Cloud Security

From SI410
Jump to: navigation, search

(back to index)

According to the National Institute of Standards and Technology (NIST), Cloud Computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort of service provider interaction. With such on-demand and high accessibility, security is a rising concern of cloud computing. Issues such as general security, performance, and data governance are continually developed each day to ensure the proper measures are taking place.

Diagram of Cloud Computing

Essential Characteristics

Cloud Computing Networks have 5 essential characteristics:

1. On-Demand Service: A consumer should be able to access services on the cloud without interacting with the service provider.

2. Broad Network Access: A consumer can access their cloud services using any interface which connects to the internet.

3. Resource Pooling: Service Provider provides cloud capabilities however resources should be used effectively and efficiently to provide the service. User has no knowledge of where their data lies.

4. Rapid Elasticity: In the case where resource consumption rapidly increases Cloud should be able to handle the change in load without service disruption.

5. Measured Service: Consumer should be billed accurately with proof of services used based on monitoring of storage, processing, bandwidth etc.

Cloud Computing Networks have 3 deployment models:

1. Public Cloud: Infrastructure that is made available to the general public or a large industry group and is owned by an organization selling cloud services

2. Private cloud: infrastructure is operated solely for an organization. It can be managed by the organization or a third party and may exist on or off premises.

3. Hybrid Cloud: infrastructure is a composition of two or more clouds that remain unique entities but are able to be utilized when load dramatically increases.

Best Practices

According to Donald Faatz, a cybersecurity architect and contributor at Carnegie Mellon University’s Software Engineering Institute, the best practices for cloud security are as follows: [1]

  1. Perform due diligence
  • Planning: Select an appropriate system or application to move to, build in, or buy from a CSP--a challenging task for a first-time cloud deployment.
  • Development and Deployment: The system or application development and deployment team should be trained in the details of correctly using CSP services to implement applications.
  • Operation: Once developed and deployed, applications and systems must be operated securely.
  1. Manage access
  • Identify and Authenticate Users: Use multifactor authentication to reduce the risk of credential compromise.
  1. Protect Data
  • Protect Data from Unauthorized Access: Encrypt data at rest to protect it from disclosure due to unauthorized access.

Cloud Computing Service Models

Cloud Computing Networks have 3 Service Models:

Infrastructure as a Service (IaaS)

IaaS functions to reduce the the workload on a company's computer infrastructure by offing those tasks that are not pertinent to day-to-day operations. Cloudbursting in a term given to the process of off-loading tasked to the cloud during time when the most compute resources are needed. [2] The basic premise behind IaaS is to save a company money by having multiple calculations and computations taking place off-site, while focusing the in-house computing to tasks that need to be completed on a timed basis. The idea of having multiple computers/servers processing the information and then relaying the information back to the primary server would make best use of a companies resources.

Platform as a Service (PaaS)

PaaS allows developers to create and deploy web applications on a hosted infrastructure. Allows businesses to leverage the compute resources of a cloud infrastructure.[3] From the developers side, basically creating the software that will run the cloud programs and allow access to the system. These decisions must be made carefully as a computing platform must be chosen throughout the creation process. Common platforms include Windows, Apple Max OS X, Linux, and other smaller, mobile platforms as well.

Software as a Service (SaaS)

SaaS provides network-based access to commercially available software.[4] Examples of this include Netflix, Gmail, and Google Docs. This is most closely related to the consumer side of business rather than the inner workings. If a company wants to allow access to material on a server, they are going to do so through software. Companies will either set up a pay service, or if open source, as Google, it will be provided free of charge. Along with software design comes technical support issues, such as will the software be accessible cross-platform or will the user be required to download special software to their machine.

