Cloud Based Computing

Text / Reference Books

1. Michael Miller, Cloud Computing: Web-Based Applications That Change the Way You Work
and Collaborate Online, Que Publishing, August 2008.
2. Haley Beard, Cloud Computing Best Practices for Managing and Measuring Processes
for On- demand Computing, Applications and Data Centers in the Cloud with SLAs
Emereo Pty Limited, July 2008.
3. Cloud Security and Privacy-An Enterprise perspective on Risks and Compliance by Tim Mather
Subra Kumaraswamy, and Shahed Latif.

Focus on.
Cloud Computing Infrastructure
Security
Cloud Storage and Data Security
Identity Management in the Cloud
Security Management in the Cloud
Privacy
Audit and Compliance
Cloud Service Providers
Security as a Service
Impact of Cloud Computing

Impact
How are the following communities Impacted by the
Cloud?
Individual Customers
Individual Businesses
Start-ups
Small and Medium sized businesses
Large businesses

Governance
Five layers of governance for IT are Network, Storage
,Server, Services and Apps
For on premise hosting, organization has control over
Storage, Server, Services and Apps; Vendor and
organization have share control over networks
For SaaS model all layers are controlled by the vendor
For the IaaS model, Apps are controlled by the
organization, Services controlled by both while the
network, storage and server controlled by the vendor
For PaaS, Apps and Services are controlled by both while
servers, storage and network controlled by the vendor

Barriers

Security
Privacy
Connectivity and Open access
Reliability
Interoperability
Independence from CSP (cloud service provider)
Economic value
IR governance
Changes in IT organization
Political issues

Cloud Computing
Infrastructure Security
Infrastructure Security at the Network Level
Infrastructure Security at the Host Level
Infrastructure Security at the Application Level
Note: We will examine IaaS, PaaS and SaaS Security issues at
Network, Host and Application Levels

Security at the Network

Level
Ensuring Data Confidentiality and Integrity of the
organizations data, when it is in transit to and from
the public cloud provider
Ensuring Proper Access Control (Authentication,
Authorization, Auditing) to resources in the public
cloud
Ensuring Availability of the Internet facing resources
of the public cloud used by the organization
Replacing the established Network Zones and tiers
with domains
How can you mitigate the risk factors?

Ensuring Data Confidentiality and Integrity

Resources and Data confined to private network are
now exposed to Internet(Public) and to a shared public
network belonging to a third-party cloud provider.
For Ex : AWS Security Vulnerability reported in Dec2008, The author detailed a flaw in the Digital Signature
algorithm used when .Making a Query requests to
Amazon Simple DB, AC2, or Amazon Simple Query
Service over HTTP.
Although use of HTTPS mitigated the integrity risks, but
user using HTTP did face an increased risk that their
data could have been altered in transit without their
knowledge.

Ensuring Proper Access Control

Resources are now exposed to Internet(Public),
Organizations faces increase in risk to its data.
The ability to audit the operations even after the
fact, is probably non existent.
For Ex: Reassigning IP Address (Ageing)
CSP dont age IP addresses, when they are no
longer needed to one customer.
CSP can Reused them, only after Clearing the
ARP Caches.

Ensuring Availability of the Internet facing

resources
Network Security has increased because an increased amt
of data or an increase number of organizational personnel
now depend on externally hosted devices to ensure the
availability of cloud-provided resources.
Misconfiguration mistake, may affect the availability of
CSP resources.
(for Eg : Pakistan telecom(2008)/You tube).

DNS Configuration :- Several forms of DNS Attacks to

worry about with regard to cloud computing, which arent
new and are not directly related to use of Cloud
computing.

DoS and DDoS : will increase risk of availability at network

level (AWS making the services unavailable for hours at a
time to AWS Users)

Replacing the established Network Zones

Traditional model of Network zones and tiers no
longer exists in public IaaS and PaaS Clouds.
Network Security has relied on zones i.e only
individuals and systems in specific roles have
access to specific zones.
For Eg: System @ Presentation tier are not allowed to
Communicate directly with systems in Database tier, but
can communicate only with an authorized system within
the application zone.

In cloud, these models are replaced with Security

groups, Security Domains or Virtual Data Centers.

How can you mitigate the risk factors?

