Security in Cloud Computing (055049)

Truong Tuan AnhCSE-HCMUT

2

The Three Waves

Agricultural societiesIndustrial ageInformation age

An era of cloud computing

3

Subwaves within the Information Wave

4

Evolution of Cloud Computing

5

The Cloud

“The term cloud is a metaphor for the Internet and is a simplified representation of the complex, internet-worked devices and connections that form the Internet”

Tim Mather

6

What is Cloud Computing

“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

NIST definition of Cloud Computing

7

Cloud Computing

Five main attributes:Multitenancy (shared resources)Massive scalabilityElasticityPay as you goSelf-provisioning of resources

8

Example

9

SPI Framework

10

11

Relevant Technologies in Cloud Computing

Cloud access devicesHome PCsEnterprise PCsMobile devices…

BrowsersHigh-speed broadband access: a critical component

WifiCellularWiMAX…

Data centers and server farmsDistributionLinked via internetworks

Storage devicesAPIs

12

The Cloud Services Delivery Model

13

The Software-As-a-Service Model

Traditional methods of purchasing software:Loading the software onto customer’s hardware: compatibility of operational systems …License feeMaintenance agreement

In a SaaS model:The customer does not purchase software, but rather rents it: pay-per-use modelAccess the service through any authorized device

14

SaaS: Key Benefits

Enable the organization to outsource the hosting and management of applications to third partiesEnable software vendors to control and limit use, prohibits copying and distribution, and facilitates the control of all derivative versions of their software

Without preloading software in each device in an organizationApplications delivery using the SaaS model typically uses the one-to-many delivery approach, with the Web as the infrastructureA typical SaaS deployment does not require any hardware and can run over the existing Internet access infrastructureManagement of a SaaS application is supported by the vendor from the end user perspective, whereby a SaaSapplication can be configured using an API, but SaaSapplications cannot be completely customized

15

The Platform-As-a-Service Model

Vendor offers development environment Vendor toolkitNo need to install any tool in developer’s computer Hosted in the cloud and accessed through a browserMultitenant deployment architecture PaaS is a variation of SaaS whereby the development environment is offered as a service

16

PaaS vs. Traditional Platforms: Functions

Multitenant development toolsMultitenant deployment architectureIntegrated managementIntegrated billing

17

PaaS vs. Traditional Platforms: Flexibility

18

The Infrastructure-As-a-Service Model

Provides the infrastructure to run the applicationsOnline services that abstract the user from the details of infrastructure:

Physical computing resourcesLocationData partitioningScaling, security, backup, …

Offer computing services for customers’ demandsAmount of processing powerDisk space…

19

IaaS: Features

ScalabilityPay as you goBest-of-breed technology and resources

20

Cloud Deployment Models

Public CloudsPrivate CloudsHybrid Clouds

→ defined based on their relationship to the enterprise

21

Public Clouds

External cloudsHosted, operated, and managed by a third-partyvendor from one or more data centersOffered to multiple customers over a commoninfrastructureSecurity management and day-to-day operations are relegated to the third-partyvendor

22

Private Clouds

Internal cloudsCloud computing on private networksThe network, computing, and storage infrastructure associated with private clouds is dedicated to a single organization and is not shared with any other organizationsSecurity management and day-to-day operations are relegated to internal IT or to a third party with contract

23

Hybrid Clouds

Consisting of multiple internal and/or cloudsRun non-core applications in a public cloud, while maintaining core applications and sensitive data in-house in a private cloud

24

Cloud Computing: A Customer’s Perspective

25

Cloud Computing: Benefits

Small initial investment and low ongoing costsEconomies of scaleOpen standardsSustainability

26

The Impact of Cloud Computing on Users

Individual consumersIndividual businessesStart-upsSmall and medium-size businessesEnterprise businesses

27

Governance in the Cloud

28

Barriers to Cloud Computing Adoption

SecurityPrivacyConnectivity and Open AccessReliabilityInteroperabilityIndependence from CSPsEconomic ValueIT GovernanceChanges in the IT OrganizationPolitical Issues Due to Global Boundaries

29

Takeaways

What is cloud computing Delivery modelsDeployment modelsThe impacts of cloud computing