Cloud Computing Architecture

Cloud Architecture is made up of several different components:

1. Services

2. Virtualization Management

3. Core Services

4. Security

5. Data Governance

6. Management Services

7. Fault Tolerance

Ethical Concerns


Cloud Security refers to the issues or barriers which are currently preventing wide spread adoption of the cloud computing enterprises around the country. More to do with accessibility and the ease of access are contributing factors to these barriers. Many users are skeptical of having a third party in charge of keeping their information safe on the cloud. Companies such as law firms, and health companies have been reluctant to adopt cloud computing because of the importance of client information privacy in their work. There are tradeoffs, as cloud hosting companies have large dedicated security teams, they are more equipped to handle vulnerabilities and with the large attack space a large player exposes, their services will be hardened from practice, not theory.


Amazon's Cloud Service

Cloud Networks are vulnerable to attack due to the nature of their convenience. A cloud is built on the idea that it is accessible from any interface which allows internet connection. This positive attribute can also cause many people to attack and hack this network. Furthermore, this has been a concern as recently and Google clouds have been attacked by DDoS by essentially using thousands of fake requests that stopped both websites from operating. Performance of the cloud is a major selling point. When providing services, ensuring that service will not be interrupted has ethical implications. When providing a service which is a backbone for any corporation, for example the inability to access their information, can harm both parties. This topic can be further expanded under the term of data migration. Data migration seeks to understand the issues which arise when data is moved seamlessly from one server to another. Steps need to be taken to ensure no data is lost, as well as availability, scalability, cost efficiency and load balancing. Before service providers offer services they need to have knowledge of their product and its abilities. More over, the way they charge their consumers is an ethical concern. Cloud computing is built on the idea that users do not need to understand or have knowledge of underlying technology which makes their work possible. A divide of knowledge is being created where people using technological services do not know what services they are getting. In this case the providers have power in how much to charge for services and ensuring that proper levels of service are provided. This requires ethical standards to be created and maintained on the service providers side. How service level agreements are dealt with is an ethical implication of this part the security issue.

Data Governance

This issue of cloud security has many ethical implications in the cloud computing environment. Since cloud computing is a newer technology which is being used there are no legal standards to control the amount of information which is uploaded to the cloud environment. A major technological characteristic of cloud computing is that multiple copies of data are created to ensure data is never lost, and these data copies are moved from server to server. While these ideas are beneficial and integral to making cloud services possible, the current legal definitions of data control and mobility do not tend to apply. For example, if data is uploaded to the cloud, it is moved from a users computer to a third party service providers server. Who is the owner of this data? Is it the user who uploaded it or is it the third party who is actually housing and hosting the data. An example of where this is already an issue is Germany. By law Germany does not allow a companies information to be removed from the country. However, on the Cloud the data can be on many servers at the same time which are located in many different places. Another ethical issue with the cloud is once data which is on a third parties cloud they have the power to access it. Ethically this enters a gray line, if they find the data is nationally compromising is it the companies responsibility to report it to the government? However, at the same time what gives a third party the right to access a consumers data which they in confidence that their data was protected uploaded it online. This ethical implications of this can be seen where Google complied with US laws and revealed European Information on their servers to the United States Government. In another example, the NSA requested access to phone calls and Verizon and AT&T and complied. There are many ethical concerns in Cloud Computing. The most important of them relate to the way data is put on the internet and way it is charged as well as who has access to the information and how it can be used.

See Also


  1. Best Practices for Cloud Security. (2018, March 12). Retrieved from
  2. IBM: Cloud computing service models, Part 1: Infrastructure as a Service
  3. IBM: Cloud computing service models, Part 2: Platform as a Service
  4. IBM Cloud computing service models, Part 3: Software as a Service

Antonopoulos, Nick, and Lee Gillam. Cloud Computing: Principles, Systems and Aplications. London: Springer-Verlag London Limited, 2010. Print.

Furht, Borivoje, and Armando Escalante. Handbook of Cloud Computing. Boston: Springer Science+Business Media LLC, 2010. Print.

Velte, Anthony T, and Toby J Velte. Cloud Computing: a Practical Approach. New York: McGraw-Hill, 2009. Print.

(back to index)