Security issues for Cloud Computing



Similar documents
Where in the Cloud are You? Session Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)

AN OVERVIEW ABOUT CLOUD COMPUTING

Cloud Computing; What is it, How long has it been here, and Where is it going?

CLOUD COMPUTING AS A TOOL FOR INFRASTRUCTURE MANAGEMENT

Session 5. Mixing and matching Public, Private and Hybrid Clouds for maximum benefits

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com


IS PRIVATE CLOUD A UNICORN?

A Study of Infrastructure Clouds

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges.

Implementing & Developing Cloud Computing on Web Application

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

SCADA Cloud Computing

Cloud Computing For Distributed University Campus: A Prototype Suggestion

Cloud computing security and privacy concerns

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Proactively Secure Your Cloud Computing Platform

Cloud Computing Technology

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era ( ) Workstation Era ( ) Xerox Star 1981!

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Cloud Computing Security Issues And Methods to Overcome

Webstore - Reselling Cloud

Grid Computing Vs. Cloud Computing

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Cloud Computing Architecture: A Survey

Hybrid Cloud Computing

Security Considerations for Public Mobile Cloud Computing

E-learning Using Cloud Computing

A study of Cloud Computing Ecosystem

Session 3. the Cloud Stack, SaaS, PaaS, IaaS

Private Cloud 201 How to Build a Private Cloud

Cloud Computing An Elephant In The Dark

The NIST Definition of Cloud Computing (Draft)

White Paper on CLOUD COMPUTING

CLOUD COMPUTING IN HIGHER EDUCATION

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Cloud Computing in Higher Education: Impact and Challenges

Computing in a virtual world Cloud Computing

Survey On Cloud Computing

SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE

Secure Cloud Computing through IT Auditing

CLOUD COMPUTING. When It's smarter to rent than to buy

Role of Cloud Computing in Big Data Analytics Using MapReduce Component of Hadoop

WHITE PAPER. IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources

Contents. What is Cloud Computing? Why Cloud computing? Cloud Anatomy Cloud computing technology Cloud computing products and market

Customer Security Issues in Cloud Computing

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

Lecture 02a Cloud Computing I

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

Global Innovations in Cloud Computing Services and Deployment

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Architectural Implications of Cloud Computing

Enterprise Governance and Planning

Katerina Apostolaki, Marketing Manager

Cloud SingularLogic:

ANALYSIS OF CLOUD VENDORS IN INDIAN ENVIORNMENT

Plant Software in the Cloud

How To Understand Cloud Computing

A Survey on Cloud Computing

Abstract 1. INTRODUCTION

Building Blocks of the Private Cloud

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing Utility and Applications

How to Turn the Promise of the Cloud into an Operational Reality

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

SaaS, PaaS & TaaS. By: Raza Usmani

Cloud Based E-Government: Benefits and Challenges

Plant Software in the Cloud Fact vs. Myth

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

Technology & Business Overview of Cloud Computing

A Gentle Introduction to Cloud Computing

Cloud computing and SAP

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

Testing as a Service on Cloud: A Review

Cloud Computing. Karan Saxena * & Kritika Agarwal**

CLOUD COMPUTING. Keywords: Cloud Computing, Data Centers, Utility Computing, Virtualization, IAAS, PAAS, SAAS.

Cloud Computing. Chapter 1 Introducing Cloud Computing

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

2013 Cloud Computing Outlook: Private Cloud Expected to Grow at Twice the Rate of Public Cloud

From Grid Computing to Cloud Computing & Security Issues in Cloud Computing

WOLKEN KOSTEN GELD GUSTAVO ALONSO SYSTEMS GROUP ETH ZURICH

Stefano Portelli Project Manager Consulting Cloud & Virtual Data Center EMC Consulting

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

Cloud Computing-based IT Solutions For Organizations with Multiregional Branch Offices

Cloud Computing. Bringing the Cloud into Focus

Tutorial on Client-Server Architecture

IJRSET 2015 SPL Volume 2, Issue 11 Pages: 29-33

Cloud Services Overview

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

VMware Building Many Bridges to the Cloud

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST

Transcription:

