Cloud computing & security basics


Published on

Corresponding Article @ -

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cloud computing & security basics

  1. 1. RAHUL GURNANICDAC Certified Cyber Security ProfessionalMS Cyber Law & Information Security,Indian Institute of Information Technology - Allahabad
  2. 2. agenda• Virtualization - brief overview• Essential Features of a cloud environment• Cloud Service Models• Cloud Deployment Models• Benefits of Cloud• Security Concerns in different Cloudenvironments• Mapping the traditional IT securityrequirements to Cloud environment• Two viewpoints on Cloud Security
  3. 3. VIRTUALIZATION• A cloud comprises of virtual machines hosted on a remote or local serverwhich are accessed and used on as and when needed basis.• The virtual machines can be defined to have any configuration that a realworld machine would have, just the host machine should be able to supportit. Even servers can be hosted easily on a cloud.• Just imagine if you are able to host your server in a virtual environment,how much cost, space and business overheads would you save if your serversare hosted on a cloud !
  4. 4. Essential Features of a cloud 1.On- Demand Self Service2.Broad network access3.Resource Pooling4.Rapid Elasticity5.Measured Service
  5. 5. On-demand self-service.A customer using cloud services should be able to provisioncomputing capabilities such as server time and networkstorage himself as and when required without requiringhuman interaction with the service provider.Broad network access.The cloud services should be available over the network andaccessible thorugh standard devices such as laptops,smartphones and tablet computersResource pooling. (& Location Independence)The service provider’s computing resources are pooled toserve multiple consumers using a multi-tenant model, withdifferent physical and virtual resources dynamically assignedand reassigned according to consumer demand.
  6. 6. Rapid elasticity.• Capabilities can be elastically provisioned and released, insome cases automatically, to scale rapidly outward andinward commensurate with demand.• To the consumer, the capabilities available for provisioningoften appear to be unlimited and can be appropriated inany quantity at any time.Measured service.• Cloud systems automatically control and optimize resourceuse by leveraging a metering capability at some level ofabstraction appropriate to the type of service (e.g.,storage, processing, bandwidth, and active user accounts).• Resource usage can be monitored, controlled, andreported, providing transparency for both the provider andconsumer of the utilized service.
  7. 7. Cloud Services1.Software as a Service (SaaS).2.Platform as a Service (PaaS).3.Infrastructure as a Service (IaaS).4.Business Process as a Service(BPAAS)
  8. 8. Software as a Service (SaaS).• The capability provided to the consumer is to use theprovider’s applications running on a cloud infrastructure.• The applications are accessible from various client devicesthrough either a thin client interface, such as a webbrowser (e.g., web-based email), or a program interface.• The consumer does not manage or control the underlyingcloud infrastructure including network, servers, operatingsystems, storage, or even individual applicationcapabilities, with the possible exception of limited user-specific application configuration settings.
  9. 9. Platform as a Service (PaaS).• The capability provided to the consumer is to deploy ontothe cloud infrastructure consumer-created or acquiredapplications created using programming languages,libraries, services, and tools supported by the provider.• The consumer does not manage or control the underlyingcloud infrastructure including network, servers, operatingsystems, or storage, but has control over the deployedapplications and possibly configuration settings for theapplication-hosting environment.
  10. 10. Infrastructure as a Service (IaaS)• The capability provided to the consumer is toprovision processing, storage, networks, andother fundamental computing resources.• The consumer is able to deploy and run arbitrarysoftware, which can include operating systemsand applications.• The consumer does not manage or control theunderlying cloud infrastructure but has controlover operating systems, storage, and deployedapplications; and possibly limited control ofselect networking components (e.g., hostfirewalls).
