Cloud Computing

Definition

The Cloud is a metaphor for the Internet Cloud computing is a model for enabling ubiquitous,

convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction1

Five characteristics Three service models Four deployment models

Essential Characteristics

On-demand self-service Broad network access Resource pooling Rapid elasticity Measured service

Service Models

Software as a Service (SaaS) Capability provided is to use the provider’s applications running on a

cloud infrastructure Applications accessible from various client devices and interfaces (e.g.

web browser, thin client) Consumer does not manage or control the underlying cloud infrastructure

including network, servers, operating system, storage or application capabilities, with the possible exception of user-specific settings.

Examples Google

Salesforce

GoTo Meeting

WebEx

Picasa

Service Models

Platform as a Service (PaaS) The capability provided is to deploy onto the cloud infrastructure

consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider.

The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage.

The consumer has control over the deployed applications and possibly configuration settings for the application-hosting environment.

Examples

Force.com

Google App Engine

Heroku

Service ModelsInfrastructure as a Service (IaaS)

The capability provided is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.

The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

Examples Rackspace

Amazon Web Services

Microsoft Azure

2

Deployment Models

Private cloud The cloud infrastructure is provisioned for exclusive use by a

single organization comprising multiple consumers (e.g., business units).

It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.

Community cloud The cloud infrastructure is provisioned for exclusive use by a

specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations).

It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.

Deployment Models

Public cloud The cloud infrastructure is provisioned for open use by the

general public. It may be owned, managed, and operated by a business,

academic, or government organization, or some combination of them.

It exists on the premises of the cloud provider.

Hybrid cloud The cloud infrastructure is a composition of two or more

distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).

Public Cloud

Private Cloud

Hybrid Cloud

Contro

l/Govern

ance

Eco

nom

ies

of

Sca

le

Economies of Scale vs Control and Governance

Pros

Scale and Cost Next Generation

Architecture Choice and Agility Environmentally Friendly Improved Disaster Recovery Ubiquitous Device, OS and Browser

Independent Lower Software Costs Lower Hardware Costs

Cons

Internet Connection Dependent Reliability Lack of Control Security Ongoing Costs Non-negotiable Agreements No Hard Drive Lack of Full Support Software Incompatibility Multiple Logon IDs

and Passwords

Security and Logon Management

Know who is supposed to have access to each resource and service

Limit data access based on user context Take a risk-based approach to securing assets used in the

cloud Extend security to the device Add intelligence to network protection Have internal processes to deactivate ALL user accounts upon

termination Single Sign On (SSO) and AD Integration are not necessarily

the Holy Grail

Contracts

Read and understand the entire contract Know your rights May be expensive to break and result in data

loss

Backups

Typically handled by the vendor Verify the process

How are backups stored? Frequency Can you restore data or do you rely on the vendor? Level of restoration

Server

File/Mailbox

Vendor Security and Availability

Data Center Verify physical location and hardware Verify security

Who comes and goes

How and when your information is updated

AvailabilityGuaranteed up timeFailover and redundancyColocation center (see Data Center above)Bandwidth available

Interaction with Organization Resources Data feeds

Format and type Frequency Downtime Who develops

Direct Connection Terminology Ensure desired results

Active Directory More than user credentials

Non-Business Use or Interaction

Corporate Devices BYOD

BYOD

Allure Staff bear the cost of device Staff know how to use the device Carry only one phone

Reality Costs may be higher More complex to manage

Access Considerations

Email HRIS Network Resources Financial Data Protected Health Information (PHI)

Security Considerations

Device Password Protection Encryption

Device/OS Specific 3rd Party (e.g. TouchDown)

Malware Apps Stolen or Lost Devices Can you wipe the device?

If so, what about personal information?

BYOD Security Approaches

Mobile Device Management – MDM MobileIron Airwatch (VMWare) JAMF Software iOS MDM Good Technology

Identity Management – IDM Meru Identity Manager (Meru Networks) IDSentrie (A10 Networks)

Network Access Control – NAC Stealthwatch (Lancope) ClearPass (Aruba) Aerohive Hive Manager

Resources/References

Four IT shops, four approaches to BYOD network security, David Geer, TechTarget.com, January 2013

1http://www.nist.gov/

2Introduction to Cloud Computing, ProfEdge Solutions Pvt Ltd., Jul 6, 2013, http://www.slideshare.net/ProfEdge/introduction-to-cloud-computing-23970527

http://www.merunetworks.com

http://www.mobileiron.com

http://www.aerohive.com

http://www.air-watch.com

https://www1.good.com

http://www.jamfsoftware.com

http://www.a10networks.com

https://www.lancope.com

http://www.arubanetworks.com