Chapter 22

advertisement
Chapter 22: Cloud Computing
and Related Security Issues
Guide to Computer Network Security
Introduction
Cloud computing - is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool of
configurable computing resources like networks, servers,
storage, applications and services that can be rapidly
provisioned and released with minimal management effort
or service provider interaction.
This computing model as shown in Figure 22.1, is
composed of a number of essential characteristics, three
service models, and four deployment models.
Kizza - Guide to Computer Network
Security
2
Cloud Computing Infrastructure Characteristics
Traditionally data center computing models were mainly
based on a client-server model architecture and design
relying firmly a three-tier architecture design that included
access, distribution and core switches connecting relatively
few clients and meeting limited client needs
Today’s cloud services models is bursting with activities and
services with distinctly new characteristics that are now on
demand, elastic, and the service is fully managed by the
provider.
Let us now briefly look at each one of these characteristics:
–
–
–
–
–
Ubiquitous network access.
Measured service
On-demand self-service
Rapid elasticity
Resource pooling
Kizza - Guide to Computer Network
Security
3
Cloud Computing Service Models
Cloud Infrastructure as a Service (IaaS) – a process of providing
the customer with the ability and capability to manage and
control, via a web-based virtual server instance API, system
resources such as starting, stopping, accessing and configuring
the virtual servers, operating systems, applications, storage,
processing and other fundamental computing resources.
Platform as a Service (PaaS) - a set of software and product
development tools hosted on the provider's infrastructure and
accessible to the customer via a web-based virtual server
instance API. Through this instance, the customer can create
applications on the provider's platform over the Internet
Software as a Service (SaaS) – a process of acquiring software
with no upfront license fee. All software applications are retained
by the provider and the customer has access to all applications of
choice from the provider via various client devices through either
a thin client interface, such as a web browser, a web portal or a
virtual server instance API.
Kizza - Guide to Computer Network
Security
4
Cloud Computing Deployment Models
There are three cloud deployment models which are
actually cloud types:
– Public clouds- provides access to computing resources
for the general public over the Internet allowing
customers to self-provision resources typically via a web
service interface on a pay-as-you-go basis. One of the
benefits of public clouds is to offer large pools of
scalable resources on a temporary basis without the
need for capital investment in infrastructure by the user.
– Private cloud - gives users immediate access to
computing resources hosted within an organization's
infrastructure and premises.
– Hybrid cloud - combines the computing resources of
both the public and private clouds.
Kizza - Guide to Computer Network
Security
5
Virtualization and Cloud Computing
Virtualization is a fundamental feature in cloud computing.
Virtualization allows applications from different customers
to run on different virtual machines; hence, providing
separation and protection.
Kizza - Guide to Computer Network
Security
6
Benefits of Cloud Computing
Automatic Updates
Reduced Cost
Green Benefits of Cloud computing
Remote Access
Disaster Relief
Self-service provisioning
Scalability
Reliability and fault-tolerance
Ease of Use
Skills and Proficiency
Response Time
Mobility
Increased Storage
Kizza - Guide to Computer Network
Security
7
Cloud Computing, Power Consumption and
Environmental Issues
There is a heated debate on-going
pitting those claiming
that cloud computing is gobbling up resources as large
cloud and social networking sites need daily megawatts of
power to feed insatiable computing needs and those who
claim that the computing model is indeed saving power
from millions of servers left idling daily and consuming
more power.
What is your opinion?
Kizza - Guide to Computer Network
Security
8
Cloud Computing Security, Reliability, Availability
and Compliance Issues
Cloud users normally “trust” cloud service providers with
their data like they trust banks with their money.
This means that they expect the three issues of security,
availability and performance to be of little concern to them
as they are with their banks. This depends on:
– Cloud Computing Actors, Their Roles and Responsibilities
– Security of Data and Applications in the Cloud
Hypervisor Security
Securing Load Balancers
Virtual Operating Systems Security
– Security of Data in Transition - Cloud Security Best Practices
Service Level Agreements (SLAs)
Data Encryption
Web Access Points Security
Compliance
Kizza - Guide to Computer Network
Security
9
Download