Network-level risks exist regardless of what aspects of
Cloud-Computing services are being used, rather
whether the organization intends to use them as
Public/Private/Hybrid.
If organization is large enough to afford the resources
of a private cloud, then risks will decrease.
Confidentiality risks can be reduced by Encryption
AAA is difficult to mitigate with cloud computing,
unless organizations is using a Private Cloud i.e.,
internal to its topology.

Security at the Host Level

When Reviewing Host Security and Assessing Risks,
need to consider the Context of cloud Service
Models and Deployment model.
Some Virtualization Security Threats (VM Escape,
System Configuration drift and Insider threats by the way of
weak access control to the hypervisor) will carry into

Cloud environment.
Dynamic nature of Cloud Computing (Elasticity)
brings new operational challenges from a security
management perspective.
CSP should focus on the following
SaaS and Paas Host Security
IaaS Host Security

Security at the Host

Level
Host security at PaaS and SaaS Level
Both the PaaS and SaaS hide the host operating system
information from end users(not interested to share publically)
Hackers can exploit that information when they are trying
to intrude into the cloud service.
Customer can ask the vendor to share information under
NDA(Non Disclosure agreement)
CSP has to ensure that appropriate preventive and
detective controls are in place and will have to ensure the
same via a third-party assessment.
Virtualization is a key enabling technology that improves
h/w utilization.
Customer should understand how the provider is using
virtualization technology and the providers process for
securing the virtualization layer.
Host security responsibilities in SaaS and PaaS are

Security at the Host

Level
Host security at IaaS Level
IaaS customers are responsible for securing the
hosts provisioned in the Cloud.
Host security in IaaS should be categorized as
follows:
Virtualization software security
Hypervisor security
Threats: Blue Pill attack on the hypervisor

Customer guest OS or virtual server security

Attacks to the guest OS: e.g., stealing keys used to
access and manage the hosts

Security at the Host Level

Virtualization software security
A S/w Which sits on top of barematel and permits customer
to create and destroy virtual instances.
Virtualization at Host level can be accomplished as follows:
OS-Level Virtualization (Solaris containers, BSD Jails, LinuxVservers)
Para Virtualization (combination of H/w version and
versions of Xen and VMWare)
H/W based Virtualization (Xen, VMWare, Microsoft Hyper-v)
Customers dont have access to this software layer, and
managed by CSP.
Hypervisor security
Threats: Blue Pill attack on the hypervisor

Security at the Host Level

Customer-guest OS or Virtual Server Security
The Virtual instance of an OS that is provisioned on top of the
virtualization layer and is visible to customers from the internet
Customer has full access to virtualized guest VMs that are
hosted & isolated from each other by hypervisor technology.
Customer are responsible for securing and ongoing security
management of the guest VM.
A Public IaaS (EC2) offers WAPI to perform management
functions
( provisioning, decommissioning, and replication)
New host security threats in public IaaS include:

Stealing keys used to access and manage hosts (SSH private keys)
Attacking unpatched, vulnerable services listening on standards ports
Hijacking Accounts that are not properly secured (weak/no passwords)
Attacking systems that are not properly secured by host firewalls
Deploying Torjans embedded in the s/w component in the VM

Security at the Host Level

Securing Virtual Servers
Use a secure-by-default configuration
Track the inventory of VM images and OS Versions that are prepared for
cloud hosting
Protect the integrity of VMs images from unauthorized access
Safeguard the private keys required to access hosts in the public cloud
Isolate the decryption keys from the cloud where the data is hosted, unless
it is necessary for decryption
Include no authentication credentials in VMs except for a key to decrypt
the file system key.
Dont allow password-based authentication for shell access
Install a host-based security
Enable System auditing and event logging and log the security events to a
dedicated log server.
Require passwords for sudo or role-based access.
Run a host firewall and open only the minimum ports necessary to support
the services
Periodically review logs for suspicious activities.

