3. WHAT IS CLOUD COMPUTING???
– Use of internet-based services to support business process
– Rent IT-services on a utility-like basis
– Rapid deployment
– Low startup costs/ capital investments
– Costs based on usage or subscription
– Multi-tenant sharing of services/ resources
• Essential characteristics
– On demand self-service(just-in-time availability of resources”)
– Ubiquitous network access
– Location independent resource pooling
– Rapid elasticity
– Measured service
4. Cloud Models
• Delivery Models
• Deployment Models
• Public cloud:
• multiple customers share the computing resources provided by a single service
• Private cloud:
• computing resources are used and controlled by a private enterprise.
• Hybrid cloud:
• A third type can be hybrid cloud that is typical combination of public and private cloud.
• Community cloud:
• Several organizations jointly construct and share the same cloud .
6. Problems Associated with Cloud
• Most security problems stem from:
– Loss of control
– Lack of trust (mechanisms)
• Network security.
• Data Security.
7. 1.Network security
Problems associated with network communications and configurations
regarding cloud computing infrastructures.
Distributed architectures,massive resource sharing and virtual machine(VM)
instances synchronization imply more data in transit in the cloud,VPN(virtual
private network)( mehanism.dropbox)
(b) Firewalling: (yotta networks)
Firewalls protect the provider’s internal cloud infrastructure against
insiders and outsiders.
8. 2.Data security
Is Data Secure???
Protection of data in terms of confidentiality.
(a) Cryptography:-Most employed practice to secure sensitive
1.Keep cloud credentials safe.
2.Keep encrypted data.(encrytion keys).
(b) Redundancy: Essential to avoid data loss.
Elementary data disposal techniques are the insufficient and commonly
referred a deletion .
• Virtualization is an essential technological characteristic of clouds
which hides the technological complexity from the user and
enables enhanced flexibility (through Aggregation, Routing and
• (a) Isolation:-Although logically isolated, all VMs share the same
hardware and consequently the same resources.
• (b) Data leakage: Exploit hypervisor vulnerabilities and lack of
isolation controls in order to leak data from virtualized infrastructures
(c) VM identification: Lack of controls for identifying virtual machines
that are being used for executing a specific process or for storing
(d) Cross-VM attacks:-Includes attempts to estimate provider traffic
rates in order to steal cryptographic keys and increase chances of
VM placement attacks.
Concentrates all issues related to user administrative.
(a) API:- Programming interfaces for accessing virtualized resources.
(b) Administrative interface:
Enables remote control of resources in an IaaS development
for PaaS and application tools for SaaS.
(c) User interface:-End-user interface for exploring provided resources
and tools(the service itself).
(d) Authentication:-Mechanisms required to enable access to the
• Issues related to (losing) administrative and security cloud
• (a) Data control:-
• Moving data to the cloud means losing control over redundancy.
– Data, applications, resources are located with provider
– User identity management is handled by the cloud
– User access control rules, security policies and enforcement are
managed by the cloud provider
– Consumer relies on provider to ensure
Data security and privacy
(b) Security control:-
Loss of governance over security mechanisms and policies.
13. • (c) Lock-in:
• User potential dependency on a particular service provider due to
lack of well-established standards ,consequently becoming
particularly vulnerable to migrations and service termination.
• Cloud computing is sometimes viewed as a reincarnation
of the classic mainframe client-server model
– However, resources are ubiquitous, scalable, highly virtualized
– Contains all the traditional threats, as well as new ones
• The main goal is to securely store and manage data that
is not controlled by the owner of the data
1. NIST (Authors: P. Mell and T. Grance), "The NIST Definition of
Cloud Computing (ver. 15)," National Institute of Standards and
Technology, Information Technology Laboratory (October 7
2. J. McDermott, (2009) "Security Requirements for Virtualization in
Cloud Computing," presented at the ACSAC Cloud Security
Workshop, Honolulu, Hawaii, USA, 2009.
3. J. Camp. (2001), “Trust and Risk in Internet Commerce,”
Notes de l'éditeur
Government and Military sectors: complicated procurement rules and stringent security requirements
Cloud-based applications (SAAS)
Cloud-based development (e.g. Google App Engine)
Cloud-based infrastructure (e.g. Amazon’s EC2)
Trust and tenancy issues as well as loss of control related to the management model
Data mobility: the abiltiy to share data between cloud services
Where does data reside?
- out-of-state, out-of-country issues
Security Concerns for government in particular
How to certify and accredit cloud computing providers under FISMA
(e.g. ISO 27001)