Cloud Computing Security What is Cloud Computing Cloud
- Slides: 30
Cloud Computing Security
What is Cloud Computing? • Cloud Computing is a general term used to describe a new class of network based computing that takes place over the Internet, § a collection/group of integrated and networked hardware, software and Internet infrastructure (called a platform). § Using the Internet for communication and transport provides hardware, software and networking services to clients • These platforms hide the complexity and details of the underlying infrastructure from users and applications by providing very simple graphical interface or API (Applications Programming Interface). 2
Cloud Summary • Cloud computing is an umbrella term used to refer to Internet based development and services • A number of characteristics define cloud data, applications services and infrastructure: § Remotely hosted: Services or data are hosted on remote infrastructure. § Ubiquitous: Services or data are available from anywhere. § Commodified: The result is a utility computing model similar to traditional that of traditional utilities, like gas and electricity - you pay for what you would want! 3
Cloud Architecture 4
What is Cloud Computing SERVICE S APPLICATIO NS COMPUTER NETWORK STORAGE (DATABASE) SERVERS • Shared pool of configurable computing resources • On-demand network access 5 • Provisioned by the Service Provider Adopted from: Effectively and Securely Using the Cloud Computing Paradigm by peter Mell, Tim Grance
Security Services Authorized to Know Confidentiality Data Never Loss Machine Never Fail Availability Data Has Not Been Tampered With Integrity 6
Basic Cloud Characteristics • The “no-need-to-know” in terms of the underlying details of infrastructure, applications interface with the infrastructure via the APIs. • The “flexibility and elasticity” allows these systems to scale up and down at will § utilizing the resources of all kinds • CPU, storage, server capacity, load balancing, and databases • The “pay as much as used and needed” type of utility computing and the “always on!, anywhere and any place” type of network-based computing. 7
Basic Cloud Characteristics • Cloud are transparent to users and applications, they can be built in multiple ways § branded products, proprietary open source, hardware or software, or just off-the-shelf PCs. • In general, they are built on clusters of PC servers and offthe-shelf components plus Open Source software combined with in-house applications and/or system software. 8
What is the purpose and benefits? • Cloud computing enables companies and applications, which are system infrastructure dependent, to be infrastructure-less. • By using the Cloud infrastructure on “pay as used and on demand”, all of us can save in capital and operational investment! • Clients can: § Put their data on the platform instead of on their own desktop PCs and/or on their own servers. § They can put their applications on the cloud and use the servers within the cloud to do processing and data manipulations etc. 9
Cloud Service Models Software as a Service (Saa. S) Platform as a Service (Paa. S) Sales. Force CRM Lotus. Live Google App Engine 10 Adopted from: Effectively and Securely Using the Cloud Computing Paradigm by peter Mell, Tim Grance Infrastructure as a Service (Iaa. S)
Cloud Storage • Several large Web companies are now exploiting the fact that they have data storage capacity that can be hired out to others. § allows data stored remotely to be temporarily cached on desktop computers, mobile phones or other Internetlinked devices. • Amazon’s Elastic Compute Cloud (EC 2) and Simple Storage Solution (S 3) are well known examples § Mechanical Turk 11
Cloud Security !! A major Concern • Security concerns arising because both customer data and program are residing at Provider Premises. • Security is always a major concern in Open System Architectures Customer Data Customer Code Provider Premises 12
Why Cloud Computing brings new threats? Traditional system security mostly means keeping bad guys out The attacker needs to either compromise the auth/access control system, or impersonate existing users 13
Why Cloud Computing brings new threats? • Cloud Security problems are coming from : § Loss of control § Lack of trust (mechanisms) § Multi-tenancy • These problems exist mainly in 3 rd party management models § Self-managed clouds still have security issues, but not related to above 14
Who is the attacker? Insider? • Malicious employees at client • Malicious employees at Cloud provider • Cloud provider itself Outsider? • Intruders • Network attackers? 15
Challenges for the attacker How to find out where the target is located How to be co-located with the target in the same (physical) machine How to gather information about the target 16
