SlideShare a Scribd company logo

Understanding_the_Cloud

Download as DOCX, PDF
Melissa Kattke
Melissa Kattke
1 of 6
Understanding the Cloud (20-25%) Describe cloud principles & delivery mechanisms. Differentiate between on-premise IT service models. On-Premise Online (Cloud) Control over all systems/data. Customizable No software licensing costs. Corporate dta is stored/handled internally. No new infrastructure requirements, I.e. servers. Resources are configurable, but no full control over data & processes. Dedicated IT staff for mntc/support. Low cost for services. Initial investment is high, but pays off over time. 3rd parties are doing the work, but are also handling sensitive data. Ref.1 Differentiate between subscription or pay-as-you-go vs. Upfront CapEx/OpEx funding model.  Pay-as-you-go is OperationalExpense (OpEx) funding model.  It's advantageis that users can pay for processor time and storageas needed, by a company offering external cloud serviceaka cloud service provider (CSP).  OpEx model is on-going investment. It's non committal, allowing flexibility.  OpEx is a preferred option, since capital investment is limited. Pay-as-you-go offers scalability, whereusers can consume moreor less power as needed. Ref. 5 o Paying upfrontrequires companies to pay for direct, indirect & overhead costs of ruing & owning datacenters (CapEx). o As capital assets ages, it will cost morefor upgrades, replacements, personnel& mntc. o Pay up frontdoes not allow flexibility nor scalability. Ref. 5 o Paying upfrontalso incurs an on-going OpExas well as CapEx. Ref. 9 Use cloud services to expand capacity (elasticity of the cloud), scalability, redundancy & availability. o Elasticity – expands or shrinks storagecapacity as needed. o Scalability – allows addition/contraction of power (I.e., moreusers, drivespaceor RAM) in the formof enabling more connections (customer requests).
o Scale up – add more resources. o Scale out – add 1 or more subscription(s). o Redundancy – Automatic recovery, having an extra server built-in, in the event of an outage/disaster. o Availability – providehigh level of service, regardless of vicissitudes in demand/system failure. o Recovery of failure – five 9s, 99.999% systemavailability through elasticity, scalability & redundancy. Ref. 2 o High availability chart – shows acceptable uptime percentage. Ref. 2 Differentiate between configurable vs. Customizable Configurable – systemis complete, but allows users to make granular changes to fit needs. Saves $$$ & time, b/c don't need to hire developers to recode. Cloud services that are on-line are configurable. Customizable –systemis incomplete & developers need to recode & implement changes. Changes are $$$ & significant. Changes affect the service. On-premiseis customizable. Describe cloud security requirements & policies Describehow cloud services manage privacy 1. Cloud serviceproviders (CSPs) - adhereto standards, I.e. SSAE-16, PCI DSS or ISO27001 to protect data that is stored, processed & transmitted. 2. Encryption secures data being transferred by using key encryption management program. a. Data is hidden in code in transit & reassembled into readable data @ rest. b. SSL & HTTPS are forms of encryption that protects data in transit. 3. Tokens – offer KMS the encrypts data on the server side & provides audittrail of usage. 4. Versioning – prevents accidental deletion/overwriting. 5. Logging – protects data by tracking requests for server access. Ref. 9
How compliance goals are met: Microsoft(MS) has privacy standards that: 1. Privacy by design – MS is the custodian of customer data. MS has a trust center where transparency & trustbetween organizations & MS is est. 2. MS has independent verification in place to maintain privacy. MS has 6 key privacy principles: 1. Control – customers are in control of their data. 2. Transparency - MS is transparentabout data collection & use, so customers are informed. 3. Security – MS protects data through security measures & encryption. 4. Legal protections – MS respects local privacy laws & fights for legal protection of your privacy. 5. No content-based targeting – MS will not use your data for advertising. 6. Benefits to you – When MS collects data, it is used to benefit the customer & improve UX. Ref. 13 How data is secured @ rest or on-the-wire 1. Defense indepth approach to providephysical, logical and data layers of security features & operational best practices. Ref. 12 2. Physical security –24hr monitoring data centers, multi-factor authentication, separate internal & external networks, roleseparation. Bad drives & hw are destroyed. Ref. 12 3. Logical security –Lockboxprocess limits data access. Whitelisted servers run. Threat mgmt teams that act as hackers to learn how to preventattacks. Ports & perimeter are scanned. Use of intrusion detection. 