current issues: cloud computing services. cloud computing definition… cloud computing the...
TRANSCRIPT
Current Issues: Cloud Computing Services
Cloud Computing
• Definition…
Cloud Computing
The “Cloud” is the default symbol of the Internet in
diagrams.
The “Cloud” is the default symbol of the Internet in
diagrams.
The broader term of “Computing” encompasses:- Computation- Coordination logic- Storage
The broader term of “Computing” encompasses:- Computation- Coordination logic- Storage
Cloud Computing is about moving computing from the single desktop pc/data centers to commercial
service providers on the Internet.
Cloud Computing is about moving computing from the single desktop pc/data centers to commercial
service providers on the Internet.
The Next Revolution in ITThe Big Switch in IT
• Classical Computing– Buy & Own
• Hardware, • System Software,• Applications often to
meet peak needs.– Install, Configure, Test,
Verify– Manage– ..– Finally, use it– $$$$....$(High CapEx)
■ Cloud Computing– Subscribe– Use
– $ - pay for what you use, based on QoS
Ever
y 18
mon
ths?
Cloud Computing
• Essential characteristics:– On-demand self service– Broad network access– Resource pooling– Rapid elasticity– Measured service
• Extras– Pay-per-use– SLA– Distribution
Cloud Computing
• Deployment models– Public Clouds: The cloud infrastructure is made
available to the general public or a large industry group and is owned by an organization selling cloud services.
– Private Clouds: The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.
– Community Clouds: Available to members of a community.
– Hybrid Clouds: Composition of the above models.
Cloud Computing
• Advantages:– No capacity planning– No upfront commitment– Elastic infrastructure– Ease of management
Cloud Computing
• Service Models– What do we make available through Internet?
Virtual servers, virtual storage, and networking
Virtual servers, virtual storage, and networking
Development Platforms, Runtime environments for
applications, APIs
Development Platforms, Runtime environments for
applications, APIs
Office Applications, CRM, E-mail, Media, Gaming
Office Applications, CRM, E-mail, Media, Gaming
HerokuMicrosoft Azure
PaaS
Amazon EC2, S3Joyent,
Rightscale
IaaS
SalesForce.comGoogle Docs
SaaS
Impact of cloud computing on the governance structure of IT organizations
8
Cloud Computing
• Threats… and negative sides?– Security & Confidentiality
– Performance
– Vendor lock-in
Is the cloud really fast?Can the cloud be efficient for my applications?
Can it deliver the performance I paid for?
Is the cloud really fast?Can the cloud be efficient for my applications?
Can it deliver the performance I paid for?
Can I afford to move to a proprietary platform?Are there any standards?
Can I afford to move to a proprietary platform?Are there any standards?
Intro to SaaS - Definition
• Software as a service (SaaS) is a model of software delivery where the software company provides maintenance, daily technical operation, and support for the software provided to their client.
• It assumes the software is delivered over the internet.
• Software delivered to home consumers, small business, medium and large business
Intro to SaaS
• The web as a platform is the center point• Web-browser acting as a thin-client for accessing
the software remotely across the internet. • Network-based access to, and management of,
commercially available (i.e., not custom) software • application delivery that typically is closer to a one-
to-many model (single instance, multi-tenant architecture) than to a one-to-one model, including architecture, pricing, partnering, and management characteristics
SaaS - Pros
• Stay focused on business processes• Change software to an Operating Expense instead of a
Capital Purchase, making better accounting and budgeting sense.
• Create a consistent application environment for all users• No concerns for cross platform support• Easy Access• Lower Cost
– For an affordable monthly subscription – Implementation fees are significantly lower
• Continuous Technology Enhancements
SaaS - Cons
• Initial time needed for licensing and agreements– Trust, or the lack thereof, is the number one
factor blocking the adoption of software as a service (SaaS).
– Centralized control– Possible erosion of customer privacy
• Absence of disconnected use
SaaS Architecture• Fueled by
– Bandwidth technologies– The cost of a PC has been reduced significantly
with more powerful computing but the cost of application software has not followed
– Timely and expensive setup and maintenance costs
– Licensing issues for business are contributing significantly to the use of illegal software and piracy.
High-Level Architecture
• There are three key differentiators that separate a well-designed SaaS application from a poorly designed one– scalable– multi-tenant-efficient– configurable
• Scaling the application - maximizing concurrency, and using application resources more efficiently– i.e. optimizing locking duration, statelessness, sharing
pooled resources such as threads and network connections, caching reference data, and partitioning large databases.