Security at the Application Level

Usually its the responsibility of both the CSP and the
customer
Application security at the SaaS level
SaaS Providers are responsible for providing application security

Application security at the PaaS level

Security of the PaaS Platform
Security of the Customer applications deployed on a PaaS
platform

Application security at the IaaS Level

Customer applications treated a black box

IaaS is not responsible for application level security
DoS and EDoS
End User Security( Web Browser Security)

Cloud Storage and Data Security

Aspects of Data Security
Data Security Mitigation
Provider Data and its Security

Aspects of Data Security

Security for

Data in transit (HTTPS,SCP-(Secure Copy Program))

Data at rest (IaaS, but PaaS and SaaS)-Encryption
Processing of data including Multitenancy (Unencrypted)
Data Lineage (Where and When exactly, specifically located)
Managing applications data flows/data path visualization

Data Provenance (Integrity, Computationally accurate)

Data remanence
(residual representation of data that has been normally
erased or removed) commit/rollback

Solutions include encryption, identity management,

sanitation
Sanitation : Removing data from media before reusing the
media in an environment that doesnt provide an acceptable
level of protection .

Data Security Mitigation

Even through data in transit is encrypted, use of
the data in the cloud beyond simple storage will
require decryption.
That is, cloud will have unencrypted data

Mitigation
Sensitive/ Regulated data cannot be stored in a public
cloud.
(or) Encrypted data placed into the cloud for simple
storage.
Homomorphic encryption may be a solution in the future

Provider Data and its

Security

What data does the provider collect e.g.,

metadata, and
how can this data be secured?
What access do customer had.!

Data security issues

Access control, Key management for encrypting

Confidentiality, Integrity and Availability are

objectives of data security in the cloud.
At Network Level (Provide will do)
Collecting, Monitoring, Protecting Firewall, Intrusion
prevention system(IPS), Security incident and Event
Management(SIEM) etc.,

At Host level
System log files

At Application Level

Cloud Storage
Data stored in cloud(Storage-as-a-Service) will refer
to IaaS and not associated with an application
running in cloud on PaaS and IaaS.
The Same 3 security concerns are associated with
data stored in cloud as with data stored else where
Confidentiality
Integrity
Availability

Confidentiali
ty

Two Potential concerns for data confidentiality

What access control exists to protect the data
Authentication (Username + Password) weak mechanism by CSP
Authorization (access controls available to users)

Is Customer data actually encrypted when it is stored in cloud?

What encryption algorithm and with what is the key strength?
For Ex: AWS S3 doesnt encrypt a customers data, so customers are able to
encrypt their own data themselves prior to uploading, but S3 doesnt
provide encryption.

If CSP does encrypt a customers data, then next to be

concerned is what encryption algorithm it uses?
Will they uses symmetric (Speed & Computational efficiency to handle
larger volumes) /Asymmetric keys.
What should be the length of the key
Who has to Manage the Key (CSP/Customer)

Key Management

Custom
er/CSP

Custom
er/CSP

Key Management

Custom
er/CSP

Custom
er/CSP

Integrit
y
Confidentiality doesnt mean Integrity (Consider 2 Aspects)
Data can be Encrypted for confidentiality, but for Integrity,
requires the use of Message Authentication Codes(MACs).
The Simplest way to use MACs is to use block symmetric
algorithm in CBC mode and include one-way hashing
function.
It is the one reason why Effective Key management is
difficult.
Cloud Customer ask CSP about Key Management?
If Customer had Bulk Storage using IaaS in Cloud, How
does he check for Integrity?
Soln : To validate data Integrity when data remains in
cloud (No downloading and reuploading)
i.e Transfer cost(Utilization of Bandwidth) and even he doesnt
know on which physical machines his data is stored.

Availability
Apart from Confidentiality and Integrity of
Customers data, we must also concern about the
Availability.
The 3 major Threats (all are familiar)
Availability w.r.t network-based Attacks
Availability @ CSP site (99.999%)
Availability w.r.t Backups

Identity and Access

Management (IAM) in the
Cloud
Trust boundaries
and IAM

Why IAM?
IAM challenges
IAM definitions
IAM architecture and practice
Getting ready for the cloud
Relevant IAM standards and protocols for cloud
services
IAM practices in the cloud
Cloud authorization management

Trust Boundaries and

IAM

In a traditional environment, Trust Boundary is

within the control of the organization and is Static.
Monitored and controlled by the Organizations IT
Dept (or) 3rd Party providers.
This includes the Governance Of The Networks,
Servers, Services, And Applications.
Access to the Network, Systems and Applications is
secured via network security controls including VPN,
IDS, IPS, and Multifactor authentication.

