CLOUD COMPUTING

Cloud can be understand by.

What is a cloud ? What it provides ?

What it includes ?
How we protect it?

CLOUD ENCOMPASSES..

Five essential characteristics Three cloud service models Four cloud deployment models

Five Essential Characteristics Are

On-demand service Get computing capabilities as needed automatically Broad Network Access Services available over the net using desktop, laptop, PDA, mobile phone Resource pooling Provider resources pooled to server multiple clients

Rapid Elasticity Ability to quickly scale in/out service

Measured service control, optimize services based on metering

Three Service Models are

Software as a Service (SaaS) o We use the provider apps o User doesnt manage or control the network, servers, OS, storage or applications Platform as a Service (PaaS) User deploys their apps on the cloud Controls their apps User doesnt manage servers, storage Infrastructure as a Service (IaaS)

Consumers gets access to the infrastructure to deploy their stuff Doesnt manage or control the infrastructure Does manage or control the OS, storage, apps, selected network components

Deployment Models Are.

Public Cloud infrastructure is available to the general public, owned by org selling cloud services Private Cloud infrastructure for single org only, may be managed by the org or a 3rd party, on or off premise Community Cloud infrastructure shared by several orgs that have shared concerns, managed by org or 3rd party

Hybrid Combo of two or more clouds bound by standard or proprietary technology

Sample Cloud

Cloud Security

What is cloud security? What is not cloud security?

Cloud Security is
A set of policies

technologies and controls which are designed to protect data and infrastructure from attacks A layered technologies that create a durable security net or Grid

Cloud Security is

The joint responsibility of an organization and its

cloud providers.
The influential parameters are:

Cloud delivery model Services deployed

Cloud Security is

Incident Response

Cloud apps arent always designed with data integrity, security in mind Provider keep app, firewall, IDS logs? Provider deliver snapshots of your virtual environment? Sensitive data must be encrypted for data breach regs

Cloud Security is
Application Security Different trust boundaries for IaaS, PaaS, Saas Provider web application security? Secure inter-host communication channel

Cloud Security is
Encryption and Key Management Encrypt data in transit, at rest, backup media Secure key store

Protect encryption keys Ensure encryption is based on industry/govt standards.

NO proprietary standard

Limit access to key stores Key backup & recoverability

Test these procedures

Cloud Security is.

Access Management
Determine how provider handles: Provisioning, deprovisioning Authentication Federation Authorization, user profile mgt

Cloud Security is
Virtualization What type of virtualization is used by the provider? What 3rd party security technology augments the virtual OS? Which controls protect admin interfaces exposed to users?

Cloud Security is not

A one-size fits-all solution A closed perimeter approach

Security Stack or elements to be protected

IaaS: entire infrastructure from facilities to HW PaaS: application, Middleware, database, messaging

supported by IaaS SaaS: self contained operating environment: content, presentation, apps, mgt

Security challenges for cloud environments

Step1: Start security planning early Step2: Identify vulnerabilities for your selected

Step3:
Step4:

Step5:
Step6: Step7:

service(s) Mitigate the security vulnerabilities Protect Data in motion, in process and at Rest Secure your platform Extend trust across Federated Clouds Choose the right Cloud Service Provider

Summary.
Security is not atomic issue Both Cloud provider and client responsible for

protection Decide on public or private cloud Public cloud implies loss of control

 Contact:

srinivasmekhala@gmail.com 9885353797