Chapter 8 CC For Enterprise Apps

Chapter 8
 Cloud computing is the most discussed topic

today in the field of information technology
 Introduces a new Internet-based paradigm
for on-demand, dynamic provision of
reconfigurable computing resources
 Its numerous applications attract many
people from different fields such as business,
industry and healthcare
CC services & applications

 It has the potential to transform how
computing resources (e.g. storage, servers,
processing, networking and apps) are
provisioned, managed and delivered to users
 It shifts the location of the hardware and
software resources from local computers to
the Internet to reduce the costs associated
with the management of these resources

 Instead of hosting apps and data on
individual computers, everything is hosted in
the Internet i.e., the cloud
 A type of web-based computing that frees
the user from the constraints of desktop
computing and opens up new forms of group
collaboration

 A recent study revealed that 41% of senior IT
professionals admit that they “don’t know”
what cloud computing is !!!
 “The interesting thing about Cloud Computing is that
we’ve redefined Cloud Computing to include
everything that we already do. . . . I don’t understand
what we would do differently in the light of Cloud
Computing other than change the wording of some of
our ads” Oracle’s CEO

 “A lot of people are jumping on the [cloud]
bandwagon, but I have not heard two people
say the same thing about it. There are multiple
definitions out there of the cloud.” HP’s Vice
President of European Software Sales
 Cloud Computing (CC): an excessively general
term that includes almost any solution allows
for the outsourcing of all kinds of hosting and
computing resources
 Many definitions [Vaquero et. al. ] studied
more than 20 definitions
 Cloud Computing: A pool of services provided
by a Cloud Service Provider (CSP) who can be
regarded as a company that leases to its
customers a number of reliable virtual
resources (hardware or software of any kind)
on their demand according to a certain
business model
 “Clouds are a large pool of easily usable and
accessible virtualized resources (such as hardware,
development platforms and/or services). These
resources can be dynamically re-configured to
adjust to a variable load (scale), allowing also for
an optimum resource utilization. This pool of
resources is typically exploited by a pay-per-use
model in which guarantees are offered by the
Infrastructure Provider by means of customized
Service Level Agreements (SLAs)”

 “Cloud computing is a model for enabling
convenient, on demand network access to a
shared pool of configurable computing
resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly
provisioned and released with minimal
management effort or service provider
interaction” – National Institute of Standards
and Technology
Broad network access Rapid elasticity
Essential
On-demand self-service Measured service Characteristics
access
Resource pooling
Software as a Platform as a Infrastructure as a Service Models

Service (SaaS) Service (PaaS) Service (IaaS)
Public Cloud Private Cloud

Deployment
Hybrid Cloud Community Cloud Models

 Cloud computing can transform a large part
of the IT industry
 Making software even more attractive as a
service
 Shaping the way IT hardware is designed and
purchased
 Software developers with new ideas for
Internet services no longer require expensive
hardware to deploy their services or the
human operators to manage them
 On-demand self Service: a consumer can
provision cloud services, such as web
applications, server time, processing, storage
and network as needed and automatically
without requiring human interaction with each
service’s provider
 Broad Network Access: cloud resources are
available over the network anytime and
anywhere and are accessed through standard
mechanisms that promote use by different types
of platform (e.g., mobile phones, laptops, and
PDAs).
 Resource Pooling: computing resources
are pooled into the cloud to provide
services to multiple users with different
reconfigurable computing resources
dynamically assigned and reassigned
according to user demand
 The resources available for provision often
appear to consumers to be infinite and can
be purchased in any quantity at any time.
 Rapid Elasticity: computing resources can be
rapidly and elastically provisioned to scale up,
and released to scale down based on
consumer’s demand

 Measured Services: cloud services are
measured, controlled and monitored by the
cloud provider typically through a pay-per-
use business model
 This is important for billing, access control,
resource optimization and capacity planning

 Virtualization: Virtualization technology
means hiding physical resources from
customers when using cloud applications
 Using this technology, physical resources are
converted into logical or virtual resources
which can be dynamically provisioned or
released on demand
 The management of physical resources is
completely isolated from that of virtual
resources
 Network-centric: Cloud computing paradigm
transforms the IT infrastructure from traditional
server-centric to a network-centric
 Network-centric paradigm concerned with
optimally sharing a set of distributed computing
resources
 Server-centric paradigm is about assigning
resources to applications to ensure that each
application continues to be serviced as if it has
access to all available resources on that server

 Multitenancy: a cloud provides services to
multiple users at the same time. Those users
share cloud resources at the network level,
host level and application level, however,
each user is isolated within his customized
virtual application instance