Trust Boundaries and

IAM
In a Cloud environment, the Trust Boundary is dynamic and
moves within the control of the Service Provider as well as
Organizations.
This Loss of Control continues to challenge the established
trusted governance and control model, and if not managed
properly, will impede cloud service adoption within in
organization.
To Compensate Loss of Control and Strengthen Risk Assurance,
Organizations will depend on Higher-level software controls
(Application Security/User Access Control), which can manifest
as strong authentication and authorization based on roles and
attributes like Identity federation, single sign-on, user activity
monitoring and auditing.
In particular, Organization needs to pay attention to the identity
federation architecture and processes, as they can strengthen
the controls and trust b/w organization and CSPs.

Trust Boundaries and IAM

Identity federation is an emerging industry best practice
for dealing with Dynamic and Loosely coupled trust
relationships in the collaboration model of an organization.
It enables the interaction of systems and applications
separated by an organizations trust boundary.
Core of the architecture is the directory service which is
the repository for the Identity, Credentials And User
Attributes .
It will play the central role n accelerating cloud computing
adoption within organizations.

Trust Boundaries and IAM

IAM is a 2-way Street:
CSPs need to support IAM Standards(SAML) and
Practices such as
Federation for customers to take advantage of and
extend their practice to maintain compliance with internal
policies and standards.
Cloud services that support IAM features i.e., federation
will accelerate the migration of traditional IT applications
from trusted corporate networks into a trusted cloud
service model.

For Customers, Well Implemented user IAM

practices and processes
protect the confidentiality and integrity and manage
compliance of the information stored in cloud.
Will accelerate the adoption of new cloud services and
migration of IT Applications from trusted corporate

Why IAM
Improves Operational Efficiency and Regulatory
Compliance Management
IAM enables organizations to achieve Access
Control And Operational Security
Cloud use cases that need IAM
Organization employees accessing SaaS service
using identity federation
IT admin access CSP management console to
provision resources and access for users using a
corporate identity
Developers creating accounts for partner users in
PaaS
End uses access storage service in a cloud
Applications residing in a cloud serviced provider

IAM Challenges
Provisioning resources to users rapidly to accommodate
their changing roles (Employees, Contractors, partners,
etc.,) based on their responsibilities.
Handle turnover in an organization.
Turnover varies by industry and function, i.e., seasonal
staffing fluctuations in finance depts, mergers and
acquisitions, new product and service releases, business
process outsourcing and changing responsibilities.
As a result, sustaining IAM processes can turn into a
persistent challenge.

Disparate directories, creating complex verbs, identities,

access rights and procedures, leads to inefficiencies in
user and access management processes while exposing
these to organizations to significant security, regulatory
compliance and reputation risks.
Need standards and protocols that address the IAM

IAM Definitions
Authentication
Verifying the identity of a user, system or service

Authorization
Privileges that a user or system or service has after
being authenticated (e.g., access control)

Auditing
Exam what the user, system or service has carried
out
Check for compliance

IAM
Architecture

IAM Architecture and

Practice
IAM processes to support business can be
broadly categorized as follows:
User Management (For Managing Identity
Life Cycles)
Activities for the effective governance and
management of identity life cycles

Authentication Management
Activities for the effective governance and
management of the process for determining
that an entity is who or what it claims to be

Authorization Management
Activities for the effective management of
the process for determining entitlement
rights that decide what resources an entity is
permitted to access in accordance with the

IAM Architecture and

Practice
IAM processes to support business can be
broadly categorized as follows:
Access Management
Enforcement of policies for access control in
response to a request from an entity wanting
to access an IT resource within the
organization.

Data Management And Provisioning

Propagation of identity and data for
authorization to IT resources via automated
or manual process.

Monitoring And Auditing

Monitoring, auditing, and reporting
compliance by users regarding access to
resources within the organization based on

IAM Practice
IAM process consists of the following
Operational Activities:
Provisioning
Credential And Attribute Management
Entitlement Management
Compliance Management
Identity Federation Management
Centralization Of Authentication And
Authorization

Identity Life Cycle

Management Phases

IAM Practice
IAM process consists of the following
Operational Activities:
Provisioning
This is the process of on-boarding users to systems
and applications.
IT provide users with necessary access to data and
technology resources.
Provisioning can be thought of as a combination of
the duties of the human resources and IT
departments, where users are given access to data
repositories or systems, applications, and databases
based on a unique user identity.
Deprovisioning works in the opposite manner,
resulting in the deletion or deactivation of an
identity or of privileges assigned to the user