High-Level Architecture (con’t)
• Multi-tenancy – important architectural shift from designing isolated, single-tenant applications – One application instance must be able to
accommodate users from multiple other companies at the same time
– All transparent to any of the users. – This requires an architecture that maximizes the
sharing of resources across tenants – is still able to differentiate data belonging to different
customers.
High-Level Architecture (con’t)
• Configurable - a single application instance on a single server has to accommodate users from several different companies at once– To customize the application for one customer will
change the application for other customers as well. • Traditionally customizing an application would
mean code changes• Each customer uses metadata to configure the
way the application appears and behaves for its users.
• Customers configuring applications must be simple and easy without incurring extra development or operation costs
Saas Financials
• 4 ways software companies are pricing their products– Open Source – free basic products but charge a fee for
the upgrade to the premium product (i.e. Apache, Linux, etc)
– License software – main way its being done. Customer like this way because they own the software as an asset
– Leased Software – deployed at customer site but leased for a time period. Used in the days of the mainframe
– SaaS – subscription pricing. Like leasing is considered and expense but upgrades and maintenance is free and seamless
Saas Financials (con’t)
• Legal should be involved in the acquisition of mission-critical SaaS software– Companies are losing control of their data in the SaaS model– Depending on the service provider for security and data access.
• Need to setup contractual relationship with the SaaS provider– Setup escrow account– With conditions of being able to run application in house – Ability to move data from current provider to new location
• Also Service Level Agreements (SLAs) for– Availability, response times, notifications of outages– Data integrity, data privacy, frequency of backup, support and
disaster recovery
If cloud computing is so great, why isn’t everyone doing it?
• The cloud acts as a big black box, nothing inside the cloud is visible to the clients
• Clients have no idea or control over what happens inside a cloud
• Even if the cloud provider is honest, it can have malicious system admins who can tamper with the VMs and violate confidentiality and integrity
• Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks
20
Companies are still afraid to use clouds
21
Causes of Problems Associated with Cloud Computing
• Most security problems stem from:– Loss of control– Lack of trust (mechanisms)– Multi-tenancy
• These problems exist mainly in 3rd party management models– Self-managed clouds still have security
issues, but not related to above
Loss of Control in the Cloud
• Consumer’s loss of control– Data, applications, resources are located with
provider– User identity management is handled by the
cloud– User access control rules, security policies and
enforcement are managed by the cloud provider– Consumer relies on provider to ensure
• Data security and privacy• Resource availability• Monitoring and repairing of services/resources
Lack of Trust in the Cloud
– trusting a third party requires taking risks
• Defining trust and risk– Opposite sides of the same coin (J.
Camp)– People only trust when it pays
(Economist’s view)– Need for trust arises only in risky
situations
Multi-tenancy Issues in the Cloud
• Conflict between tenants’ opposing goals– Tenants share a pool of resources and have
opposing goals• How does multi-tenancy deal with conflict of interest?
– Can tenants get along together and ‘play nicely’ ?– If they can’t, can we isolate them?
• How to provide separation between tenants?• Cloud Computing brings new threats
– Multiple independent users share the same physical infrastructure
– Thus an attacker can legitimately be in the same physical machine as the target
Taxonomy of Fear
• Confidentiality– Fear of loss of control over data
• Will the sensitive data stored on a cloud remain confidential?
• Will cloud compromises leak confidential client data – Will the cloud provider itself be honest and
won’t peek into the data?• Integrity
– How do I know that the cloud provider is doing the computations correctly?
– How do I ensure that the cloud provider really stored my data without tampering with it?
26
Taxonomy of Fear (cont.)
• Availability– Will critical systems go down at the client, if the
provider is attacked in a Denial of Service attack?
– What happens if cloud provider goes out of business?
– Would cloud scale well-enough?– Often-voiced concern
• Although cloud providers argue their downtime compares well with cloud user’s own data centers
27
Taxonomy of Fear (cont.)
• Privacy issues raised via massive data mining– Cloud now stores data from a lot of clients, and
can run data mining algorithms to get large amounts of information on clients
• Increased attack surface– Entity outside the organization now stores and
computes data, and so– Attackers can now target the communication link
between cloud provider and client– Cloud provider employees can be phished
28
Taxonomy of Fear (cont.)
• Auditability and forensics (out of control of data)– Difficult to audit data held outside organization in
a cloud– Forensics also made difficult since now clients
don’t maintain data locally• Legal quagmire and transitive trust issues
– Who is responsible for complying with regulations?
• e.g., SOX, HIPAA, GLBA ?– If cloud provider subcontracts to third party
clouds, will the data still be secure?
