Public cloud

Module#2
Dr Neeraj Kumar Pandey
Working With

A public cloud is one based on the standard cloud
computing model, in which a service provider
makes resources, such as applications and storage,
available to the general public over the Internet.
Public cloud services may be free or offered on a
pay-per-usage model.
Public cloud services are provided in a virtualized
environment, constructed using pooled shared
physical resources, and accessible over a public
network such as the internet.
Dr. Neeraj Kumar Pandey

Advantages:
 The price is right
 Ease of accessibility
 Less work for IT
 Scaling up is simple
Limitations/Challenges:
 Security Risks
 Bandwidth
 Customization as per user
 Isolation
 Multiple Tanancy

 Public cloud services and infrastructure are
provided off-site over the Internet by third-party
companies to multiple clients. Some examples of
public clouds are server hosting, storage services
and webmail. You have probably heard of Dropbox
and Google Drive, which are popular public storage
services.
 Public clouds are best when your information and
data is used by lots of people and your security
standards are not high. They are also good for
collaboration projects and doing an ad-hoc software
development project using a Platform as a Service
(PaaS).

 When there is "limited exposure to heavy
infrastructure investments such as mainframes
and enterprise applications."
 When IT staff is more likely to have been brought
up in the days of rapid development, virtualization
automation, services on demand, or open source.
 In a smaller business, when there is greater
flexibility and agility in decision making.
 When there is a need for rapid turnaround and
faster time to marker for new application.
 When IT staff is less likely to manage a SAN or
working on servers.

When selecting a public cloud provider, various
factors should therefore be taken into
consideration, including:
 The nature of the provider’s platform
 Accessibility from other devices and platforms
 Built-in functionality
 Individual or organizational needs
 Cost
 Amount of storage
 Security

As a IAAS provider, all of the fundamental
properties and characteristics of cloud
computing should be concerned and
implemented.

 Infrastructure as a service (IaaS) is a model of
Cloud computing intended for companies.
 It is a low-level service that provides access to a
virtualized computer equipment.
 The company is discharged from buying and
managing the computer equipment.
 Virtual machines are provided on which the
company can run the operating system of its
choice (if available…).

 The company manages: Application software
(executable, parameters, databases,…).
 The Cloud provider manages : Everything else!
Servers, operating systems (versions),
virtualization layers, storage, backups,
firewall, monitoring, internal networks,
access/security model, but also…
 Power supply, inverters, air conditioned,
access control to the equipment, ...

Platform as a Service (PaaS) is a cloud model designed for
software developers that streamlines the development process
by shifting specific aspects of systems management to the
service provider. PaaS is used to develop web and mobile
applications using components that are pre-configured and
maintained by the service provider, including programming
languages, application servers and databases.

It is a cloud model that delivers on-demand applications that are
hosted and managed by the service provider and typically paid
for on a subscription basis. SaaS solutions offer a number of
advantages over on-premises deployments, including minimal
administration and maintenance, anywhere access, and in
many cases improved communication and collaboration. Some
cloud-based tools will also prove to be more cost effective than
their traditional, in-house counterparts.

Module#2
Neeraj Pandey CEA Deptt. neeraj.pandey@gla.ac.in
Cloud Security

CloudSecurity

 Host Hopping Attacks: This attack exploits one of the
most defining characteristics of cloud computing:
resource sharing. this attack can be launched by
hackers if cloud provider does not enforce strict
mechanism to isolate shared resources such as
memory, storage, and reputation of different customers
or hosts . Failing to separate tenants (customers) can
certainly facilitate this type of attack and thereby allow
malicious hackers to hop on other hosts to compromise
other customers’ data and gain illegal access to it. This
attack can be particularly dangerous for public clouds
and the PaaS model where multiple clients share the
same physical machine. Attackers can cause severe
damage that could range from compromising sensitive
customer data to interrupting service for cloud
providers and distorting their image and reputation.
CloudSecurity

 Malicious Insider and Abuse of Privileges:
The shared and multi-tenancy nature of cloud
computing creates a fertile ground for insider
threat and promotes risk of “privilege abuse” to
confidential customer information. Hosting
sensitive information from multiple clients on
the same physical machine certainly entices
users with high privilege roles such as system
administrators and information security
managers to abuse their privileged access to
clients’ sensitive data and the possibility of
leaking or selling that information to
competitors or other parties of interest.
CloudSecurity

Identity Theft Attacks.
Malicious hackers can easily set up
accounts with cloud providers to use
cloud resources by simply paying for the
usage without any restrictions or limits
from cloud vendors on resource
consumption or workloads. Attackers
can exploit this advantage to use and
compromise customer’s critical
information and sell it for a price.
CloudSecurity

 Service Engine Attacks. The service engine is a highly
customized platform that sits above the physical layer
and characterizes the underlying cloud architecture;
this service engine is normally controlled by cloud
provider to mange customer resources but it can be
rented by potential customers who wish to use and
adopt the IaaS model. Hackers can abuse this feature by
subscribing to the IaaS model and renting a virtual
machine that would be hosted and controlled by the
service engine; then they can use the VM to hack the
service engine from the inside and use the service
engine to their advantage where it may contain
sensitive business information through other VMs from
other cloud subscribers.
CloudSecurity

CloudSecurity

 Threats
 Including the cloud in your perimeter
 Lets attackers inside the perimeter
 Prevents mobile users from accessing the cloud
directly
 Not including the cloud in your perimeter
 Essential services aren’t trusted
 No access controls on cloud
 Countermeasures
 Drop the perimeter model!
CloudSecurity

 Threat
 Disconnected provider and customer security systems
 Fired employee retains access to cloud
 Misbehavior in cloud not reported to customer
 Countermeasures
 At least, integrate identity management
 Consistent access controls
 Better, integrate monitoring and notifications
 Notes
 Can use SAML(Security Assertion Markup Language), LDAP(Lightweight Directory Access
Protocol), RADIUS(Remote Authentication Dial-In User Service), XACML(eXtensible
Access Control Markup Language), IF-MAP( Interface for Metadata Access Points), etc.
CloudSecurity

Public cloud

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Public cloud

Similar to Public cloud (20)

More from Dr.Neeraj Kumar Pandey

More from Dr.Neeraj Kumar Pandey (20)

Recently uploaded

Recently uploaded (20)

Public cloud