IAM Practice
IAM process consists of the following
Operational Activities:
Credential And Attribute Management
These processes are designed to manage the life
cycle of credentials and user attributescreate,
issue, manage, revoketo minimize the business risk
associated with identity impersonation and
inappropriate account use.
Credentials are usually bound to an individual and are
verified during the authentication process.
The processes include provisioning of attributes,
static (e.g., standard text password) and dynamic
(e.g., one-time password) credentials that comply
with a password standard (e.g., passwords resistant
to dictionary attacks), handling password expiration,

IAM Practice
IAM process consists of the following
Operational Activities:
Entitlement Management
Entitlements are also referred to as authorization
policies.
The processes in this domain address the provisioning
and deprovisioning of privileges needed for the user
to access resources including systems, applications,
and databases.
Proper entitlement management ensures that users
are assigned only the required privileges (least
privileges) that match with their job functions.
Entitlement management can be used to strengthen
the security of web services, web applications, legacy
applications, documents and files, and physical

IAM Practice
IAM process consists of the following
Operational Activities:
Compliance Management
This process implies that access rights and privileges
are monitored and tracked to ensure the security of
an enterprises resources.
The process also helps auditors verify compliance to
various internal access control policies, and standards
that include practices such as segregation of duties,
access monitoring, periodic auditing, and reporting.
An example is a user certification process that allows
application owners to certify that only authorized
users have the privileges necessary to access
business-sensitive information.

IAM Practice
IAM process consists of the following
Operational Activities:
Identity Federation Management
Federation is the process of managing the trust
relationships established beyond the internal network
boundaries or administrative domain boundaries
among distinct organizations.
A federation is an association of organizations that
come together to exchange information about their
users and resources to enable collaborations and
transactions (e.g., sharing user information with the
organizations benefits systems managed by a thirdparty provider).
Federation of identities to service providers will
support SSO to cloud services.

IAM Practice
IAM process consists of the following
Operational Activities:
Centralization Of Authentication And
Authorization
A central authentication and authorization
infrastructure alleviates the need for application
developers to build custom authentication and
authorization features into their applications.
Furthermore, it promotes a loose coupling
architecture where applications become agnostic to
the authentication methods and policies.
This approach is also called an externalization of
authN and authZ from applications.

Getting Ready for the Cloud

Organization using a cloud must plan for
user account provisioning
How can a user be authenticated in a cloud

Organization can use cloud based

solutions from a vendor for IAM (e.g.,
Simplified)
Identity Management as a Service

Industry standards for federated identity

management
SAML, WS-Federation, Liberty Alliance

Relevant IAM Standards, Protocols

for Cloud
IAM Standards and Specifications for Organizations
SAML
SPML
XACML
OAuth (Open Authentication) cloud service X
accessing data in cloud service Y without disclosing
credentials

IAM Standards and Specifications for Consumers

OpenID
Information Cards
Open Authenticate (OATH)
Open Authentication API (OpenAuth)

IAM Practices in the Cloud

Cloud Identity Administration
Life cycle management of user identities in
the cloud

Federated Identity (SSO)

Enterprise an enterprise Identity provider
within an Organization perimeter
Cloud-based Identity provider

Cloud Authorization
Management

XACML is the preferred model for authorization

RBAC is being explored
Dual roles: Administrator and User
IAM support for compliance management

Cloud Service Provider and IAM

Practice
What is the responsibility of the CSP and the
responsibility of the organization/enterprise?
Enterprise IAM requirements
Provisioning of cloud service accounts to users
Provisioning of cloud services for service to service
integration
SSO support for users based on federation standards
Support for international and regulatory policy
requirements
User activity monitoring

How can enterprises expand their IAM

requirements to SaaS, PaaS and IaaS

Security Management in the

Cloud

Security Management Standards

Security Management in the Cloud
Availability Management
Access Control
Security Vulnerability, Patch and
Configuration Management

Security Management
Standards
Security Manage3ment has to be carried out in
the cloud
Standards include ITIL (Information Technology
Infrastructure Library) and ISO 27001/27002
What are the policies, procedures, processes
and work instruction for managing security

Security Management in the

Cloud

Availability Management (ITIL)