4. Data security –encryption @ rest & in-transitwith SSL/TLS. Threat mgmt. Security monitoring. File/data integrity are guarded from tampering. Exchange Online Threat Protection offers advanced security & reliability againstspam& malware. Ref. 12 5. User controls – O365 msg encryption allows user to send encrypted email, DLP & RTS. Policies can be config to protect data. S/MINEoffers msg security w/ certified-based email access. AzureRights Mgmt preventss file-level access w/o credentials. 6. Admincontrols – multi-factor authentication protects access to servicewith 2nd factor, I.e. phone. DLP prevents data leaks. MDM allows mgmt of corporatedata. MAM –
fromIntune, allows more controlto securedata in apps. Built-in anti-virus & antispam protection in Exchange Online. How data & operations transparency requirements are met Self assessment& 3rd party audits help meet compliance & transparency goals. Describe how cloud services stay up-to-date & available Describe the service/featureimprovementprocess: 1. Monitor service health – O365 admin ctr/servicesettings/get updates Request 1st release – available immediately. Affects whole organization, but can "select group of people" to rcv 1st release. Standard release – available in 2 weeks. 2. Service mntc – redundancy, resilience, distributed services & monitoring. 3. Future roadmap publishing –overview of updates & future releases. 4. Identify guarantees –MS offers 99.9% guaranteeof uptime that's financially backed. 5. Service Level Agreement(SLA) - minimum level of acceptable service, with 99.9% rateof recovery. 6. Capping of liability – liable up to 12 months or $5k. Describe various cloud services Deployment models: Private cloud – privately owned by an organization; allows privacy & control. Hosted in customer's own data center. More secure, but limited size & scalability. CapEx & OpEx for physicalresources. On-premprivatecloud is best for those who want control & configurability of infrastructure& security. Ref. 7 Externally hosted private cloud is through a 3rd party, off-premise& offers privacy. Ref. 7 Community cloud – Shared by several organizations & supports a specific community that has shared concerns, I.e. gov't. May be managed by the organization or 3rd part. May exist on- premise or off-premise. Public cloud – Available to the public that shared the sameinfrastructurepool with limited configurations & security protections. This is owned by an org selling cloud services.
It's off-premise& low costmodel, b/c it's pay-as-you-go. Largein scale to allow on-demand scalability. Ref. 7 Hybridcloud – consists of 2 or moreclouds (private, community or public) that are unique, but bound together by standardized or proprietary technology that enables data & application portability (e.g. cloud bursting for load balancing between clouds). Hybrid clouds offer on-demand, externally-provisioned scalability. Ref. 7 Differentiate between types of cloud services & characteristics. Software as a Service (SaaS)- allows little customization, b/c vendor manages everything (apps, data, runtime, middleware, OS, virtualization, servers, storage, networking). This is "on-demand SW" Reduces OpExby outsourcing HW, SW mntc & supportto CSP. Examples: CRM, email, virtual desktop, communications, games, O365 & SalesForce. Ref. 2, 4 Platformas a Service (PaaS)- vendor provides HW & some SW, including OS, db, web server & programming tools. Users havelittle control over HW, but can manage apps installed & controldata. Users can build apps, define & create storagestructures & upload it onto the platform. Users don't haveto worry aboutconfig load balancing or DNS. Primary useis for development, testing & deployment. Vendor provides OS or platform the application is running on. Examples: Executive runtime, db, web server, developmenttools, WindowsAzure. Ref. 4 Infrastructure as aService (IaaS)- Offers computers, physicalor VMs & other resources. IaaS is a cloud-servicemodel that refers to online services whereusers don'tworry about infrastructure, location, data partitioning, scaling, security & backups. IaaS supportmany VMs & can scale service, according to needs. IaaS offers firewalls, load balancing, IP addresses and SW bundles on a on-demand basis, but the client is responsiblefor installing & maintaining OS, apps, data, runtime & middleware. IaaS offers virtualization & HW (servers, storage& networking)
Examples: private cloud, VMs, Servers, storage, load balancing & networks. Ref. 2, 3, 4 Cloud Clients: web browsers, mobile app, thin client & terminalemulator.

