Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security Introduction Cloud computing - is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources like networks, servers, storage, applications and services that can be rapidly provisioned and released with minimal management effort or service provider interaction. This computing model as shown in Figure 22.1, is composed of a number of essential characteristics, three service models, and four deployment models. Kizza - Guide to Computer Network Security 2 Cloud Computing Infrastructure Characteristics Traditionally data center computing models were mainly based on a client-server model architecture and design relying firmly a three-tier architecture design that included access, distribution and core switches connecting relatively few clients and meeting limited client needs Today’s cloud services models is bursting with activities and services with distinctly new characteristics that are now on demand, elastic, and the service is fully managed by the provider. Let us now briefly look at each one of these characteristics: – – – – – Ubiquitous network access. Measured service On-demand self-service Rapid elasticity Resource pooling Kizza - Guide to Computer Network Security 3 Cloud Computing Service Models Cloud Infrastructure as a Service (IaaS) – a process of providing the customer with the ability and capability to manage and control, via a web-based virtual server instance API, system resources such as starting, stopping, accessing and configuring the virtual servers, operating systems, applications, storage, processing and other fundamental computing resources. Platform as a Service (PaaS) - a set of software and product development tools hosted on the provider's infrastructure and accessible to the customer via a web-based virtual server instance API. Through this instance, the customer can create applications on the provider's platform over the Internet Software as a Service (SaaS) – a process of acquiring software with no upfront license fee. All software applications are retained by the provider and the customer has access to all applications of choice from the provider via various client devices through either a thin client interface, such as a web browser, a web portal or a virtual server instance API. Kizza - Guide to Computer Network Security 4 Cloud Computing Deployment Models There are three cloud deployment models which are actually cloud types: – Public clouds- provides access to computing resources for the general public over the Internet allowing customers to self-provision resources typically via a web service interface on a pay-as-you-go basis. One of the benefits of public clouds is to offer large pools of scalable resources on a temporary basis without the need for capital investment in infrastructure by the user. – Private cloud - gives users immediate access to computing resources hosted within an organization's infrastructure and premises. – Hybrid cloud - combines the computing resources of both the public and private clouds. Kizza - Guide to Computer Network Security 5 Virtualization and Cloud Computing Virtualization is a fundamental feature in cloud computing. Virtualization allows applications from different customers to run on different virtual machines; hence, providing separation and protection. Kizza - Guide to Computer Network Security 6 Benefits of Cloud Computing Automatic Updates Reduced Cost Green Benefits of Cloud computing Remote Access Disaster Relief Self-service provisioning Scalability Reliability and fault-tolerance Ease of Use Skills and Proficiency Response Time Mobility Increased Storage Kizza - Guide to Computer Network Security 7 Cloud Computing, Power Consumption and Environmental Issues There is a heated debate on-going pitting those claiming that cloud computing is gobbling up resources as large cloud and social networking sites need daily megawatts of power to feed insatiable computing needs and those who claim that the computing model is indeed saving power from millions of servers left idling daily and consuming more power. What is your opinion? Kizza - Guide to Computer Network Security 8 Cloud Computing Security, Reliability, Availability and Compliance Issues Cloud users normally “trust” cloud service providers with their data like they trust banks with their money. This means that they expect the three issues of security, availability and performance to be of little concern to them as they are with their banks. This depends on: – Cloud Computing Actors, Their Roles and Responsibilities – Security of Data and Applications in the Cloud Hypervisor Security Securing Load Balancers Virtual Operating Systems Security – Security of Data in Transition - Cloud Security Best Practices Service Level Agreements (SLAs) Data Encryption Web Access Points Security Compliance Kizza - Guide to Computer Network Security 9