Access Control (ISIO, ITIL)
Vulnerability Management (ISO, IEC)
Patch Management (ITIL)
Configuration Management (ITIL)
Incident Response (ISO/IEC)
System use and Access Monitoring

Availability Management
SaaS availability
Customer responsibility: Customer must
understand SLA and communication methods
SaaS health monitoring

PaaS availability
Customer responsibility
PaaS health monitoring

IaaS availability
Customer responsibility
IaaS health monitoring

Access Control Management in the

Cloud

Who should have access and why

How is a resources accessed
How is the access monitored
Impact of access control of SaaS, PaaS and
IaaS

Security Vulnerability, Patch and

Configuration (VPC) Management
How can security vulnerability, patch and
configuration management for an organization
be extended to a cloud environment
What is the impact of VPS on SaaS, PaaS and
IaaS

Privacy

Privacy and Data Life Cycle

Key Privacy Concerns in the Cloud
Who is Responsible for Privacy
Privacy Risk Management and Compliance
ion the Cloud
Legal and Regulatory Requirements

Privacy and Data Life Cycle

Privacy: Accountability of organizations
to data subjects as well as the
transparency to an organizations
practice around personal information
Data Life Cycle
Generation, Use, Transfer, Transformation,
Storage, Archival, Destruction
Need policies

Privacy Concerns in the

Cloud

Access
Compliance
Storage
Retention
Destruction
Audit and Monitoring
Privacy Breaches

Who is Responsible for

Privacy
Organization that collected the information
in the first place the owner organization
What is the role of the CSP?
Organizations can transfer liability but not
accountability
Risk assessment and mitigation
throughout the data lifecycle
Knowledge about legal obligations

Privacy Risk Management and

Compliance

Collection Limitation Principle

Use Limitation Principle
Security Principle
Retention and Destruction Principle
Transfer Principle
Accountab9lity Principle

Legal and Regulatory

Requirements

US Regulations

Federal Rules of Civil Procedure

US Patriot Act
Electronic Communications Privacy Act
FISMA
GLBA
HIPAA
HITECH Act

International regulations
EU Directive
APEC Privacy Framework

Audit and Compliance

Internal Policy Compliance
Governance, Risk and Compliance
(GRC)
Control Objectives
Regulatory/External Compliance
Cloud Security Alliance
Auditing for Compliance

Audit and Compliance

Defines Strategy
Define Requirements (provide
services to clients)
Defines Architecture (that is
architect and structure services to
meet requirements)
Define Policies
Defines process and procedures
Ongoing operations

Governance, Risk and

Compliance
Risk assessment
Key controls (to address the risks
and compliance requirements)
Monitoring
Reporting
Continuous improvement
Risk assessment new IT projects
and systems

Control Objectives

Security Policy
Organization of information security
Asset management
Human resources security
Physical and environmental security
Communications and operations
management
Access control
Information systems acquisition,

Regulatory/External
Compliance

Sarbanes-Oxley Act
PCI DSS
HIPAA
COBIT
What is the impact of Cloud
computing on the above regulations?

Cloud Security Alliance

(CSA)
Create and apply best practices to
securing the cloud
Objectives include
Promote common level of
understanding between consumers and
providers
Promote independent research into best
practices
Launch awareness and educational
programs
Create consensus

Auditing for Compliance

Internal and External Audits
Audit Framework
SAS 70
SysTrust
WebTrust
ISO 27001 certification

Relevance to Cloud

Cloud Service Providers

Amazon Web Services (IaaS)

Google (SaaS, PaaS)
Microsoft Azure (SaaS, IaaS)
Proofpoint (SaaS, IaaS)
RightScale (SaaS)
Slaeforce.com (SaaS, PaaS)
Sun Open Cloud Platform
Workday (SaaS)

Security as a Service

Email Filtering
Web Content Filtering
Vulnerability Management
Identity Management

Impact of Cloud Computing

Benefits
Low cost solution
Responsiveness flexibility
IT Expense marches Transaction volume
Business users are in direct control of
technology decisions
Line between home computing
applications and enterprise applications
will blur

Threats
Vested interest of cloud providers

Directions
Analysts predict that cloud
computing will be a huge growth
area
Cloud growth will be much higher
than traditional IT growth
Will likely revolutionize IT
Need to examine how traditional
solutions for IAM, Governance, Risk
Assessment etc will work for Cloud
Technologies will be enhanced (IaaS,