Recommended

Enterprise level security, the Huddle way
Enterprise level security, the Huddle wayEnterprise level security, the Huddle way
Enterprise level security, the Huddle wayHuddleHQ
 
Enhanced Data Partitioning Technique for Improving Cloud Data Storage Security
Enhanced Data Partitioning Technique for Improving Cloud Data Storage SecurityEnhanced Data Partitioning Technique for Improving Cloud Data Storage Security
Enhanced Data Partitioning Technique for Improving Cloud Data Storage SecurityEditor IJMTER
 
data storage security technique for cloud computing
data storage security technique for cloud computingdata storage security technique for cloud computing
data storage security technique for cloud computinghasimshah
 
Changing Landscape of Data Centers
Changing Landscape of Data CentersChanging Landscape of Data Centers
Changing Landscape of Data CentersSuhas Kelkar
 
Enabling Integrity for the Compressed Files in Cloud Server
Enabling Integrity for the Compressed Files in Cloud ServerEnabling Integrity for the Compressed Files in Cloud Server
Enabling Integrity for the Compressed Files in Cloud ServerIOSR Journals
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingAshish Patel
 
Excellent Manner of Using Secure way of data storage in cloud computing
Excellent Manner of Using Secure way of data storage in cloud computingExcellent Manner of Using Secure way of data storage in cloud computing
Excellent Manner of Using Secure way of data storage in cloud computingEditor IJMTER
 
V04405122126
V04405122126V04405122126
V04405122126IJERA Editor
 

Recommended

Enterprise level security, the Huddle way
Enterprise level security, the Huddle wayEnterprise level security, the Huddle way
Enterprise level security, the Huddle wayHuddleHQ
 
Enhanced Data Partitioning Technique for Improving Cloud Data Storage Security
Enhanced Data Partitioning Technique for Improving Cloud Data Storage SecurityEnhanced Data Partitioning Technique for Improving Cloud Data Storage Security
Enhanced Data Partitioning Technique for Improving Cloud Data Storage SecurityEditor IJMTER
 
data storage security technique for cloud computing
data storage security technique for cloud computingdata storage security technique for cloud computing
data storage security technique for cloud computinghasimshah
 
Changing Landscape of Data Centers
Changing Landscape of Data CentersChanging Landscape of Data Centers
Changing Landscape of Data CentersSuhas Kelkar
 
Enabling Integrity for the Compressed Files in Cloud Server
Enabling Integrity for the Compressed Files in Cloud ServerEnabling Integrity for the Compressed Files in Cloud Server
Enabling Integrity for the Compressed Files in Cloud ServerIOSR Journals
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingAshish Patel
 
Excellent Manner of Using Secure way of data storage in cloud computing
Excellent Manner of Using Secure way of data storage in cloud computingExcellent Manner of Using Secure way of data storage in cloud computing
Excellent Manner of Using Secure way of data storage in cloud computingEditor IJMTER
 
V04405122126
V04405122126V04405122126
V04405122126IJERA Editor
 
L01246974
L01246974L01246974
L01246974IOSR Journals
 
L04302088092
L04302088092L04302088092
L04302088092ijceronline
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
CLOUD CPOMPUTING SECURITY
CLOUD CPOMPUTING SECURITYCLOUD CPOMPUTING SECURITY
CLOUD CPOMPUTING SECURITYShivananda Rai
 
Data Partitioning Technique In Cloud: A Survey On Limitation And Benefits
Data Partitioning Technique In Cloud: A Survey On Limitation And BenefitsData Partitioning Technique In Cloud: A Survey On Limitation And Benefits
Data Partitioning Technique In Cloud: A Survey On Limitation And BenefitsIJERA Editor
 