 Scalability: the infrastructure of cloud
computing is very scalable. Cloud providers
can add new nodes and servers to cloud with
minor modifications to cloud infrastructure
and software

 Reliability: is achieved in cloud computing by
using multiple redundant sites. High
reliability makes the cloud a perfect solution
for disaster recovery and business critical
tasks

 Cloud computing systems can be described in
terms of service models and deployment
models
 Service model describes types of services
provided by the cloud service providers
 Deployment model specifies the way these
services are used by consumers

 Is a Service-Oriented Architecture (SOA) that
describes the architecture of the Cloud
system in terms of types of services provided
by cloud providers to the customers
 These services are:
 Software as a Service (SaaS)
 Platform as a Service (PaaS)
 Infrastructure as a Service (IaaS)

SaaS
Gmail, Google Doc, Finance, Collaboration,
Communication, Business, CRM, ERP, HR
Ex. Zoho, Salesforce, Google apps
PaaS
Web 2 application run time, Java 2 run time, Developer tools,
Middleware
Ex. Windows Azure, Aptana, Google apps engine
IaaS
Servers, Storage, Processing power, Networking,
Ex. Amazon web service, Dropbox, Akamai

 In SaaS, applications are hosted as a service and
provided to customers across the Internet, with no
need to install and run on customer’s own computer
 Hosted applications can be accessed through web
browsers from various client devices such as laptops,
PDA and cell phones
 Multiple users can share the applications and avoid
the trouble associated with software maintenance,
upgrade and the need for additional licenses
 Examples SaaS providers are: Zoho, Salesforce.com,
Basecamp, Ulteo, and Google Apps.

 PaaS is a development platform that allows
cloud consumers to not only deploy but also
design, model, develop and test applications
directly on the Cloud.
 It supports work in group on collaborative
projects where project team members are
geographically distributed.
 PaaS provides development infrastructure
including tools and programming languages.
 Examples PaaS providers are: Windows Azure,
Google Apps Engine and Aptana Cloud

 IaaS clouds extensively use virtualization
technology in order to encapsulate (hide detail
of) the physical computing resources provided
by data centers.
 cloud consumers can directly use independent
virtual machines that isolate the underlying
physical hardware of the cloud from them.
 consumers can dynamically provision/release
virtual computing resources based on their
increasing/decreasing resource demand.
 examples of existing IaaS providers are:
Dropbox, Amazon EC2, Mozy and Akamai
 The difference between SaaS and PaaS is
that in SaaS only completed applications are
hosted and deployed on the Cloud whereas
PaaS allows for both completed applications
to be hosted and in-progress applications to
be developed on the Cloud

Application Operating Virtual
Software System/ recourses/ HW
development
platforms
SaaS CSP CSP CSP
PaaS customer CSP CSP
IaaS customer customer CSP

 Deployment models describe how people and
organizations use different types of Cloud
services
 Four cloud deployment models have been
defined in the cloud community
 Public cloud
 Private cloud
 Community cloud
 Hybrid cloud
 Public Cloud is used by general cloud consumers and is
fully managed by the cloud service providers. Similar to
prepaid electricity public cloud is used in “pay-per-use”
basis, consumers can optimize their IT expenditure by
adjusting their use of cloud services based on their
demands.
 Public clouds are owned by the cloud service provider who
puts his policy, profit, and charging model. Many popular
cloud services are public including Amazon EC2, S3,
Google AppEngine, and Force.com.
 These clouds enable a consumer to develop and deploy a
service in the cloud with very little financial outlay
compared to the capital expenditure requirements
normally associated with other deployment options

 The cloud infrastructure belongs to and is
operated by only one organization. For instance,
academics often build private cloud for research
and teaching purposes.
 It may be managed by the organization or a
third party
 Private clouds provide firms with more secure
data storage and processing and full control over
critical activities. Moreover, it allows
organizations maximize and optimize the
utilization of computing resources

 The cloud infrastructure is jointly constructed,
used and owned by several organizations that
share the same mission, policy and security
requirements
 It may be managed by the organizations
themselves or a third party
 An example for a promising application for
community cloud is a national health cloud
where electronic health records for patients are
kept on the Cloud and are shared by authorized
health organizations