Security Issues from Virtualization • Virtualization providers provide • is using- Para. Virtualization or full system virtualization. • Instance Isolation: ensuring that Different instances running on the same physical machine are isolated from each other. • Control of Administrator on Host O/s and Guest o/s. • Current VMs do not offer perfect isolation: Many bugs have been found in all popular VMMs that allow to escape from VM! • • Virtual machine monitor should be ‘root secure’, meaning that no level of privilege within the virtualized guest environment permits interference with the host system. 17
Streamlined Security Analysis Process • Identify Assets § Which assets are we trying to protect? • Identify Threats § What other threats are there (natural disasters, etc. )? • Identify Countermeasures § How can we counter those attacks? 18
Failures in Provider Security • Explanation § Provider controls servers, network, etc. § Customer must trust provider’s security § Failures may violate CIA principles • Countermeasures § Verify and monitor provider’s security • Notes § Outside verification may suffice § For SMB, provider security may exceed customer security 19
Perimeter Security Model 20
Perimeter Security with Cloud Computing? 21
Integrating Provider and Customer Security • Threat § Disconnected provider and customer security systems § Fired employee retains access to cloud § Misbehavior in cloud not reported to customer • Countermeasures § At least, integrate identity management § Consistent access controls § Better, integrate monitoring and notifications 22
What, When, How to Move to the Cloud • Identify the asset(s) for cloud deployment § Data § Applications/Functions/Process • Evaluate the asset § Determine how important the data or function is to the organization 23
Evaluate the Asset • How would we be harmed if – – – The asset became widely public & widely distributed? An employee of our cloud provider accessed the asset? The process of function were manipulated by an outsider? The process or function failed to provide expected results? The info/data was unexpectedly changed? The asset were unavailable for a period of time? 24
Map Asset to Models • 4 Cloud Models § Public § Private (internal, external) § Community § Hybrid 25
Cloud Domains Service contracts should address these 13 domains • • • Architectural Framework Governance, Enterprise Risk Mgt Legal, e-Discovery Compliance & Audit Information Lifecycle Mgt Portability & Interoperability 26
Cloud Domains • • Security, Business Continuity, Disaster Recovery Data Center Operations Incident Response Issues Application Security Encryption & Key Mgt Identity & Access Mgt Virtualization 27
• Minimize Lack of Trust § Policy Language § Certification • Minimize Loss of Control § § Monitoring Utilizing different clouds Access control management Identity Management (IDM) • Minimize Multi-tenancy 28 Possible Solutions
Possible Solutions § Loss of Control • Take back control – Data and apps may still need to be on the cloud – But can they be managed in some way by the consumer? § Lack of trust • Increase trust (mechanisms) – Technology – Policy, regulation – Contracts (incentives): topic of a future talk § Multi-tenancy • Private cloud – Takes away the reasons to use a cloud in the first place • Strong separation 29
Bottom Line on Cloud Computing Security • Engage in full risk management process for each case • For small and medium organizations § Cloud security may be a big improvement! § Cost savings may be large (economies of scale) • For large organizations § § Already have large, secure data centers Main sweet spots: Elastic services Internet-facing services 30
Private securit
Nist architecture of cloud computing
Bina bhaskar
Seven step model of migration into cloud
Conventional computing and intelligent computing
Grid computing security
Security in computing 5th edition ppt
Security problems in computing
Security in computing pfleeger
Security in computing 5th edition answers
Wireless security in cryptography and network security
Seven touchpoints for software security
Visa international security model
Security guide to network security fundamentals
Osi standard for security architecture is
Cnss security model 27 cells example
Electronic mail security in network security
Security guide to network security fundamentals
Security guide to network security fundamentals
Security policy and integrated security in e-commerce
Cloud computing hamilton
Cloud conclusion
Machine image in cloud computing
Balance the workload across two or more it resources.
Benefits and challenges of cloud computing
Characteristics of virtualization in cloud computing
Acm symposium on cloud computing
Vodafone cloud services hosting
Motivation of cloud computing
Introduction to mapreduce in cloud computing
Motivation of cloud computing