Ijarcet vol-2-issue-4-1405-1409
Ijarcet vol-2-issue-4-1405-1409Ijarcet vol-2-issue-4-1405-1409
Ijarcet vol-2-issue-4-1405-1409Editor IJARCET
 
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...IRJET Journal
 
Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)Maganathin Veeraragaloo
 
Iaetsd storage privacy protection against data
Iaetsd storage privacy protection against dataIaetsd storage privacy protection against data
Iaetsd storage privacy protection against dataIaetsd Iaetsd
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Disaster recovery toolkit final version
Disaster recovery toolkit final versionDisaster recovery toolkit final version
Disaster recovery toolkit final versionAssociation of Colleges
 
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltDDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltMazeBolt Technologies
 
Fs2510501055
Fs2510501055Fs2510501055
Fs2510501055IJERA Editor
 
Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011Cloud Legal Project
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computingGopinath Muthusamy
 
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREA SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
 
Ppt 1
Ppt 1Ppt 1
Ppt 1shanmugamsara
 
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSSECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSIJNSA Journal
 
Cloude computing notes for Rgpv 7th sem student
Cloude computing notes for Rgpv 7th sem studentCloude computing notes for Rgpv 7th sem student
Cloude computing notes for Rgpv 7th sem studentgdyadav
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET Journal
 
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Editor IJMTER
 
An Overview To Cloud Computing
An Overview To Cloud ComputingAn Overview To Cloud Computing
An Overview To Cloud ComputingIJSRED
 

More Related Content

What's hot

Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
CLOUD CPOMPUTING SECURITY
CLOUD CPOMPUTING SECURITYCLOUD CPOMPUTING SECURITY
CLOUD CPOMPUTING SECURITYShivananda Rai
 
Data Partitioning Technique In Cloud: A Survey On Limitation And Benefits
Data Partitioning Technique In Cloud: A Survey On Limitation And BenefitsData Partitioning Technique In Cloud: A Survey On Limitation And Benefits
Data Partitioning Technique In Cloud: A Survey On Limitation And BenefitsIJERA Editor
 
Ijarcet vol-2-issue-4-1405-1409
Ijarcet vol-2-issue-4-1405-1409Ijarcet vol-2-issue-4-1405-1409
Ijarcet vol-2-issue-4-1405-1409Editor IJARCET
 
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...IRJET Journal
 
Iaetsd storage privacy protection against data
Iaetsd storage privacy protection against dataIaetsd storage privacy protection against data
Iaetsd storage privacy protection against dataIaetsd Iaetsd
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltDDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltMazeBolt Technologies
 
Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011Cloud Legal Project
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computingGopinath Muthusamy
 
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREA SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
 
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSSECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSIJNSA Journal
 
Cloude computing notes for Rgpv 7th sem student
Cloude computing notes for Rgpv 7th sem studentCloude computing notes for Rgpv 7th sem student
Cloude computing notes for Rgpv 7th sem studentgdyadav
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET Journal
 

What's hot (20)

L01246974
L01246974L01246974
L01246974
 
L04302088092
L04302088092L04302088092
L04302088092
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
CLOUD CPOMPUTING SECURITY
CLOUD CPOMPUTING SECURITYCLOUD CPOMPUTING SECURITY
CLOUD CPOMPUTING SECURITY
 
Data Partitioning Technique In Cloud: A Survey On Limitation And Benefits
Data Partitioning Technique In Cloud: A Survey On Limitation And BenefitsData Partitioning Technique In Cloud: A Survey On Limitation And Benefits
Data Partitioning Technique In Cloud: A Survey On Limitation And Benefits
 
Ijarcet vol-2-issue-4-1405-1409
Ijarcet vol-2-issue-4-1405-1409Ijarcet vol-2-issue-4-1405-1409
Ijarcet vol-2-issue-4-1405-1409
 
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
 
Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)
 
Iaetsd storage privacy protection against data
Iaetsd storage privacy protection against dataIaetsd storage privacy protection against data
Iaetsd storage privacy protection against data
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Disaster recovery toolkit final version
Disaster recovery toolkit final versionDisaster recovery toolkit final version
Disaster recovery toolkit final version
 
