2. A public cloud is one based on the standard cloud
computing model, in which a service provider
makes resources, such as applications and storage,
available to the general public over the Internet.
Public cloud services may be free or offered on a
pay-per-usage model.
Public cloud services are provided in a virtualized
environment, constructed using pooled shared
physical resources, and accessible over a public
network such as the internet.
Dr. Neeraj Kumar Pandey
3. Advantages:
The price is right
Ease of accessibility
Less work for IT
Scaling up is simple
Limitations/Challenges:
Security Risks
Bandwidth
Customization as per user
Isolation
Multiple Tanancy
Dr. Neeraj Kumar Pandey
4. Public cloud services and infrastructure are
provided off-site over the Internet by third-party
companies to multiple clients. Some examples of
public clouds are server hosting, storage services
and webmail. You have probably heard of Dropbox
and Google Drive, which are popular public storage
services.
Public clouds are best when your information and
data is used by lots of people and your security
standards are not high. They are also good for
collaboration projects and doing an ad-hoc software
development project using a Platform as a Service
(PaaS).
Dr. Neeraj Kumar Pandey
5. When there is "limited exposure to heavy
infrastructure investments such as mainframes
and enterprise applications."
When IT staff is more likely to have been brought
up in the days of rapid development, virtualization
automation, services on demand, or open source.
In a smaller business, when there is greater
flexibility and agility in decision making.
When there is a need for rapid turnaround and
faster time to marker for new application.
When IT staff is less likely to manage a SAN or
working on servers.
Dr. Neeraj Kumar Pandey
6. When selecting a public cloud provider, various
factors should therefore be taken into
consideration, including:
The nature of the provider’s platform
Accessibility from other devices and platforms
Built-in functionality
Individual or organizational needs
Cost
Amount of storage
Security
Dr. Neeraj Kumar Pandey
8. As a IAAS provider, all of the fundamental
properties and characteristics of cloud
computing should be concerned and
implemented.
Dr. Neeraj Kumar Pandey
9. Infrastructure as a service (IaaS) is a model of
Cloud computing intended for companies.
It is a low-level service that provides access to a
virtualized computer equipment.
The company is discharged from buying and
managing the computer equipment.
Virtual machines are provided on which the
company can run the operating system of its
choice (if available…).
Dr. Neeraj Kumar Pandey
10. The company manages: Application software
(executable, parameters, databases,…).
The Cloud provider manages : Everything else!
Servers, operating systems (versions),
virtualization layers, storage, backups,
firewall, monitoring, internal networks,
access/security model, but also…
Power supply, inverters, air conditioned,
access control to the equipment, ...
Dr. Neeraj Kumar Pandey
19. Platform as a Service (PaaS) is a cloud model designed for
software developers that streamlines the development process
by shifting specific aspects of systems management to the
service provider. PaaS is used to develop web and mobile
applications using components that are pre-configured and
maintained by the service provider, including programming
languages, application servers and databases.
Dr. Neeraj Kumar Pandey
26. It is a cloud model that delivers on-demand applications that are
hosted and managed by the service provider and typically paid
for on a subscription basis. SaaS solutions offer a number of
advantages over on-premises deployments, including minimal
administration and maintenance, anywhere access, and in
many cases improved communication and collaboration. Some
cloud-based tools will also prove to be more cost effective than
their traditional, in-house counterparts.
Dr. Neeraj Kumar Pandey
41. Host Hopping Attacks: This attack exploits one of the
most defining characteristics of cloud computing:
resource sharing. this attack can be launched by
hackers if cloud provider does not enforce strict
mechanism to isolate shared resources such as
memory, storage, and reputation of different customers
or hosts . Failing to separate tenants (customers) can
certainly facilitate this type of attack and thereby allow
malicious hackers to hop on other hosts to compromise
other customers’ data and gain illegal access to it. This
attack can be particularly dangerous for public clouds
and the PaaS model where multiple clients share the
same physical machine. Attackers can cause severe
damage that could range from compromising sensitive
customer data to interrupting service for cloud
providers and distorting their image and reputation.
CloudSecurity
Dr. Neeraj Kumar Pandey
42. Malicious Insider and Abuse of Privileges:
The shared and multi-tenancy nature of cloud
computing creates a fertile ground for insider
threat and promotes risk of “privilege abuse” to
confidential customer information. Hosting
sensitive information from multiple clients on
the same physical machine certainly entices
users with high privilege roles such as system
administrators and information security
managers to abuse their privileged access to
clients’ sensitive data and the possibility of
leaking or selling that information to
competitors or other parties of interest.
CloudSecurity
Dr. Neeraj Kumar Pandey
43. Identity Theft Attacks.
Malicious hackers can easily set up
accounts with cloud providers to use
cloud resources by simply paying for the
usage without any restrictions or limits
from cloud vendors on resource
consumption or workloads. Attackers
can exploit this advantage to use and
compromise customer’s critical
information and sell it for a price.
CloudSecurity
Dr. Neeraj Kumar Pandey
44. Service Engine Attacks. The service engine is a highly
customized platform that sits above the physical layer
and characterizes the underlying cloud architecture;
this service engine is normally controlled by cloud
provider to mange customer resources but it can be
rented by potential customers who wish to use and
adopt the IaaS model. Hackers can abuse this feature by
subscribing to the IaaS model and renting a virtual
machine that would be hosted and controlled by the
service engine; then they can use the VM to hack the
service engine from the inside and use the service
engine to their advantage where it may contain
sensitive business information through other VMs from
other cloud subscribers.
CloudSecurity
Dr. Neeraj Kumar Pandey
47. Threats
Including the cloud in your perimeter
Lets attackers inside the perimeter
Prevents mobile users from accessing the cloud
directly
Not including the cloud in your perimeter
Essential services aren’t trusted
No access controls on cloud
Countermeasures
Drop the perimeter model!
Dr. Neeraj Kumar Pandey
CloudSecurity
48. Threat
Disconnected provider and customer security systems
Fired employee retains access to cloud
Misbehavior in cloud not reported to customer
Countermeasures
At least, integrate identity management
Consistent access controls
Better, integrate monitoring and notifications
Notes
Can use SAML(Security Assertion Markup Language), LDAP(Lightweight Directory Access
Protocol), RADIUS(Remote Authentication Dial-In User Service), XACML(eXtensible
Access Control Markup Language), IF-MAP( Interface for Metadata Access Points), etc.
Dr. Neeraj Kumar Pandey
CloudSecurity