Uploaded by mango 786

2. Lec1

IS-851: Cloud Computing Security
Week 1: Cloud Definition
Feb 18, 2019
Slides prepared by:
Asst. Prof. Dr Shahzaib Tahir
What’s a Cloud
• “A large pool of easily usable and accessible virtualized
resources … dynamically allocated”
- Association of Computing Machinery
• “A model for enabling ubiquitous, convenient, on-demand
network access to a shared pool of configurable computing
• What about Security???
Common Qualities
Pool of resources
Billed consumption
Virtualized resources
Dynamically reconfigured
Guaranteed by the infrastructure provider
Founded on the SLA (Service Level Agreement)
Security goals have not changed
• Security is costly and often a secondary issue.
• Cloud prioritizes the goals as
• Cloud uses the concept of BYOE (Bring Your Own Encryption)
Business Drivers
• Capacity Planning
• Cost Reduction
• Organizational Agility
Capacity Planning Strategies
• Lead Strategy – adding capacity to an IT
resource in anticipation of demand.
• Lag Strategy – adding capacity when the IT
resource reaches its full capacity. (preventive)
• Match Strategy – adding IT resource capacity
in small increments, as demand increases.
Cost Reduction
• The cloud is an effort geared towards cost reduction
of operations:
• Common Costs include:
– Technical staff
– Upgrades/ patching costs
– Utility bills/ cooling costs
– Security/ access control costs
– Administrative staff for management
Organizational Agility
• Newer organizations need to reduce upfront costs to enable
growth of the enterprise.
• The ability to tailor needs according to resource demand is
required for success.
• Business changes dictate scaling of IT resources.
• Cloud provides a suitable backup plan for disaster planning
Essential Attributes of using the Cloud?
• Off-premise
• Simplified Management
• Elasticity
• Affordable Resources
• Flexible Billing
• Multi-tenancy
• Virtualization
• Service-level
• Service delivery
• Universal access
Cloud Attributes(1)
The service is hosted and delivered from a location
that belongs to a service provider. This usually has
two implications: the service is delivered over the
public Internet and the processing occurs outside
the company firewall.
Cloud Attributes(2)
The inherent scalability of the service provider is
made available to the end-user. The model goes
much further in providing an elastic provisioning
mechanism so that re-sources can be scaled both up
and down very rapidly as required.
Cloud Attributes(3)
Flexible Billing
Fine-grained metering or resource usage, combined
with on-demand service provisioning, facilitate a
number of options for charging customers. Fees can
be levied on a subscription basis or can be tied to
actual consumption, or reservation, of resources
Cloud Attributes(4)
Services are usually offered through an abstracted
infrastructure. They leverage various virtualization
mechanisms and achieve cost optimization through
Cloud Attributes(5)
Service Delivery
Functionality is available as a service of some form.
While there is great variance in the nature of these
services, typically the services offer programmatic
interfaces in addition to the user interfaces.
Cloud Attributes(6)
Universal Access
Cloud aims to ensure pooled resources are available
to anyone authorized to utilize them. At the same
time, location independence and high levels of
resilience allow for an always-connected user
Cloud Attributes(7)
Simplified management
Administration is simplified through automatic
provisioning to meet scalability requirements, user
self-service to expedite business processes and
programmatically accessible resources that facilitate
Cloud Attributes(8)
Affordable Resources
The cost of resources is reduced:
– No need for fixed purchases
– Economy of scale as service provider can
optimize cost with relation to demand
Cloud Attributes(9)
Multi tenancy
Resources are used by many organizations (tenants)
and include mechanisms to protect and isolate each
tenant from all others. Pooling resources across
customers is an important factor in achieving
scalability and cost savings.
Cloud Attributes(10)
Service Level Agreement
The cloud environment is governed by an SLA which
sets out the expectations of the user and the
responsibilities of the service provider.
Cloud Computing Services
Cloud is an amalgamation of heterogeneous services including:
• Communications as a Service
• Software as a Service
• Infrastructure as a Service
• Database as a Service
• Security as a Service
• Blockchain as a Service
• Storage as a Service
• Monitoring as a Service
• Platform as a Service
Cloud Services(1)
Communications as a Service
Communications as a service (CaaS) is a collection of
different vendor services that facilitate business
communications. Organizations may use these and
similar services to lower costs and increase
efficiency for business processes involving audio or
video telecommunications.
Cloud Services(2)
Infrastructure as a Service
Infrastructure as a service (IaaS) is a service model
that delivers computer infrastructure on an
outsourced basis to support enterprise operations.