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltDDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
 
Fs2510501055
Fs2510501055Fs2510501055
Fs2510501055
 
Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computing
 
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREA SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
 
Ppt 1
Ppt 1Ppt 1
Ppt 1
 
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSSECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
 
Cloude computing notes for Rgpv 7th sem student
Cloude computing notes for Rgpv 7th sem studentCloude computing notes for Rgpv 7th sem student
Cloude computing notes for Rgpv 7th sem student
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
 

Similar to Understanding_the_Cloud

Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Editor IJMTER
 
An Overview To Cloud Computing
An Overview To Cloud ComputingAn Overview To Cloud Computing
An Overview To Cloud ComputingIJSRED
 
The Nist definition of cloud computing cloud computing Research Paper
The Nist definition of cloud computing cloud computing Research PaperThe Nist definition of cloud computing cloud computing Research Paper
The Nist definition of cloud computing cloud computing Research PaperFaimin Khan
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...Editor IJCATR
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...IJIR JOURNALS IJIRUSA
 
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...IRJET Journal
 
cloud services and providers
cloud services and providerscloud services and providers
cloud services and providersKalai Selvi
 
Security threats in cloud computing
Security threats in cloud computingSecurity threats in cloud computing
Security threats in cloud computingPuneet Arora
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overviewshraddhaudage
 
Best cloud computing training institute in noida
Best cloud computing training institute in noidaBest cloud computing training institute in noida
Best cloud computing training institute in noidataramandal
 
Pillars Of Cloud Computing: Decoding The Fundamentals
Pillars Of Cloud Computing: Decoding The FundamentalsPillars Of Cloud Computing: Decoding The Fundamentals
Pillars Of Cloud Computing: Decoding The FundamentalsCiente
 
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud StorageA Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud StorageIRJET Journal
 

Similar to Understanding_the_Cloud (20)

Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
 
An Overview To Cloud Computing
An Overview To Cloud ComputingAn Overview To Cloud Computing
An Overview To Cloud Computing
 
The Nist definition of cloud computing cloud computing Research Paper
The Nist definition of cloud computing cloud computing Research PaperThe Nist definition of cloud computing cloud computing Research Paper
The Nist definition of cloud computing cloud computing Research Paper
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
 
1784 1788
1784 17881784 1788
1784 1788
 
1784 1788
1784 17881784 1788
1784 1788
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
 
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
 
cloud services and providers
cloud services and providerscloud services and providers
cloud services and providers
 
Security threats in cloud computing
Security threats in cloud computingSecurity threats in cloud computing
Security threats in cloud computing
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overview
 
Cloud Computing Overview | Torry Harris Whitepaper
Cloud Computing Overview | Torry Harris WhitepaperCloud Computing Overview | Torry Harris Whitepaper
Cloud Computing Overview | Torry Harris Whitepaper
 
Best cloud computing training institute in noida
Best cloud computing training institute in noidaBest cloud computing training institute in noida
Best cloud computing training institute in noida
 
Pillars Of Cloud Computing: Decoding The Fundamentals
Pillars Of Cloud Computing: Decoding The FundamentalsPillars Of Cloud Computing: Decoding The Fundamentals
Pillars Of Cloud Computing: Decoding The Fundamentals
 
Unit-II-part 3.pdf
Unit-II-part 3.pdfUnit-II-part 3.pdf
Unit-II-part 3.pdf
 
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud StorageA Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
 
An Intro to Cloud Computing
An Intro to Cloud ComputingAn Intro to Cloud Computing
An Intro to Cloud Computing
 
Cloud Computing Improving Organizational Agility
Cloud Computing Improving Organizational AgilityCloud Computing Improving Organizational Agility
Cloud Computing Improving Organizational Agility
 

