public cloud computing vs. private cloud ... public cloud computing vs. private cloud computing: how

Download Public Cloud Computing vs. Private Cloud ... Public Cloud Computing vs. Private Cloud Computing: How

Post on 01-Feb-2020

4 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Public Cloud Computing vs. Private Cloud Computing: How Security Matters 1

    Public Cloud Computing vs. Private Cloud Computing:

    How Security Matters

    Research Paper

    Public Cloud Computing vs. Private Cloud Computing:

    How Security Matters

    Delvis Simmonds

    Alli Wahab

    Cameron University

    IT Capstone

    Dr. Diaz Gomez

    April 27, 2012

  • Public Cloud Computing vs. Private Cloud Computing: How Security Matters 2

    Table of Contents

    Abstract ...................................................................................................................... 3 Introduction……………………………………………………………………………………………………………….3

    The growth of Cloud Computing .................................................................................. 5 Public Cloud Security Issues ................................................................................................................................ 7

    Private Cloud Computing ............................................................................................ 9 Private Cloud Security Issues .............................................................................................................................. 9

    Concise comparison .................................................................................................. 10

    Conclusions & Future Work ....................................................................................... 11

    Bibliography ............................................................................................................. 12

  • Public Cloud Computing vs. Private Cloud Computing: How Security Matters 3

    Public Cloud Computing vs. Private Cloud Computing:

    How Security Matters

    Delvis Simmonds, Alli Wahab

    Computing and Technology Department, Cameron University, Lawton, OK, USA

    Abstract Cloud computing has promised to enhance efficiency, flexibility, greater agility,

    less capital expenditure and to overcome geographic limitations to compete in a global

    market. If adopted and implemented, businesses would require not only new

    architectures, but also new ways to procure IT services. More and more companies are

    shifting to Cloud based services, but at the same time they are concerned about the

    security risks. One thing that is really unclear to many is the understanding of what a

    Cloud really is. Hopefully after the definitions and illustrations of Cloud computing are

    given you will understand it better. Much attention will be given to public and private

    Cloud computing issues; as more businesses today utilize Cloud services and

    architectures, more threats and concerns arise.

    Introduction Cloud computing represents a major change in how we store digital information

    and run computer applications hosted in the “Cloud” (Miller, 2009). While still a

    buzzword, the Cloud seems to be confusing, and the concept tends to evoke multiple

    responses (Vorro, 2011). There are many definitions of Cloud computing, but they all

    focus on certain characteristics of it. The several definitions stem from the three main

    categories of Cloud computing which are Infrastructure-as-a-Service (IaaS), Platform-as-

    a-Service (PaaS), and Software-as-a-Service (SaaS).

    Furthermore, Cloud security is also a broad term and is of major concern. The security challenges Cloud computing presents are formidable, including those faced by public Cloud whose infrastructure and computational resources are owned and operated by an outside party that delivers services to the general public via a multi- tenant platform and for the private Cloud which is hosted on-premise, scales “only” into the hundreds or perhaps thousands of nodes, connected primarily to the using organization through private network links. Security concerns such as secure data transfer, secure software interfaces, secure stored data, user access control and data

    separation must be considered before moving to the Cloud (Beckham, 2011).

    Attempting to address security and privacy issues after implementation and deployment is not only much more difficult and expensive, but also exposes the organization to unnecessary risk (Julie, 2011). As a result, many companies remain skeptical about entrusting their data and computing tasks to outside vendors including

    Microsoft, IBM Smart Cloud, and Google. Every trade publication and analyst firm has

    done a survey of CIOs regarding Cloud adoption. Results showed that security was the

    top reason why CIOs are not too anxious about adapting to the Cloud (see Figure 1).

  • Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4

    Figure 1: The results in the graph above are gathered from a survey of CIOs,

    organizations and IT professionals, which was carried out by the International Data

    Corporation (IDC) in 2009. On a whole, the results have been quite steady up until now. The highest challenge/issue related to the Cloud is security. Security is not the only concern. Issues such as cost, availability, performance, and standardization are also very high considerations.

    This research paper will provide a definition of Cloud computing, the security

    issues related to public and private Cloud computing, and give a concise comparison of

    both models, focusing more on the security issues.

    Definition of Cloud computing The term Cloud computing entails many different notions. You will find that

    some definitions have more meaning than others; Gartner defines Cloud computing as

    being scalable, delivering IT-enabled services using the Internet (Gartner, 2012). On the

    other hand, The 451 Group sees Cloud computing as a set of business models and

    technologies that enables IT functions to be delivered and consumed via a third party.

    (Rhoton, J. 2011). Furthermore, Forrester defines Cloud computing as complex

    infrastructure that hosts end-customer applications and billed by consumption (Rhoton, J.

    2011).

    The definition mostly used today is the one expressed by the National Institute of

    Standards and Technology (NIST), which states: “a model for enabling convenient, on-

    demand network access to a shared pool of configurable computing resources (e.g.,

    networks, servers, storage, applications, and services) that can be rapidly provisioned and

    released with minimal management effort or service provider interaction” (Grance, T.,

    Mell, P., 2009).

    The NIST’s definition is much more detailed, and will be the one referenced to in this

    paper.

    Cloud computing is available in several service models. Each model has different

    levels of responsibility for security management. See Figure 2 below for a depiction of

    these service models.

  • Public Cloud Computing vs. Private Cloud Computing: How Security Matters 5

    Figure 2: Cloud computing models. Taken from (Buecker, Lodewijkx, Moss, Skapinetz, Waidner, 2009). Figure 2 above shows that Software as a Service (SaaS) provides a number of

    ways to control access to the Web portal, such as the management of user identities,

    application level configuration, and the ability to restrict access to specific IP address

    ranges or geographies. Platform as a Service (PaaS) allow clients to assume more

    responsibilities for managing the configuration and security for the middleware, database

    software, and application runtime environments. Infrastructure as a Service (IaaS)

    model transfers even more control, and responsibility for security, from the Cloud

    provider to the client; access is available to the operating system that supports virtual

    images, networking, and storage. (Buecker, Lodewijkx, Moss, Skapinetz, Waidner,

    2009).

    The growth of Cloud Computing Over the past two years, the number of Cloud-based services implemented in

    businesses has increased, according to a survey carried out in 2011 by Ernst and Young, a

  • Public Cloud Computing vs. Private Cloud Computing: How Security Matters 6

    global leader in assurance, tax, transaction and advisory services (see Figure 2).

    Figure 2: A global information security survey of organizations carried out in 2011 by

    Ernst and Young revealed a 13% growth in the number of organizations using Cloud-

    based services from 2010 to 2011. However, in 2011 there was a 16% negative growth

    for plans on using Cloud-based services (Ernst and Young, 2011).

    Previous Work The interesting debate of public Clouds vs. private Clouds has resulted in other

    research. In an article by Beth Schultz entitled “Public Cloud vs. private Cloud” 76% of

    IT-decision-makers would focus initially on the private Cloud, but private Clouds may

    not always be the best solution. The better approach is to evaluate specific applications,

    security and compliance considerations and then decide what is more appropriate for a

    private Cloud and what is more appropriate for a public Cloud. The size and type of the

    company are huge factors in the decision making process; if you are at a smaller

    company and don’t have a huge data

Recommended

View more >