The document discusses cloud deployment models and security concerns regarding cloud computing. It describes four cloud deployment models: private cloud for a single organization, community cloud for a specific community, public cloud available to the general public, and hybrid cloud combining two or more cloud types. The document then outlines several security advantages and challenges of cloud computing, such as reduced exposure of data but loss of physical control, and examines security aspects of cloud provisioning, data storage, processing infrastructure, support services, and networking.

1. Cloud Computing: 9
Cloud Deployment Models and Security Concerns
Prof Neeraj Bhargava
Vaibhav Khanna
Department of Computer Science
School of Engineering and Systems Sciences
Maharshi Dayanand Saraswati University Ajmer

2. Cloud Deployment Models
• Private cloud
– single org only,
– managed by the org or a 3rd party,
– on or off premise
• Community cloud
– shared infrastructure for specific community
– several orgs that have shared concerns,
– managed by org or a 3rd party
2

3. Cloud Deployment Models (Cont.)
• Public cloud
– Sold to the public, mega-scale infrastructure
– available to the general public
• Hybrid cloud
– composition of two or more clouds
– bound by standard or proprietary technology
3

4. The NIST Cloud Definition Framework
4
Community
Cloud
Private
Cloud
Public Cloud
Hybrid Clouds
Deployment
Models
Service
Models
Essential
Characteristics
Common
Characteristics
Software as a
Service (SaaS)
Platform as a
Service (PaaS)
Infrastructure as a
Service (IaaS)
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient Computing
Geographic Distribution

5. Security is the Major Issue
5

6. General Security Advantages
• Shifting public data to a external cloud
reduces the exposure of the internal sensitive
data
• Cloud homogeneity makes security
auditing/testing simpler
• Clouds enable automated security
management
• Redundancy / Disaster Recovery
6

7. General Security Challenges
• Trusting vendor’s security model
• Customer inability to respond to audit findings
• Obtaining support for investigations
• Indirect administrator accountability
• Proprietary implementations can’t be examined
• Loss of physical control
7

8. Security Relevant Cloud Components
• Cloud Provisioning Services
• Cloud Data Storage Services
• Cloud Processing Infrastructure
• Cloud Support Services
• Cloud Network and Perimeter Security
• Elastic Elements: Storage, Processing, and
Virtual Networks
8

9. Provisioning Service
• Advantages
– Rapid reconstitution of services
– Enables availability
• Provision in multiple data centers / multiple instances
– Advanced honey net capabilities
• Challenges
– Impact of compromising the provisioning service
9

10. Data Storage Services
• Advantages
– Data fragmentation and dispersal
– Automated replication
– Provision of data zones (e.g., by country)
– Encryption at rest and in transit
– Automated data retention
• Challenges
– Isolation management / data multi-tenancy
– Storage controller
• Single point of failure / compromise?
– Exposure of data to foreign governments
10

11. Cloud Processing Infrastructure
• Advantages
– Ability to secure masters and push out secure
images
• Challenges
– Application multi-tenancy
– Reliance on hypervisors
– Process isolation / Application sandboxes
11

12. Cloud Support Services
• Advantages
– On demand security controls (e.g., authentication,
logging, firewalls…)
• Challenges
– Additional risk when integrated with customer
applications
– Needs certification and accreditation as a separate
application
– Code updates
12

13. Cloud Network and Perimeter Security
• Advantages
– Distributed denial of service protection
– VLAN capabilities
– Perimeter security (IDS, firewall, authentication)
• Challenges
– Virtual zoning with application mobility
13

14. Assignment
• Briefly explain the cloud deployment models
and security concerns