File Name: cloud computing and security .zip
- Cloud computing security
- Cloud Computing SECURITY [PDF]
- Elements of Cloud Computing Security
- CLOUD COMPUTING SECURITY ISSUES
To browse Academia.
Cloud computing security
Cloud computing is a model that enables convenient, on-demand network access to a shared pool of configurable computing resources such as networks, servers, storage, applications that can be rapidly provisioned and released with minimal management effort or service provider's interaction.
In general cloud providers offer three types of services i. There are various reasons for organizations to move towards IT solutions that include cloud computing as they are just required to pay for the resources on consumption basis. In addition, organizations can easily meet the needs of rapidly changing markets to ensure that they are always on the leading edge for their consumers . Cloud computing appeared as a business necessity, being animated by the idea of just using the infrastructure without managing it.
Although initially this idea was present only in the academic area, recently, it was transposed into industry by companies like Microsoft, Amazon, Google, Yahoo! This makes it possible for new startups to enter the market easier, since the cost of the infrastructure is greatly diminished.
This allows developers to concentrate on the business value rather on the starting budget. The clients of commercial clouds rent computing power virtual machines or storage space virtual space dynamically, according to the needs of their business. With the exploit of this technology, users can access heavy applications via lightweight portable devices such as mobile phones, PCs and PDAs. Clouds are the new trend in the evolution of the distributed systems, the predecessor of cloud being the grid.
The user does not require knowledge or expertise to control the infrastructure of clouds; it provides only abstraction. It can be utilized as a service of an Internet with high scalability, higher throughput, quality of service and high computing power.
Cloud computing providers deliver common online business applications which are accessed from servers through web browser . This makes the customer to get rid of installing and operating the application on own computer and also eliminates the tremendous load of software maintenance; continuing operation, safeguarding and support .
SaaS features a complete application offered as a service on demand. Examples of SaaS includes: Salesforce. Platform as a Service PaaS : "PaaS is the delivery of a computing platform and solution stack as a service without software downloads or installation for developers, IT managers or end-users.
It provides an infrastructure with a high level of integration in order to implement and test cloud applications. The user does not manage the infrastructure including network, servers, operating systems and storage , but he controls deployed applications and, possibly, their configurations. Examples of PaaS includes: Force. Infrastructure as a Service IaaS : Infrastructure as a service IaaS refers to the sharing of hardware resources for executing services using Virtualization technology.
Its main objective is to make resources such as servers, network and storage more readily accessible by applications and operating systems. Thus, it offers basic infrastructure on-demand services and using Application Programming Interface API for interactions with hosts, switches, and routers, and the capability of adding new equipment in a simple and transparent manner. In general, the user does not manage the underlying hardware in the cloud infrastructure, but he controls the operating systems, storage and deployed applications.
The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis. There are also four different cloud deployment models namely Private cloud, Public cloud, Hybrid cloud and Community cloud. Details about the models are given below. Private cloud: Private cloud can be owned or leased and managed by the organization or a third party and exist at onpremises or off-premises. It is more expensive and secure when compared to public cloud.
In private cloud there are no additional security regulations, legal requirements or bandwidth limitations that can be present in a public cloud environment, by using a private cloud, the cloud service providers and the clients have optimized control of the infrastructure and improved security, since user's access and the networks used are restricted.
One of the best examples of a private cloud is Eucalyptus Systems . Public Cloud: A cloud infrastructure is provided to many customers and is managed by a third party and exist beyond the company firewall. Multiple enterprises can work on the infrastructure provided, at the same time and users can dynamically provision resources. These clouds are fully hosted and managed by the cloud provider and fully responsibilities of installation, management, provisioning, and maintenance.
Customers are only charged for the resources they use, so under-utilization is eliminated. Since consumers have little control over the infrastructure, processes requiring powerful security and regulatory compliance are not always a good fit for public clouds. In this model, no access restrictions can be applied and no authorization and authentication techniques can be used.
Public cloud providers such as Google or Amazon offer an access control to their clients. Hybrid Cloud: A composition of two or more cloud deployment models, linked in a way that data transfer takes place between them without affecting each other. These clouds would typically be created by the enterprise and management responsibilities would be split between the enterprise and the cloud provider. In this model, a company can outline the goals and needs of services .
A well-constructed hybrid cloud can be useful for providing secure services such as receiving customer payments, as well as those that are secondary to the business, such as employee payroll processing.
The major drawback to the hybrid cloud is the difficulty in effectively creating and governing such a solution. Services from different sources must be obtained and provisioned as if they originated from a single location, and interactions between private and public components can make the implementation even more complicated.
These can be private, community or public clouds which are linked by a proprietary or standard technology that provides portability of data and applications among the composing clouds. Community Cloud: Infrastructure shared by several organizations for a shared cause and may be managed by them or a third party service provider and rarely offered cloud model.
These clouds are normally based on an agreement between related business organizations such as banking or educational organizations. A cloud environment operating according to this model may exist locally or remotely. An example of a Community Cloud includes Facebook which is showing in figure 1. Cloud computing entitiesCloud providers and consumers are the two main entities in the business market.
