Difference between revisions of "Cloud Security"

From SI410
Jump to: navigation, search
Line 18: Line 18:
1. Public Cloud: Infrastructure that is made available to the general public or a large industry group and is owned by an organization selling cloud services
1. Public Cloud: Infrastructure that is made available to the general public or a large industry group and is owned by an organization selling cloud services
2. Private cloud: infrastructure is operated solely for an organization. It can be managed by the organization or a third party and may exist on or off premises.
2. Private cloud: infrastructure is operated solely for an organization. It can be managed by the organization or a third party and may exist on or off premises.
3. Hybrid Cloud: infrastructure is a composition of two or more clouds that remain unique entities but are able to be utilized when load dramatically increases.
3. Hybrid Cloud: infrastructure is a composition of two or more clouds that remain unique entities but are able to be utilized when load dramatically increases.

Revision as of 21:14, 10 November 2011

According to the National Institute of Standards and Technology (NIST), Cloud Computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort of service provider interaction.

Essential Characteristics

Cloud Computing Networks have 5 essential characteristics:

1. On-Demand Service: A consumer should be able to access services on the cloud without interacting with the service provider.

2. Broad Network Access: A consumer can access their cloud services using any interface which connects to the internet.

3. Resource Pooling: Service Provider provides cloud capabilities however resources should be used effectively and efficiently to provide the service. User has no knowledge of where their data lies.

4. Rapid Elasticity: In the case where resource consumption rapidly increases Cloud should be able to handle the change in load without service disruption.

5. Measured Service: Consumer should be billed accurately with proof of services used based on monitoring of storage, processing, bandwidth etc.

Cloud Computing Networks have 3 deployment models:

1. Public Cloud: Infrastructure that is made available to the general public or a large industry group and is owned by an organization selling cloud services

2. Private cloud: infrastructure is operated solely for an organization. It can be managed by the organization or a third party and may exist on or off premises.

3. Hybrid Cloud: infrastructure is a composition of two or more clouds that remain unique entities but are able to be utilized when load dramatically increases.

Cloud Computing Service Models

Cloud Computing Networks have 3 Service Models:

Infrastructure as a Service:

Platform as a Service:

Software as a Service:

Cloud Computing Architecture

Cloud Architecture is made up of several different components:

1. Services 2. Virtualization Management 3. Core Services 4. Security 5. Data Governance 6. Management Services 7. Fault Tolerance

Ethical Concerns

Ethical Concerns in Cloud Computing Arise in Security part the cloud architecture.

Security: Cloud Security refers to the issues or barriers which are currently preventing wide spread adoption of the cloud computing my enterprises around the country. Specifically the issues are Performance and Data Governance.

Performance: Cloud Networks are vulnerable to attack due to the nature of their convenience. A cloud is built on the idea that it is accessible from any interface which allows internet connection. This positive attribute can also cause many people to attack and hack this network. Furthermore, this has been a concern as recently Amazon.com and Google clouds have been attacked by DDoS which essentially using thousands of fake requests stopped both websites from operating. Performance of the Clod is a major selling point. When providing services ensuring that service will not be interrupted has ethical implications. When providing a service which is a backbone for any corp. for example the inability to access their information can harm both parties. This topic can be further expanded under the term of Data Migration. Data Migration seeks to understand the issues which arise when data is moved seamlessly from one server to another. Steps need to be taken to ensure no data loss, availability, scalability, cost efficiency and load balancing are all taken care of. Before service providers offer services they need to have knowledge of their product and its abilities. More over the way they charge their consumers is an ethical concern. Cloud Computing is built on the idea that users do not need to understand/have knowledge of underlying technology which makes their work possible. A divide of knowledge is being created where people using technological services do not know what services they are getting. In this case the providers have power in how much to charge for services and ensuring that proper levels of service are provided. This requires ethical standards to be created and maintained on the Service providers side. However Service Level Agreements are a way to deal with the ethical implications of this part the security issue.

Data Governance: This issue of Cloud Security has many and wide spread ethical implications in the cloud computing environment. Since cloud computing is a newer technology which is being used there are no legal standards to control the amount of information which is uploaded to the cloud environment. A major technological characteristic of Cloud Computing is that multiple copies of data are created to ensure data is never lost, and data is moved from server to server. While these ideas are beneficial and integral to making Cloud Services possible they do not allow legal definitions of data control and mobility apply. For example if data is uploaded to the cloud, so it is moved from a users computer to a third party service providers server, who is the owner of this data? Is it the user who uploaded it or is it the third party who is actually housing and hosting the data. An example of where this is already an issue is Germany. By law Germany does not allow a companies information to be removed from the country. However, on the Cloud the data can be on many servers at the same time which are located in many different places. Another ethical issue with the cloud is once data which is on a third parties cloud they have the power to access it. Ethically this enters a gray line, if they find the data is nationally compromising is it the companies responsibility to report it to the government? However, at the same time what gives a third party the right to access a consumers data which they in confidence that their data was protected uploaded it online. This ethical implications of this can be seen where Google complied with US laws and revealed European Information on their servers to the United States Government. In another example, the NSA requested access to phone calls and Veriozon and AT&T and complied. There are many ethical concerns in Cloud Computing. The most important of them relate to the way data is put on the internet and way it is charged as well as who has access to the information and how it can be used.


Antonopoulos, Nick, and Lee Gillam. Cloud Computing: Principles, Systems and Aplications. London: Springer-Verlag London Limited, 2010. Print.

Furht, Borivoje, and Armando Escalante. Handbook of Cloud Computing. Boston: Springer Science+Business Media LLC, 2010. Print.

Velte, Anthony T, and Toby J Velte. Cloud Computing: a Practical Approach. New York: McGraw-Hill, 2009. Print.