  11. 11. Business Process as a Service (BPAAS).• It is a form of business process outsourcing (BPO)that employs a cloud computing service model.• Whereas the aim of traditional BPO is to reducelabor costs, BPaaS reduces labor count throughincreased automation, thereby cutting costs in theprocess.• It adheres to cloud computings traditionalmonthly pricing schedule.• Types of outsourcing services offered via theBPaaS model include HR functions such as payrolland benefits administration, procurement,advertising, marketing and industry operationprocesses.
  12. 12. • Private cloud• Public cloud• Hybrid cloud• Community cloudDeployment Models
  13. 13. Private cloud• The cloud infrastructure is set up for exclusive use by an individualorganization which may have multiple consumers.• It may be owned, managed, and operated by the organization itself or athird party.• It may be set up in the organizations premises or a remote location.Community cloud• It is for exclusive use by a specific community of consumers fromorganizations that have shared concerns (e.g., mission, securityrequirements, policy, and compliance considerations).• It may be owned, managed, and operated by one or more of theorganizations in the community, a third party, or some combination ofthem, and it may exist on or off premises.
  14. 14. Public cloud• It is set up for open use by the general public.• It may be owned, managed, and operated by abusiness, academic, or government organization, orsome combination of them. It exists on the premises ofthe cloud provider.Hybrid cloud• The cloud infrastructure is a composition of two ormore distinct cloud infrastructures (private,community, or public) that remain unique entities,• but are bound together by standardized or proprietarytechnology that enables data and applicationportability (e.g., cloud bursting for load balancingbetween clouds).
  15. 15. • Reducing capital Expenditure on IT• Having a predictable Operations Expenditure• Letting the organization focus on its corecompetency
  16. 16. Security ConcernsTOP CONCERN INADOPTION OFCLOUDPhysical controlsget replaced byvirtual controlsIn a cloud environment, access expands,control shifts, and the speed ofprovisioning resources and applicationsincreases - greatly affecting all aspectsof IT security.Cloud computing tests the limitsof security operations andinfrastructure.
  17. 17. Integrated servicemanagement, automation,provisioning, self serviceKey security focus:Infrastructure and IdentityManage datacenteridentitiesSecure virtual machinesPatch default imagesMonitor logs on allresourcesNetwork isolationCloud Enabled Data CenterInfrastructure as a Service(IaaS): Cut IT expense andcomplexity through cloud datacentersPlatform-as-a-Service (PaaS):Accelerate time to market withcloud platform servicesPre-built, pre-integrated ITinfrastructures tuned toapplication-specific needsKey security focus:Applications and DataSecure shared databasesEncrypt private informationBuild secure applicationsKeep an audit trailIntegrate existing securityCloud Platform Services
  18. 18. Advanced platform forcreating, managing, andmonetizing cloud servicesKey security focus:Data and ComplianceIsolate cloud tenantsPolicy and regulationsManage security operationsBuild compliant datacentersOffer backup and resiliencyCloud Service ProviderInnovatebusiness models by becoming acloud service providerSoftware as a Service (SaaS):Gain immediateaccess with business solutionson cloudCapabilities provided toconsumers for using aprovider’s applicationsKey security focus:Compliance andGovernanceHarden exposed applicationsSecurely federate identityDeploy access controlsEncrypt communicationsManage application policiesBusiness Solutions on Cloud
  19. 19. People and IdentityApplication and ProcessNetwork, Server and EndpointData and InformationPhysical InfrastructureGovernance, Risk and ComplianceSecurity and Privacy DomainsMultiple Logins, Onboarding IssuesMulti-tenancy, Data SeparationAudit Silos, Compliance ControlsProvider Controlled, Lack of VisibilityVirtualization, Network IsolationExternal Facing, Quick ProvisioningCLOUDSelf-ServiceHighly VirtualizedLocation IndependenceWorkload AutomationRapid ElasticityStandardizationHow security and privacy domains get related to cloudenvironments ?
  20. 20. Two viewpoints for cloud securitySecurity from the is used to deliver security as-a-service - focusingon services such as vulnerability scanning, web and emailsecurity, etc.Security for the cloud..focus is on secure usage of Cloud applications – like byensuring Audit, Access and Secure Connectivity.There are various business solutionsavailable from different vendorssupporting both the models.