 The cloud infrastructure is a mixture of private and
public clouds
 A private cloud is linked to one or more public clouds,
allowing for data and application portability
 The combination is centrally managed as single unit,
yet each Cloud remains a unique entity.
 Organizations use the hybrid cloud model in order to
optimize their resources by margining out auxiliary
business tasks onto the public cloud while controlling
core activities on-premise through private cloud.
Standardization and interoperability are issues that
should be considered when deploying hybrid cloud
Deployment scope of services owned by managed by security
model level
public general public and large CSP CSP low

industry groups
private single organization single CSP or high

organization single
organization
community organizations that share the several CSP or high

same mission, policy and organizations several
security requirements organizations
hybrid organizations and public organizations CSP or medium

and CSP organizations

 Gmail: is an email service that provides users
with 25GB storage, less spam and mobile access.
It has an integrated chat applet that stores
conversation in the form of email.
 Google Adwords and AdSense: which are
advertising tools.
 Picasa: which is a tool used to exhibit product
and uploading their images in the cloud.
 Google analytics: is used to monitor the traffic
come onto a website.

 Google Docs: is a service that allows users to
create spread sheets, word documents and
power point presentations and store them on
the cloud servers.
 The documents are available online so that they
can be accessed from anywhere and at anytime.
 This helps team members located in different
countries to cooperate in completing their work.
 Google docs are secure since the files are
encrypted using advanced encryption
technology and are only accessed by authorized
users.
 Windows Azure: a windows environment for
storing data and running applications in the
cloud.
 SQL Azure: is a relational database services in
the cloud that use a special version of Microsoft
SQL server.
 Windows Azure AppFabric: provides an
infrastructure for applications that run in the
cloud or inside an organization.
 Windows Azure Marketplace: is an online market
to buy and sell application software and data.

 Amazon Elastic Compute Cloud (Amazon EC2):
a web service that provides configurable
computing resources in the cloud.
 Amazon Simple Storage Services (Amazon S3):
a scalable, secure and reliable storage for the
Internet that can be used to ubiquitously store
and retrieve data of any size on the web.
 Amazon Virtual Private Cloud (Amazon VPC):
connects the company’s existing IT
infrastructure to AWS cloud via a Virtual Private
Network (VPN).

 Amazon CloudFront: is a web service for
content delivery that transfers customer’s
data with high speed and minimum delay
using a global network of edge locations.
 Amazon Route 53: is a scalable and highly
available DNS service.
 Amazon Relational Database Services
(Amazon RDS): is a web service that helps
manage a relational database in the cloud.
 Amazon Simple DB: provides the core database
functions.
 Amazon Simple Queue Service (Amazon SQS): is a
scalable, reliable, hosted queue for storing
messages.
 Amazon SNS: is a web service that helps manage
and send notifications from the cloud.
 Amazon Elastic MapReduce: is a web service that
enables customers to process vast amount of
data on the Cloud.

 HP Cloud Compute: provides elastic scalable
virtual servers that can be customized on user’s
demand as the workload changes.
 It allows customers to save time wasted in
resource configuration and to save money since
customers only pay for resources they
provisioned.
 It also provides an open standards environment
that ensures portability and prevents vendor
lock-in and allows for collaborative work.

 HP Cloud Object Storage: an online massive
storage capacity that allows customers to
store large amount of data such as audio and
video files.
 It can be scaled up and down on-demand to
meet storage change needs and it achieves
reliability by replicating objects many times
in multiple availability zones so that
customers can access their data when they
need it.
 HP Cloud Block Storage: allows customers to
store data on HP Cloud resources for as long
as they need and easily move it from one
compute resource to another.
 HP Cloud CDN: CDN refers to Content
Delivery Networks and it is a web service that
delivers data from HP Cloud Object Storage
to customers around the world at high speed
using global network of servers from HP and
Akamai.
 HP Cloud Relational Databases for MySQL: is a
web service that provides on-demand access
to relational structured databases.
 HP Cloud Identity Service: provides a single
method for managing HP cloud users’
identities and authentication.

 Service Cloud: is a platform for customer services
that allows for thousands of conversations on
the Cloud. It provides different conversation
tools that help empower CRM around the world
such as Online communities, Social networks,
Phone, email & chat, Partners and Search.
 Sales Cloud: provides a comprehensive and easy
to customize tools that deliver information to
users in real time, at anytime and from
anywhere. These tools include: Chatter, Mobile,
Files & libraries, AppExchange and Marketing &
leads.
 CC for e-learning applications
 CC for ERP
 CC for e-government applications

Cloud computing for e-government
Faculty Staff
The Cloud
Simulation Tools Files

E-mail, chats Broadcasting Digital Library
Class Recording Virtual Classroom Education

Forums
Virtual Labs Surveys Online Exams
Shared Virtual Collaborative

Multimedia Interactive Conference & Applications
Whiteboard Meeting
Researchers Students