Understanding_the_Cloud

  • 1. Understanding the Cloud (20-25%) Describe cloud principles & delivery mechanisms. Differentiate between on-premise IT service models. On-Premise Online (Cloud) Control over all systems/data. Customizable No software licensing costs. Corporate dta is stored/handled internally. No new infrastructure requirements, I.e. servers. Resources are configurable, but no full control over data & processes. Dedicated IT staff for mntc/support. Low cost for services. Initial investment is high, but pays off over time. 3rd parties are doing the work, but are also handling sensitive data. Ref.1 Differentiate between subscription or pay-as-you-go vs. Upfront CapEx/OpEx funding model.  Pay-as-you-go is OperationalExpense (OpEx) funding model.  It's advantageis that users can pay for processor time and storageas needed, by a company offering external cloud serviceaka cloud service provider (CSP).  OpEx model is on-going investment. It's non committal, allowing flexibility.  OpEx is a preferred option, since capital investment is limited. Pay-as-you-go offers scalability, whereusers can consume moreor less power as needed. Ref. 5 o Paying upfrontrequires companies to pay for direct, indirect & overhead costs of ruing & owning datacenters (CapEx). o As capital assets ages, it will cost morefor upgrades, replacements, personnel& mntc. o Pay up frontdoes not allow flexibility nor scalability. Ref. 5 o Paying upfrontalso incurs an on-going OpExas well as CapEx. Ref. 9 Use cloud services to expand capacity (elasticity of the cloud), scalability, redundancy & availability. o Elasticity – expands or shrinks storagecapacity as needed. o Scalability – allows addition/contraction of power (I.e., moreusers, drivespaceor RAM) in the formof enabling more connections (customer requests).
  • 2. o Scale up – add more resources. o Scale out – add 1 or more subscription(s). o Redundancy – Automatic recovery, having an extra server built-in, in the event of an outage/disaster. o Availability – providehigh level of service, regardless of vicissitudes in demand/system failure. o Recovery of failure – five 9s, 99.999% systemavailability through elasticity, scalability & redundancy. Ref. 2 o High availability chart – shows acceptable uptime percentage. Ref. 2 Differentiate between configurable vs. Customizable Configurable – systemis complete, but allows users to make granular changes to fit needs. Saves $$$ & time, b/c don't need to hire developers to recode. Cloud services that are on-line are configurable. Customizable –systemis incomplete & developers need to recode & implement changes. Changes are $$$ & significant. Changes affect the service. On-premiseis customizable. Describe cloud security requirements & policies Describehow cloud services manage privacy 1. Cloud serviceproviders (CSPs) - adhereto standards, I.e. SSAE-16, PCI DSS or ISO27001 to protect data that is stored, processed & transmitted. 2. Encryption secures data being transferred by using key encryption management program. a. Data is hidden in code in transit & reassembled into readable data @ rest. b. SSL & HTTPS are forms of encryption that protects data in transit. 3. Tokens – offer KMS the encrypts data on the server side & provides audittrail of usage. 4. Versioning – prevents accidental deletion/overwriting. 5. Logging – protects data by tracking requests for server access. Ref. 9
  • 3. How compliance goals are met: Microsoft(MS) has privacy standards that: 1. Privacy by design – MS is the custodian of customer data. MS has a trust center where transparency & trustbetween organizations & MS is est. 2. MS has independent verification in place to maintain privacy. MS has 6 key privacy principles: 1. Control – customers are in control of their data. 2. Transparency - MS is transparentabout data collection & use, so customers are informed. 3. Security – MS protects data through security measures & encryption. 4. Legal protections – MS respects local privacy laws & fights for legal protection of your privacy. 5. No content-based targeting – MS will not use your data for advertising. 6. Benefits to you – When MS collects data, it is used to benefit the customer & improve UX. Ref. 13 How data is secured @ rest or on-the-wire 1. Defense indepth approach to providephysical, logical and data layers of security features & operational best practices. Ref. 12 2. Physical security –24hr monitoring data centers, multi-factor authentication, separate internal & external networks, roleseparation. Bad drives & hw are destroyed. Ref. 12 3. Logical security –Lockboxprocess limits data access. Whitelisted servers run. Threat mgmt teams that act as hackers to learn how to preventattacks. Ports & perimeter are scanned. Use of intrusion detection. 