for business processes involving audio or video telecommunications. Cloud Services(2) Infrastructure as a Service Infrastructure as a service (IaaS) is a service model that delivers computer infrastructure on an outsourced basis to support enterprise operations. Typically, IaaS provides hardware, storage, servers and data center space or network components; it may also include software. Infrastructure as a service (IaaS) is also known as hardware as a service (HaaS). Cloud Services(3) Security as a Service Security as a service (SecaaS or SaaS) is a cloud computing model that delivers managed security services over the internet. SecaaS is based on the software as a service (SaaS) model but limited to specialized information security services. Cloud Services(4) Storage as a Service Storage as a service is a business model in which a company leases or rents its storage infrastructure to another company or individuals to store data. Small companies and individuals often find this to be a convenient methodology for managing backups, and providing cost savings in personnel, hardware and physical space. A company providing may be called a storage service provider (SSP). Storage as a service can also be referred to as hosted storage. Cloud Services(5) Platform as a Service Platform as a service (PaaS) is a concept that describes a computing platform that is rented or delivered as an integrated solution, solution stack or service through an Internet connection. The solution stack may be a set of components or software subsystems used to develop a fully functional product or service. More generically, the solution stack may deliver an OS, middleware, database or application. Cloud Services(6) Software as a Service Software as a service (SaaS) is a model for the distribution of software where customers access software over the Internet. In SaaS, a service provider hosts the application at its data center and a customer accesses it via a standard web browser. There are a few major characteristics that apply to most SaaS vendors: – Updates are applied automatically without customer intervention. – The service is purchased on a subscription basis. – No hardware is required to be installed by the customer SaaS is also known as hosted software or ondemand software. Cloud Services(7) Database as a Service May be considered a subspecialty under the bigger software as a service model umbrella. In essence, DBaaS is a managed service offering access to a database to be used with applications and their related data. This is a more structured approach compared to storage as a service, and at its core it is really a software offering. In this model, payment may be charged according to the capacity used as well as the features and use of the database administration tools. Cloud Services(8) Blockchain as a Service Blockchain as a Service (BaaS) is an offering that allows customers to leverage cloud-based solutions to build, host and use their own blockchain apps, smart contracts and functions on the blockchain while the cloud-based service provider manages all the necessary tasks and activities to keep the infrastructure agile and operational. Cloud Services(9) Monitoring as a Service MaaS offerings consist of multiple tools and applications meant to monitor a certain aspect of an application, server, system or any other IT component. There is a need for proper data collection, especially of the performance and realtime statistics of IT components, in order to make proper and informed management possible. Cloud Services – NIST Most Common Classification: SPI (SaaS, PaaS, IaaS) • Platform as a Service • Infrastructure as a Service Optimization • Software as a Service SaaS PaaS IaaS Flexibility Optimization – leverages multi-tenancy and massive scalability Flexibility – accommodate individual constraints and custom functionality Cloud Deployment Models Public Cloud • The service provider makes resources, such as storage and application, obtainable to the general public over the Internet or via web applications/web services. • Public cloud services may be free or offered on a “pay-as-yougo” model. • In public cloud hardware, application and bandwidth costs are covered by the service provider so it is easy and inexpensive set-up to the user. • Using “pay-as-you-go” model it may save resource from wasting. • Examples: Windows Azure Services Platform, Amazon Elastic Compute Cloud (EC2). Private Cloud • The term “Private Cloud‟ is also referred to as internal cloud or corporate cloud. Here the provider provides services to a limited number of users behind a firewall or users access is limited to mitigate the security risk. • For proprietary computing architecture it could be a marketing term where marketing media uses the words “private cloud” to offer organization that needs more control over their data than using a third-party hosted service. • Amazon‟s Elastic Compute Cloud (EC2) or Simple Storage Service (S3) is example of Private Cloud. Community Cloud • A community cloud can be recognized where a number of organizations have comparable necessities and very willing to share infrastructure so as to take in the benefits of cloud computing. • Here costs increase than a public cloud and sometimes can be more expensive but may offer a higher level of privacy and security. • “Azure Government” is a good example of community cloud Hybrid Cloud • A hybrid cloud environment is the combination of public and private cloud where the infrastructure partially hosted inside the organization and externally in a public cloud. • For example, an organization might use Amazon Simple Storage Service (Amazon S3) as public cloud service to record their data but at the same time continue in-house storage for instant access operational customer data. • Hybrid storage clouds are often valuable for record keeping and backup function. Cloud Computing Challenges • Performance • Security and Privacy • Control • Bandwidth Cost • Reliability • Platform as a Service • Infrastructure as a Service