Large Scale
Organization
The Cloud
Supply Chain & Vendor Projects & HR Management

Management Tools
Customer Relationship Finance & Manufacturing, Production &

Management (CRM) Accounting Delivery Management
Small Scale Medium Scale

Organization Organization

Governments Business
G2G G2B
The Cloud
Complaint Resolution Employee Management Education Management

System System System
E-police, E-court Water, Electricity, Gas
Payment & Tax System Healthcare & Insurance Transportation

System Management System
Agriculture and Food Industry and Energy
Consumers Enterprise
G2C G2E

 The biggest challenge in cloud computing is
to successfully address the security and
privacy issues associated with their
deployment
 During August 2009 the International Data
Corporation (IDC) conducted a survey to rank
cloud computing challenges
 The results of the survey illustrated that
security is the biggest concern in cloud
computing
Mainly due to
 Multi-tenancy nature of CC
 Outsourcing of sensitive data, critical
applications and infrastructure onto the cloud

 Organizations and individuals are concerned
on how security and privacy can be
maintained in the new cloud environment
 Organizations have strict constraints on
putting their sensitive data and critical
applications on public clouds

 Efficient approaches should be employed to
ensure that customers can continue to have
the same security controls over their
applications
 Cloud Service Providers (CSPs) should be able
to provide evidence to their customers that
their data and applications are secure and
they can meet Service Level Agreements
(SLA)
Three essential security components:
 Security and privacy requirements: identifies
security and privacy requirements for the cloud
such as authentication, authorization, integrity,
etc.
 Attacks and threats: warns from different types
of attacks and threats to which clouds are
vulnerable
 Concerns and risks: pay attention to risks and
concerns about cloud computing
 Identification and Authentication
 Authorization and Access control
 Confidentiality
 Integrity
 Non-repudiation
 Availability
 Compliance
 Monitoring and Audit
 Transparency
 Identification and Authentication: users
should be individually verified and validated
by employing usernames and passwords to
protect their profiles on the cloud
 Authorization: is used to control access
priorities, permissions and resource
ownerships of the users on the cloud. Each
cloud user is granted privileges based on his
account type
 Confidentiality: ensures that information is
accessible only to those authorized to have
access. Confidentiality becomes vital in public
clouds due to its accessible nature
 Integrity: ensures that data has not been
tampered with (unauthorized deletion,
modification, theft or fabrication)
 Non-repudiation: ensures that the sender of
a message cannot deny the message was sent
and that the recipient cannot complain the
message was received

 Availability: refers to cloud data, software and
also hardware being available, usable and
accessible to authorized users upon demand
 Compliance: ensure compliance with
regulations, laws, general legislation, sector-
specific rules and contractual obligations
 Monitoring and audit: cloud customers should
be able to define their control requirements,
understand internal monitoring process and
analyze external audit report

 Transparency: the operation of the cloud
should be sufficiently clear to users, they
must be able to get a clear overview of where
and how their data will be handled, they also
must be able to determine who the CSP is
and where his responsibility ends

 Denial of service attacks (DoS): occur when
cloud attackers send a lot of malicious
requests to the cloud and consume its
available resources that provide customers with
services - IaaS
 Cloud injection attacks: attempt to create
malicious service implementation modules or
virtual machine instances for the opponent to be
executed against intention. Examples for these
modules are SQL injection, OS command
injection and cross site scripting - PaaS

 Browser-based attacks (Wrapping attacks):
a browser attacker alters the signature and
encryption of SOAP messages - SaaS

 Cloud Security Alliance (CSA) defined the top
seven threats in cloud computing

 Abuse and Nefarious Use of Cloud Computing
 Insecure Interfaces and APIs
 Malicious Insiders
 Shared Technology Issues
 Data Loss or Leakage
 Account or Service Hijacking
 Unknown Risk Profile

Attacks and threats Countermeasures
Wrapping attacks Increase security during message passing from the web
server to the web browser by using the SOAP message
Cloud injection attacks Use hash algorithms
Metadata spoofing attacks Use verification techniques
Denial of Service (DoS) Provide more computational power and resources
Abuse and Nefarious Use of Improve credit card fraud detection-Apply strict
Cloud Computing registration and validation rules-Perform extensive
examination of network traffic
Insecure Interfaces Analyse the security model of the API- Employ strong
authentication, access control and encryption techniques-
Understand the dependency chain of the API
Malicious Insiders Require transparency in all information security issues-
Define security breach notification processes- Enforce
strict hiring requirements and HR assessment
Attacks and threats Countermeasures
Shared technology Conduct vulnerability scanning and remediation- Promote
strong authentication and monitor unauthorized activities-
Implement security best practice for installation and
configuration
Data Loss or Leakage Implement strong API access control, key generation and
encryption techniques- Provide backup and retention strategies-
Analyse data protection at both design and run time.
Account or Service hijacking Employ 2FA- Understand CSPs security policies and SLAs-
Forbid sharing of account credential
Unknown Risk Profile Monitor on necessary information, Disclose applicable data,
logs and infrastructure detail