4. Data security –encryption @ rest & in-transitwith SSL/TLS. Threat mgmt. Security monitoring. File/data integrity are guarded from tampering. Exchange Online Threat Protection offers advanced security & reliability againstspam& malware. Ref. 12 5. User controls – O365 msg encryption allows user to send encrypted email, DLP & RTS. Policies can be config to protect data. S/MINEoffers msg security w/ certified-based email access. AzureRights Mgmt preventss file-level access w/o credentials. 6. Admincontrols – multi-factor authentication protects access to servicewith 2nd factor, I.e. phone. DLP prevents data leaks. MDM allows mgmt of corporatedata. MAM –
  • 4. fromIntune, allows more controlto securedata in apps. Built-in anti-virus & antispam protection in Exchange Online. How data & operations transparency requirements are met Self assessment& 3rd party audits help meet compliance & transparency goals. Describe how cloud services stay up-to-date & available Describe the service/featureimprovementprocess: 1. Monitor service health – O365 admin ctr/servicesettings/get updates Request 1st release – available immediately. Affects whole organization, but can "select group of people" to rcv 1st release. Standard release – available in 2 weeks. 2. Service mntc – redundancy, resilience, distributed services & monitoring. 3. Future roadmap publishing –overview of updates & future releases. 4. Identify guarantees –MS offers 99.9% guaranteeof uptime that's financially backed. 5. Service Level Agreement(SLA) - minimum level of acceptable service, with 99.9% rateof recovery. 6. Capping of liability – liable up to 12 months or $5k. Describe various cloud services Deployment models: Private cloud – privately owned by an organization; allows privacy & control. Hosted in customer's own data center. More secure, but limited size & scalability. CapEx & OpEx for physicalresources. On-premprivatecloud is best for those who want control & configurability of infrastructure& security. Ref. 7 Externally hosted private cloud is through a 3rd party, off-premise& offers privacy. Ref. 7 Community cloud – Shared by several organizations & supports a specific community that has shared concerns, I.e. gov't. May be managed by the organization or 3rd part. May exist on- premise or off-premise. Public cloud – Available to the public that shared the sameinfrastructurepool with limited configurations & security protections. This is owned by an org selling cloud services.
  • 5. It's off-premise& low costmodel, b/c it's pay-as-you-go. Largein scale to allow on-demand scalability. Ref. 7 Hybridcloud – consists of 2 or moreclouds (private, community or public) that are unique, but bound together by standardized or proprietary technology that enables data & application portability (e.g. cloud bursting for load balancing between clouds). Hybrid clouds offer on-demand, externally-provisioned scalability. Ref. 7 Differentiate between types of cloud services & characteristics. Software as a Service (SaaS)- allows little customization, b/c vendor manages everything (apps, data, runtime, middleware, OS, virtualization, servers, storage, networking). This is "on-demand SW" Reduces OpExby outsourcing HW, SW mntc & supportto CSP. Examples: CRM, email, virtual desktop, communications, games, O365 & SalesForce. Ref. 2, 4 Platformas a Service (PaaS)- vendor provides HW & some SW, including OS, db, web server & programming tools. Users havelittle control over HW, but can manage apps installed & controldata. Users can build apps, define & create storagestructures & upload it onto the platform. Users don't haveto worry aboutconfig load balancing or DNS. Primary useis for development, testing & deployment. Vendor provides OS or platform the application is running on. Examples: Executive runtime, db, web server, developmenttools, WindowsAzure. Ref. 4 Infrastructure as aService (IaaS)- Offers computers, physicalor VMs & other resources. IaaS is a cloud-servicemodel that refers to online services whereusers don'tworry about infrastructure, location, data partitioning, scaling, security & backups. IaaS supportmany VMs & can scale service, according to needs. IaaS offers firewalls, load balancing, IP addresses and SW bundles on a on-demand basis, but the client is responsiblefor installing & maintaining OS, apps, data, runtime & middleware. IaaS offers virtualization & HW (servers, storage& networking)
  • 6. Examples: private cloud, VMs, Servers, storage, load balancing & networks. Ref. 2, 3, 4 Cloud Clients: web browsers, mobile app, thin client & terminalemulator.