29
Possible Solutions
• Minimize Lack of Trust– Policy Language– Certification
• Minimize Loss of Control – Monitoring– Utilizing different clouds– Access control management– Identity Management (IDM)
• Minimize Multi-tenancy30
Minimize Lack of Trust: Policy Language
• Consumers have specific security needs but don’t have a say-so in how they are handled– What the heck is the provider doing for me?– Currently consumers cannot dictate their
requirements to the provider (SLAs are one-sided)
• Standard language to convey one’s policies and expectations– Agreed upon and upheld by both parties– Standard language for representing SLAs– Can be used in a intra-cloud environment to
realize overarching security posture
Minimize Lack of Trust: Policy Language (Cont.)
• Create policy language with the following characteristics: – Machine-understandable (or at least
processable), – Easy to combine/merge and compare – Examples of policy statements are, “requires
isolation between VMs”, “requires geographical isolation between VMs”, “requires physical separation between other communities/tenants that are in the same industry,” etc.
– Need a validation tool to check that the policy created in the standard language correctly reflects the policy creator’s intentions (i.e. that the policy language is semantically equivalent to the user’s intentions).
32
Minimize Lack of Trust: Certification
• Certification– Some form of reputable, independent,
comparable assessment and description of security features and assurance
– Sarbanes-Oxley, DIACAP, DISTCAP, etc (are they sufficient for a cloud environment?)
• Risk assessment– Performed by certified third parties– Provides consumers with additional
assurance
Minimize Loss of Control: Monitoring
• Cloud consumer needs situational awareness for critical applications– When underlying components fail, what is the
effect of the failure to the mission logic– What recovery measures can be taken (by
provider and consumer)• Requires an application-specific run-time
monitoring and management tool for the consumer– The cloud consumer and cloud provider have
different views of the system– Enable both the provider and tenants to
monitor the components in the cloud that are under their control
Minimize Loss of Control: Monitoring (Cont.)
35
– Provide mechanisms that enable the provider to act on attacks he can handle.
• infrastructure remapping (create new or move existing fault domains)
• shutting down offending components or targets (and assisting tenants with porting if necessary
• Repairs– Provide mechanisms that enable the
consumer to act on attacks that he can handle (application-level monitoring).
• RAdAC (Risk-adaptable Access Control)• VM porting with remote attestation of
target physical host• Provide ability to move the user’s
application to another cloud
Minimize Loss of Control: Utilize Different Clouds
• The concept of ‘Don’t put all your eggs in one basket’– Consumer may use services from different clouds through an intra-
cloud or multi-cloud architecture– Propose a multi-cloud or intra-cloud architecture in which consumers
• Spread the risk• Increase redundancy (per-task or per-application)• Increase chance of mission completion for critical applications
– Possible issues to consider:• Policy incompatibility (combined, what is the overarching policy?)• Data dependency between clouds• Differing data semantics across clouds• Knowing when to utilize the redundancy feature (monitoring technology)• Is it worth it to spread your sensitive data across multiple clouds?
– Redundancy could increase risk of exposure
Minimize Multi-tenancy
• Can’t really force the provider to accept less tenants– Can try to increase isolation between tenants
• Strong isolation techniques (VPC to some degree)– C.f. VM Side channel attacks (T. Ristenpart et al.)
• QoS requirements need to be met
• Policy specification
– Can try to increase trust in the tenants• Who’s the insider, where’s the security boundary?
Who can I trust?
• Use SLAs to enforce trusted behavior
38
Mitigating Data Loss Risks
• The risk of data loss (as in the T-Mobile Sidekick case) is an exception to the availability discussion on the preceding slide. Users may be able to tolerate an occasional service interrup-tion, but non-recoverable data losses can kill a business.
• Most cloud computing services use distributed and replicated global file systems which are designed to insure that hardware failures (or even loss of an entire data center) will not result in any permanent data loss, but I believe there is still value in doing a traditional off site backup of one's data, whether that data is in use by traditional servers or cloud computing servers.
• When looking for solutions, make sure you find ones that backs up data FROM the cloud (many backup solutions are meant to backup local data TO the cloud!)
39
Choice of Cloud Provider
• Cloud computing is a form of outsourcing, and you need a high level of trust in the entities you'll be partnering with.
• It may seem daunting at first to realize that your application depends (critically!) on the trustworthiness of your cloud providers, but this is not really anything new -- today, even if you're not using the cloud, you already rely on and trust:
-- network service providers,-- hardware vendors,-- software vendors,-- service providers,-- data sources, etc.Your cloud provider will be just one more entity on that list.
Questions