But, service brokers and resellers are the two more emerging service level entities in the Cloud world. These are discussed as follows Cloud Providers: Includes Internet service providers, telecommunications companies, and large business process outsourcers that provide either the media Internet connections or infrastructure hosted data centers that enable consumers to access cloud services. Service providers may also include systems integrators that build and support data centers hosting private clouds and they offer different services e.
Cloud Service Brokers: Includes technology consultants, business professional service organizations, registered brokers and agents, and influencers that help guide consumers in the selection of cloud computing solutions. Service brokers concentrate on the negotiation of the relationships between consumers and providers without owning or managing the whole Cloud infrastructure. Moreover, they add extra services on top of a Cloud provider's infrastructure to make up the user's Cloud environment.
Cloud Resellers: Resellers can become an important factor of the Cloud market when the Cloud providers will expand their business across continents. Cloud providers may choose local IT consultancy firms or resellers of their existing products to act as "resellers" for their Cloud-based products in a particular region.
Cloud Consumers: End users belong to the category of Cloud consumers. However, also Cloud service brokers and resellers can belong to this category as soon as they are customers of another Cloud provider, broker or reseller. In the next section, key benefits of and possible threats and risks for Cloud Computing are listed . The users have no control of, nor any knowledge of, what could happen to their data. This is a great concern in cases when users have valuable and personal information stored in a cloud computing service.
Users will not compromise their privacy so cloud computing service providers must ensure that the customers' information is safe. This, however, is becoming increasingly challenging because as security developments are made, there always seems to be someone to figure out a way to disable the security and take advantage of user information. Some of the important components of Virtual Machine Layer creates number of virtual machines and number of operating systems and its monitoring.
Some organizations have been focusing on security issues in the cloud computing. The Cloud Security Alliance is a nonprofit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. They propose the OSA pattern, which pattern is an attempt to illustrate core cloud functions, the key roles for oversight and risk mitigation, collaboration across various internal organizations, and the controls that require additional emphasis.
For example, the Certification, Accreditation, and Security Assessments series increase in importance to ensure oversight and assurance given that the operations are being "outsourced" to another provider.
System and Services Acquisition is crucial to ensure that acquisition of services is managed correctly. Contingency planning helps to ensure a clear understanding of how to respond in the event of interruptions to service delivery . The Risk Assessment controls are important to understand the risks associated with services in a business context. To address the challenges and to enable cloud computing, several standards groups and industry consortia are developing specifications and test beds.
On the other side, a cloud API provides either a functional interface or a management interface or both. Cloud management has multiple aspects that can be standardized for interoperability. Some possible standards are Federated security e. There are numerous security issues for cloud computing as it encompasses many technologies including networks, databases, operating systems, virtualization, resource scheduling, transaction management, load balancing, concurrency control and memory management.
Therefore, security issues for many of these systems and technologies are applicable to cloud computing. For example, the network that interconnects the systems in a cloud has to be secure and mapping the virtual machines to the physical machines has to be carried out securely. Data security involves encrypting the data as well as ensuring that appropriate policies are enforced for data sharing. The given below are the various security concerns in a cloud computing environment.
In cloud computing administrative access must be conducted via the Internet, increasing exposure and risk. It is extremely important to restrict administrative access to data and monitor this access to maintain visibility of changes in system control. Data access issue is mainly related to security policies provided to the users while accessing the data.
In a typical scenario, a small business organization can use a cloud provided by some other provider for carrying out its business processes. Some organization will have its own security policies based on which each employee can have access to a particular set of data.
Cloud Computing SECURITY [PDF]
Skip to search form Skip to main content You are currently offline. Some features of the site may not work correctly. The promised benefi ts have determined companies to invest great sums of money in researching and developing this domain and great steps have been made towards implementing this technology. Managers have traditionally viewed IT as diffi cult and expensive and the promise of cloud computing leads many to think that IT will now be easy and cheap. Save to Library. Create Alert. Launch Research Feed.
Cloud computing security or, more simply, cloud security refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security , network security , and, more broadly, information security. Cloud computing and storage provide users with capabilities to store and process their data in third-party data centers. When an organization elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially sensitive data is at risk from insider attacks.
Elements of Cloud Computing Security
It seems that you're in Germany. We have a dedicated site for Germany. This book offers a thorough yet easy-to-read reference guide to various aspects of cloud computing security.
ГЛАВА 87 Веспа выехала в тихий переулок Каретерра-де-Хуелва. Еще только начинало светать, но движение уже было довольно оживленным: молодые жители Севильи возвращались после ночных пляжных развлечений. Резко просигналив, пронесся мимо мини-автобус, до отказа забитый подростками. Мотоцикл Беккера показался рядом с ним детской игрушкой, выехавшей на автостраду.
CLOUD COMPUTING SECURITY ISSUES
Он хотел его оставить, но я сказала. Во мне течет цыганская кровь, мы, цыганки, не только рыжеволосые, но еще и очень суеверные. Кольцо, которое отдает умирающий, - дурная примета. - Вы знаете эту девушку? - Беккер приступил к допросу.
Коммандер! - позвала Сьюзан. Ответа не последовало. Сьюзан спустилась по лестнице на несколько ступенек. Горячий воздух снизу задувал под юбку. Ступеньки оказались очень скользкими, влажными из-за конденсации пара.
PDF | The cloud computing exhibits, remarkable potential to provide cost effective, easy to manage, elastic, and powerful resources on the fly.