274 Security issues for Cloud Computing Vikas Goyal [1], Dr. Chander Kant [2] [1] Research Scholar, [2] Assistant Professor Deptt. of Comp. Sc. & Appl., Kurukshetra University, Kurukshetra, India. vikas.goyal_85@yahoo.co.in, ckverma@rediffmail.com Abstract: This paper gives a brief view of Cloud computing by giving its definition, advantages, components, types, security issues & current security techniques. By reading this paper, an individual surely will have a clear idea about the introduction, Advantages & Security challenges of Cloud computing. Keywords: Private Cloud, Public Cloud, Hybrid Cloud. 1. Introduction Cloud computing is a latest emerging computing technology that uses the internet and central remote servers to maintain data and applications. In today s economic environment, organizations are focused on reducing costs and doing more with less while still trying to remain competitive. So that IT departments are facing greater problems to ensure that they match key business needs and deliver the desired results in the most efficient and cost-effective manner. To meet these challenges, IT organizations are increasingly moving away from device-centric views of IT, to one that is focused on applications, information, and people and more towards the new paradigm of Cloud Computing. Because Cloud computing allows consumers and businesses to use applications without installation and access their personal files at any computer with internet access.

Research Cell: An International Journal of Engineering Sciences ISSN: 2229-6913 Issue Sept 2011, Vol. 4 275 1.1 About Cloud Computing A model for enabling convenient, on-demand (pay per use) network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be easily updated & will be released to all the users with minimal management effort Figure 1.1: The Cloud In short, Cloud computing means using the Internet for all computer needs. Rather than having disc storage, software, and hardware of your own, all information can be on the Internet. Cloud Computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the datacenters that provide those services. The datacenter hardware and software is what we will call a Cloud. Developers with the knowledge of new Internet paradigm, no longer require the large investment in hardware to deploy their service or the human expense to operate it. 1.2 Advantages of using Cloud Cloud computing has a lot of advantages over traditional computing. The benefits of deploying applications using cloud computing include reducing run time and response time, minimizing the risk of deploying

276 Vikas Goyal, Dr. Chander Kant physical infrastructure, lowering the cost, and increasing the pace of innovation. Some other advantages of cloud computing are as following: Pay for what you use Acquiring & releasing of resources on demand Efficient & better resource utilization Location and Device independence Minimized investment Fast Application Deployment Hassle Free Maintenance Excellent service quality No need to install or update S/W or H/W 1.3 Cloud Computing Models Cloud computing offers both the software and hardware as a service over the internet. These services are classified into three categories: i. Software as a Service (SaaS) ii. Platform as a Service (PaaS) iii. Infrastructure as a Service (IaaS) i. Software as a Service (SaaS) Software as a Service is a software delivery model through which cloud computing make the availability of software s as a service to its end user. These software services are delivered through a web browser to its user as a service on demand (user will have to pay for how much he use). To use software as a service through cloud computing, user just request for the service of a particular software to its vendor and the vendor will provide the services of the software to its user. The end user has not to worry about the

Research Cell: An International Journal of Engineering Sciences ISSN: 2229-6913 Issue Sept 2011, Vol. 4 277 software licensing and other issues related to the genuineness of the software that he is using. ii. Platform as a Service (PaaS) PaaS is like SaaS delivery model which deliver computing platform as a service over the web. Platform as a Service dramatically changed the scenario of development, deployment & run process of all business applications. As the core element of cloud computing, PaaS eliminates the costs and complexity of evaluating, buying, configuring, and managing the hardware and software needed for enterprise applications. PaaS provides all the facilities required to support the complete life cycle of building and delivering web applications entirely on the web. Figure: 1.2 Platforms as a Service iii. Infrastructure as a Service (IaaS) Infrastructure as a Service is a model in which an organization outsources the Infrastructure (equipments) required to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis. Access to infrastructure stack includes Full OS access, Firewalls, Routers, Load

278 Vikas Goyal, Dr. Chander Kant balancing etc. Cloud computing offers scalable, secure and robust Infrastructure-as-a-Service (IaaS). Infrastructure as a Service is sometimes referred to as Hardware as a Service (HaaS). 1.4 Types of Clouds The various types of clouds are: i) Public Cloud The cloud infrastructure is made available to the general public or a large industry group and owned by an organization selling cloud services. The organizations using public cloud do not control how those cloud services are operated, controlled, accessed or secured. Owned and managed by the enterprise Limits access to enterprise and partner network Retains high degree of control, privacy and security Accessed from inside the firewall Figure 1.3: Types of Cloud ii) Private Cloud The cloud infrastructure is operated separately & solely for a single organization. It may be managed by the organization or a third party and may exist on or off-premises. While the organization does not need to physically own or operate all the assets, the key is that a shared pool of

