Cloud Computing Services & Security Concerns for Data Storage
What is Cloud Computing?
Cloud Services and Deployment Models
Why all the hype??
Future of the Cloud Computing
What is Cloud Computing
According to NIST
‘ Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.’
According to Gartner
‘ Gartner defines cloud computing as a style of computing in which massively scalable IT-related capabilities are provided "as a service" using Internet technologies to multiple external customers’
Cloud Service Models
The Cloud Service models are
Cloud Software as a Service (SaaS) – no purchase of software, rent it and pay per use model
Cloud Platform as a Service (PaaS) – development platform is offered as service
Cloud Infrastructure as a Service (IaaS) – provides entire infrastructure, storage, networking, backup.
Other type of models according to Juniper Networks
Cloud Data as a Service (Daas)
Identity and Policy Management as a Service (IPMaas)
Internal cloud solely dedicated to single Organization. Security management managed by internal IT
Owned by vendor, available to the public. Offered to multiple customers from common infrastructure
Runs non-core application in public cloud and sensitive data in private cloud
Why all the hype?
Cloud Computing is internet based, real-time service and can access solution regardless of location
It is massively scalable with flexible business model
Provides a flexible pricing model, with a low upfront cost for both infrastructure and software
End up being less maintenance, promoting energy efficiency (Green IT) and cost benefits.
A recent survey conducted by Pew Internet showed that 69% of all Americans use cloud-based software to store pictures, videos, emails, calendars and other various data online http://www.pewinternet.org
Security, timely availability and reliability of the data on cloud computing is the main concern
Unplanned outages (Amazon S3 cloud service went down, 2008)
Data recovery refer SLA’s / Cloud provider
Google’s Apps users faced slow service, April 2009
Data location and Storage, there are jurisdictions involved
Is it secured properly all the private and confidential information.
Located in different geographic location, what are the ramification of laws for foreign entity.
Security Risk Management
According to Mather, Kumaraswamy & Latif, 2009, research some of the standards to be used for Security Management in Cloud Computing Services:
ISO/IEC 27001 and 27002.
Cloud Services secure areas covered are:
Availability management, Vulnerability Management, Access Control, Patch management, Configuration management, Incident response & System use and access monitoring
According to Gartner 25 Percent of new business Software will be delivered as Software as a Service (Saas) by 2011. http://www.gartner.com/it/page.jsp?id=496886
Cloud Security Alliance is a not-for-profit organization providing security assurance for Cloud Service.
Jericho Forum working on getting secure collaboration for cloud computing for individual business needs.
Federal CIO is a huge cloud Proponent. Many Cloud pilot programs with in the govt.Washington DC uses Google apps, twitter, you tube
Cloud Computing is going to be around, accept it!
Always understand the Service level agreements (SLAs) of Cloud Service providers, to understand the uptime and downtime
Cloud Service is in IT security department and be due diligent.
Users should consider what type of data to be used for cloud storage
Cost savings can be huge, but be aware of security and governance issues
Issues related to Cloud Computing arrangements http://www.seyfarth.com/index.cfm/fuseaction/publications.publications_detail/object_id/9275a22b-3998-494c-84d8-7d234e503d82/IssuesRelatedToCloudComputingArrangements.cfm