Cloud computing is a model for accessing computing resources over the internet on-demand. There are concerns about security and data protection with cloud services. While cloud computing provides benefits like scalability, cost savings, and mobility, issues include security risks from outages or data breaches, uncertainty around service agreements, and governance challenges with foreign data locations. Standards and best practices can help manage security risks for cloud computing.

1. Cloud Computing Services & Security Concerns for Data Storage

2. AGENDA What is Cloud Computing? Cloud Services and Deployment Models Why all the hype?? Security risks Future of the Cloud Computing Summary

3. What is Cloud Computing According to NIST ‘ Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.’ According to Gartner ‘ Gartner defines cloud computing as a style of computing in which massively scalable IT-related capabilities are provided "as a service" using Internet technologies to multiple external customers’

4. Cloud Service Models The Cloud Service models are Cloud Software as a Service (SaaS) – no purchase of software, rent it and pay per use model Cloud Platform as a Service (PaaS) – development platform is offered as service Cloud Infrastructure as a Service (IaaS) – provides entire infrastructure, storage, networking, backup. Other type of models according to Juniper Networks Cloud Data as a Service (Daas) Identity and Policy Management as a Service (IPMaas) Cloud Network as a Service (Naas)

5. Cloud Computing Providers Copyright © 2009 Juniper Networks, Inc. http://www.ists.dartmouth.edu/docs/HannaCloudComputingv2.pdf

6. Cloud Deployment Models Private Cloud Internal cloud solely dedicated to single Organization. Security management managed by internal IT Public Cloud Owned by vendor, available to the public. Offered to multiple customers from common infrastructure Hybrid Cloud Runs non-core application in public cloud and sensitive data in private cloud

7. Why all the hype? Cloud Computing is internet based, real-time service and can access solution regardless of location It is massively scalable with flexible business model Provides a flexible pricing model, with a low upfront cost for both infrastructure and software End up being less maintenance, promoting energy efficiency (Green IT) and cost benefits. A recent survey conducted by Pew Internet showed that 69% of all Americans use cloud-based software to store pictures, videos, emails, calendars and other various data online http://www.pewinternet.org

8. Security Risks Security, timely availability and reliability of the data on cloud computing is the main concern Unplanned outages (Amazon S3 cloud service went down, 2008) Data recovery refer SLA’s / Cloud provider Google’s Apps users faced slow service, April 2009 Data location and Storage, there are jurisdictions involved Is it secured properly all the private and confidential information. Located in different geographic location, what are the ramification of laws for foreign entity.

9. Security Risk Management According to Mather, Kumaraswamy & Latif, 2009, research some of the standards to be used for Security Management in Cloud Computing Services: ITIL ISO/IEC 27001 and 27002. Cloud Services secure areas covered are: Availability management, Vulnerability Management, Access Control, Patch management, Configuration management, Incident response & System use and access monitoring

10. According to Gartner 25 Percent of new business Software will be delivered as Software as a Service (Saas) by 2011. http://www.gartner.com/it/page.jsp?id=496886 Cloud Security Alliance is a not-for-profit organization providing security assurance for Cloud Service. Jericho Forum working on getting secure collaboration for cloud computing for individual business needs. Federal CIO is a huge cloud Proponent. Many Cloud pilot programs with in the govt.Washington DC uses Google apps, twitter, you tube

11. Summary Cloud Computing is going to be around, accept it! Always understand the Service level agreements (SLAs) of Cloud Service providers, to understand the uptime and downtime Cloud Service is in IT security department and be due diligent. Users should consider what type of data to be used for cloud storage Cost savings can be huge, but be aware of security and governance issues

12. References Issues related to Cloud Computing arrangements http://www.seyfarth.com/index.cfm/fuseaction/publications.publications_detail/object_id/9275a22b-3998-494c-84d8-7d234e503d82/IssuesRelatedToCloudComputingArrangements.cfm Proposed 2010 Budget, Section 9 http://www.whitehouse.gov/omb/budget/fy2010/assets/crosscutting.pdf Security Guidance for Critical areas of focus in Cloud Computing, Cloud Security Alliance, April 2009 http://www.cloudsecurityalliance.org/guidance/csaguide.pdf Gartner Newsroom, Stamford, Conn., September 29, 2008 http://www.gartner.com/it/page.jsp?id=766215 Waxer, C. (2009). Can you trust the Cloud? Computer World. May 25/June1, 2009, 23-26 Lamb, J. (2009). The Greening of IT: How Companies Can Make a Difference for the Environment, IBM Press, April 2009 Mather, T., Kumaraswamy, S., and Latif, S. (2009) Cloud Security and Privacy, 1st Edition. 1005 Gravenstein Highway North, Sebastopol, CA 95472: O'Reilly Media, Inc.,