Research Cell: An International Journal of Engineering Sciences ISSN: 2229-6913 Issue Sept 2011, Vol. 4 279 computing resources can be rapidly provisioned, dynamically allocated and operated for the benefit of a single organization. Owned and managed by service provider Delivers selected set of business process, application or infrastructure services. Accessed from outside the firewall iii) Hybrid Cloud The cloud infrastructure is a composition of two or more clouds (private or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds). It is beneficial to have Hybrid clouds because by using this we can have more control on our data. A hybrid infrastructure takes advantage of both public and private clouds: 1.5 Current Security Techniques i) Isolation from Cloud Infrastructure User Isolation from Cloud Infrastructure Users only have access to APIs and Dashboards o No user direct access to Cloud infrastructure Project-based separation o o A project is a set of compute resources accessible by one or more users Each project has separate: VLAN for project instances VPN for project users to launch, terminate, and access instances

280 Liladhar R. Rewatkar, Ujwal A. Lanjewar Figure 1.4: Isolation in Cloud ii) Firewalls Multiple levels of firewalling o Hardware firewall at site border o Firewall on cluster network head-ends o Host-based firewalls on key hosts iii) Remote User Access Remote access is only through VPN (openvpn) Separate administrative VPN and user VPNs Each project has own VPN server iii) Intrusion Detection Monitoring and analyzing both user and system activities Assessing system and file integrity Analysis of abnormal activity patterns Tracking user policy violations

Research Cell: An International Journal of Engineering Sciences ISSN: 2229-6913 Issue Sept 2011, Vol. 4 281 i) Data Scrubbing This is an in-house process where system removes any client related information (personally identifiable) from the data before sending it to cloud. Some examples are Name, Address, Salary, Birth-Date, SSN etc. So once the data gets to cloud its just list of numbers with only way to track back is some Proprietary ID (which system controls) ii) Selective data transportation This is little involved and goes case by case, in this scenario system sends data in small chunks and only with one or two bits of information so security risks are minimized. Combined with 1, this gives added security. iii) End-to-End encryption In this scenario, whole channel to cloud communication is encrypted (VPN, IP level security). Also, once in the cloud data is never stored or passed without encryption. iv) Public-Private hybrid solution You do the sensitive work in private cloud and send non-sensitive work to public cloud. Also, you can move data once it becomes less sensitive to public cloud. 2. Conclusion Computing clouds are changing the whole IT, service industry, and global economy. Clearly, cloud computing demands efficiency, security, and trustworthiness. Cloud computing has become a common practice in business, government, education, and entertainment leveraging 50 millions of servers globally installed at thousands of datacenters today. Private clouds will become widespread in addition to using a few public clouds that are under heavy competition among Google, MS, Amazon, Intel, EMC, IBM, SGI, VMware, Saleforce.com, etc. Effective trust management, guaranteed security, user privacy, data integrity, mobility support, and copyright protection are crucial to the universal acceptance of cloud as a ubiquitous service.

282 References [1] Erdognus, Cloud Computing, IEEE Software, vol. 26, no. 2, pp. 4-6, March/April, 2009 [2] Aymerich, An approach to a cloud computing, web technologies, AYM,2008. [3] Buyya Cloud Computing, IEEE High Performance of Grid Computing, BUV 2008. [4] Dell. Cloud Computing Sections www. Del.com, DELL 2008 [5] Atanu, Cloud Security Issues Processdings of the 40th Hawali International Conference on System Science, ATA, 2009. [6] Gartner, Cloud Computing will be as influential as e- business, Gartner, Tech. Rep., 2008. [Online]. Available: http://www.gartner.com/it/page.jsp?id=707508 [7] Greg, Cloud Computing Harold Hall, GRE, 2007. [8] Liange, Business Cloud Computing, IEEE International conference on services Computing,SCC, LIA 2008. [9] Livpeng, Features of cloud computing, www. China cloud, LIU 2009. [10] Nomadic, Cloud Computing Example ACM, 2008. [11] Oracle, Cloud Computing Amazon. Com. 2009. [12] SAAS/Cloud Computing, IEEE Conference 2008. [13] Shu Wang research in cloud computing, at University California, 2000. [14] Five cloud computing questions. Networkworld.com. http://www.networkworld.com/columnists/2008/080508- dzubeck.html. [15] G. Gruman and E. Knorr, What Cloud Computing really means, InfoWorldInc., Tech. Rep., 2008.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information