Typically, IaaS provides hardware, storage, servers
and data center space or network components; it
may also include software. Infrastructure as a
service (IaaS) is also known as hardware as a service
Cloud Services(3)
Security as a Service
Security as a service (SecaaS or SaaS) is a cloud
computing model that delivers managed security
services over the internet. SecaaS is based on the
software as a service (SaaS) model but limited to
specialized information security services.
Cloud Services(4)
Storage as a Service
Storage as a service is a business model in which a
company leases or rents its storage infrastructure to
another company or individuals to store data. Small
companies and individuals often find this to be a
convenient methodology for managing backups,
and providing cost savings in personnel, hardware
and physical space.
A company providing may be called a storage
service provider (SSP). Storage as a service can also
be referred to as hosted storage.
Cloud Services(5)
Platform as a Service
Platform as a service (PaaS) is a concept that
describes a computing platform that is rented or
delivered as an integrated solution, solution stack or
service through an Internet connection.
The solution stack may be a set of components or
software subsystems used to develop a fully
functional product or service. More generically, the
solution stack may deliver an OS, middleware,
database or application.
Cloud Services(6)
Software as a Service
Software as a service (SaaS) is a model for the
distribution of software where customers access
software over the Internet. In SaaS, a service
provider hosts the application at its data center and
a customer accesses it via a standard web browser.
There are a few major characteristics that apply to
most SaaS vendors:
– Updates are applied automatically without
customer intervention.
– The service is purchased on a subscription basis.
– No hardware is required to be installed by the
SaaS is also known as hosted software or ondemand software.
Cloud Services(7)
Database as a Service
May be considered a subspecialty under the bigger
software as a service model umbrella. In essence,
DBaaS is a managed service offering access to a
database to be used with applications and their
related data. This is a more structured approach
compared to storage as a service, and at its core it is
really a software offering. In this model, payment
may be charged according to the capacity used as
well as the features and use of the database
administration tools.
Cloud Services(8)
Blockchain as a Service
Blockchain as a Service (BaaS) is an offering that
allows customers to leverage cloud-based solutions
to build, host and use their own blockchain apps,
smart contracts and functions on the blockchain
while the cloud-based service provider manages all
the necessary tasks and activities to keep the
infrastructure agile and operational.
Cloud Services(9)
Monitoring as a Service
MaaS offerings consist of multiple tools and
applications meant to monitor a certain aspect of an
application, server, system or any other IT
component. There is a need for proper data
collection, especially of the performance and realtime statistics of IT components, in order to make
proper and informed management possible.
Cloud Services – NIST
Most Common Classification: SPI (SaaS, PaaS, IaaS)
• Platform as a Service
• Infrastructure as a Service
• Software as a Service
Optimization – leverages multi-tenancy and massive scalability
Flexibility – accommodate individual constraints and custom functionality
Cloud Deployment Models
Public Cloud
• The service provider makes resources, such as storage and
application, obtainable to the general public over the Internet
or via web applications/web services.
• Public cloud services may be free or offered on a “pay-as-yougo” model.
• In public cloud hardware, application and bandwidth costs are
covered by the service provider so it is easy and inexpensive
set-up to the user.
• Using “pay-as-you-go” model it may save resource from
• Examples: Windows Azure Services Platform, Amazon Elastic
Compute Cloud (EC2).
Private Cloud
• The term “Private Cloud‟ is also referred to as internal cloud or
corporate cloud. Here the provider provides services to a
limited number of users behind a firewall or users access is
limited to mitigate the security risk.
• For proprietary computing architecture it could be a marketing
term where marketing media uses the words “private cloud”
to offer organization that needs more control over their data
than using a third-party hosted service.
• Amazon‟s Elastic Compute Cloud (EC2) or Simple Storage
Service (S3) is example of Private Cloud.
Community Cloud
• A community cloud can be recognized where a number of
organizations have comparable necessities and very willing to
share infrastructure so as to take in the benefits of cloud
• Here costs increase than a public cloud and sometimes can be
more expensive but may offer a higher level of privacy and
• “Azure Government” is a good example of community cloud
Hybrid Cloud
• A hybrid cloud environment is the combination of public and
private cloud where the infrastructure partially hosted inside
the organization and externally in a public cloud.
• For example, an organization might use Amazon Simple
Storage Service (Amazon S3) as public cloud service to record
their data but at the same time continue in-house storage for
instant access operational customer data.
• Hybrid storage clouds are often valuable for record keeping
and backup function.
Cloud Computing Challenges
• Performance
• Security and Privacy
• Control
• Bandwidth Cost
• Reliability
• Platform as a Service
• Infrastructure as a Service