 Loss of governance: refers to the loss of
control by cloud customers on the services
that is provided by CSPs which may cause
security gaps in data availability, integrity and
confidentiality
 Lock-in: due to lack of standardization, cloud
customers are unable to move their programs
and data between CSPs

 Lack of compliance: CSPs may not be able to
provide evidence for compliance to their
customers and may not permit them audit
the cloud processes
 Data remanence: refers to the residual
representation of data that has been erased
from the cloud which may lead to disclosure
of private data

 The well-known Gartener’s seven security
risks that customers should discuss with
vendors before selecting a cloud computing
system

 Privileged user access: ask your CSP to
inform you about people who manage and
access your data
 Regulatory compliance: make sure that your
CSP undergoes external audits and security
certification
 Data location: make sure that your CSP
commits to obey local privacy requirements
in data storing and processing on behalf of his
customers
 Data segregation: refers to the separation of
data to ensure that each cloud customer
accesses his information only without
affecting other customer’s information
 Make sure that your CSP uses encryption in
data segregation or aggregation and tests
the encryption schemes by security experts

 Data Recovery: ask your CSP about the
ability to restore and recover data if a disaster
occurred
 Investigative support: investigation of illegal
activities is difficult in cloud computing
because of its multitenancy nature
 Long-term viability: ask your CSP about the
fate of your data if he went out of business

Risk Mitigation
Lack of governance Carefully execute SLAs
Lock-in Use standard cloud API to achieve
portability between CSPs
Lack of compliance Perform regular audits for compliance-Let
customers be aware of how CSPs adhere to
laws and regulations.
Data remanence Ensure the deletion of data after use of
cloud service.

Risks Mitigation
Privileged Monitor authorized users activities, restrict admin
user access hiring.
Data location Provide consumers with information about where
their data stored and processed.
Data Use encryption and distributed storage to prevent
segregation data seize.
Data recovery Backup data at other data centres
Long term Apply insurance when cloud service is no longer
availability provided

 A generic CC security model that helps satisfy
security and privacy requirements in clouds
and protect them against various
vulnerabilities
 Four security components
 Verification and Validation (V&V) Unit
 Privilege Control Unit
 Data Protection Unit
 Attacks Detection/Prevention Unit
 Authenticate users and ensure the
correctness of data and services on the cloud
 Possible security techniques
 Digital signature
 One Time Password (OTP)
 Two Factor Authentication (2FA)

 control cloud usage by different individuals
and organizations and ensures data integrity
and confidentiality
 Encryption/Decryption algorithms such as AES
and RC4
 Hash functions and Message Authentication Code
(MAC) provide data integrity

 Protect data from loss, damage and leakage
 Replication techniques
 Secure storage techniques

 Protect clouds from attacks and malicious
behaviors that threaten both data and
physical and virtual computing resources of
the cloud
 intrusion detection systems and firewalls to
protect against intruders, viruses and malware
 high availability techniques such as dynamic
server and load balancing to protect against DDoS
attacks

Chapter 8 CC For Enterprise Apps

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Chapter 8 CC For Enterprise Apps

Hochgeladen von

Copyright:

Verfügbare Formate

Chapter 8

 Cloud computing is the most discussed topic

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

Software as a Platform as a Infrastructure as a Service Models

Public Cloud Private Cloud

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

public general public and large CSP CSP low

private single organization single CSP or high

community organizations that share the several CSP or high

hybrid organizations and public organizations CSP or medium

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

Simulation Tools Files

Class Recording Virtual Classroom Education

Virtual Labs Surveys Online Exams

Shared Virtual Collaborative

CC services & applications

Supply Chain & Vendor Projects & HR Management

Customer Relationship Finance & Manufacturing, Production &

Small Scale Medium Scale

CC services & applications

Complaint Resolution Employee Management Education Management

E-police, E-court Water, Electricity, Gas

Payment & Tax System Healthcare & Insurance Transportation

Agriculture and Food Industry and Energy

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications

CC services & applications