f01.justanswer.com€¦ · Web view11.12.2012 · Cloud computing is the style of computing...

Running Head: Cloud Computing1

Cloud Computing

Wesam Al-Abssi

Colorado Technical University

Author Note

This paper was prepared for CSS410 Cloud Computing, Privacy and Security, taught by Makan

Diarra on December 9th, 2012.

Cloud Computing, Privacy and Security 2

Abstract

Many advances in learning technologies are taking place throughout the world; these

advances offer a range of tools and new opportunities to enhance teaching and learning by

enabling individuals to personalize their environments in which they work or learn. There is

growing acceptance of virtualization and cloud computing today across the world to meet the

rapidly changing economic needs and improve service delivery. Proponents suggest that the

cloud delivery model will help cut down on IT management cost, while providing greater

flexibility in maintaining security, reliability and compliance.


ContentsIntroduction..........................................................................................................................4

What is Cloud Computing?.................................................................................................5

Cloud Types.........................................................................................................................7

1- Public Cloud...........................................................................................................7

2- Private Cloud..........................................................................................................8

3- Community Cloud..................................................................................................9

4- Hybrid Cloud........................................................................................................10

Cloud services....................................................................................................................11

1- SaaS......................................................................................................................11

2- PaaS......................................................................................................................11

3- IaaS.......................................................................................................................11

Risks (disadvantages)........................................................................................................12

Benefits (Advantages).......................................................................................................13

Security Breaches..............................................................................................................14

Privacy in the Clouds.........................................................................................................15

Security Audit in the Cloud...............................................................................................17

The Jericho Cloud Cube Model.........................................................................................18

Data Breaches....................................................................................................................19


Introduction

Computers have become an indispensable part of life. We need computers everywhere, be it for

work, research or in any such field. As the use of computers in our day-to-day life increases, the

computing resources that we need also go up. For companies like Google and Microsoft,

harnessing the resources as and when they need it is not a problem. But when it comes to smaller

enterprises, affordability becomes a huge factor. With the huge infrastructure come problems like

machines failure, hard drive crashes, software bugs, etc. This might be a big headache for such a

community. Cloud Computing offers a solution to this situation. Cloud computing is a paradigm

shift in which computing is moved away from personal computers and even the individual

enterprise application server to a ‘cloud’ of computers. A cloud is a virtualized server pool,

which can provide the different computing resources of their clients. Users of this system need

only be concerned with the computing service being asked for. The underlying details of how it

is achieved are hidden from the user. The data and the services provided reside in massively

scalable data centers and can be ubiquitously accessed from any connected device all over the

world. Cloud computing is the style of computing where massively scaled IT related capabilities

are provided as a service across the Internet to multiple external customers and are billed by

consumption. Many cloud-computing providers have popped up and there is a considerable

growth in the usage of this service. Google, Microsoft, Yahoo, IBM and Amazon have started

providing cloud-computing services. Amazon is the pioneer in this field. Smaller companies like

Smug Mug, which is an online photo-hosting site, has used cloud services for the storing all the

data and doing some of its services. Cloud Computing is finding use in various areas like web

hosting, parallel batch processing, graphics rendering, financial modeling, web crawling,

genomics analysis, etc


What is Cloud Computing?

Cloud computing (CC) is a term for networked computers that deliver IT services over

the internet to many users in an on-demand environment. The type of services range from

adaptations of familiar tools to address customers' various needs, ranging from scientific research

to e-commerce, Commercial and individual cloud computing services are already available from

Amazon, Yahoo, Salesforce, Desktop Two, Zimdesk, and Sun Secure Global Desktop, while

Google's efforts in cloud computing have attracted a great deal of interest. (Bowers, L., 2011)

There are certain salient features of CC that are relevant to academics. However, it has to

be noted that any detailed technical aspects of CC are certainly out of the scope of this paper.

The concept of CC is not new, as cloud computing evolved out of earlier technologies for

distributed processing, such as "grid computing." Typically, the cloud computing infrastructure

resides in a large data center and is managed by a third party, who provides computing resources

as if it were a utility (such as electricity or water) - accessible by anyone, anywhere over a

network. The cloud is a metaphor for the internet; some people call it the World Wide Computer.

Actually, it is designed to work like a whole computer in the cloud and aimed at a wider

audience, including those who cannot afford their own computer. (Bowers, L., 2011)

The cloud computing model serves its clients with whatever they request for, whether it

is the internet, software applications, his or her personal files. It also allows users to access

supercomputer-level power.

loud computing is ultimately going to enable a significant transformation of education to

increase quality, increase access to educational resources, and at the same time lower costs ... I

think the next two to three years will really be about developing shared services, exploiting cloud


computing models, and really driving fundamental transformation in how we organize education

and deliver value to students and the education community. (Thomas, P. Y., 2011)

Other typical uses of cloud computing to academics are:

It can be used as a personal workspace.

A convenient tool to engage in the scholarship of teaching and learning.

Personal learning environments (PLEs) used by many people as an alternative to

institutionally controlled virtual learning environments (VLEs)/LMS with different

personalized tools to meet their own personal needs and preferences; as teachers we are

always learning.

Provides opportunity for ubiquitous computing.

No need for backing up everything to a thumb drive and transferring it from one device to

another.

No need to copy all stuff from one PC to another when buying a new one. It also means you

can create a repository of information that stays with you and keeps growing as long as you

want them.

Provides large amounts of processing power comparable to supercomputer level.

The cloud platform has evolved to include an array of providers whose offerings fall into

three broad categories: Software-as-a-Service (SaaS), Inf rastructure-as-a-Ser vice (IaaS), and

Platform-as-a-Service (PaaS) (Figure 1). There is no requirement for upfront capital expenditure

with any of these cloud configurations, so choosing the right cloud structure is a function of a

customer's need to communicate outside firewalls, need for mobile access, interest in limiting

upfront costs, scalability requirements, and high collaboration requirements. (Newton, J., 2010)


Cloud Types

1- Public Cloud (talk about it)


2- Private Cloud (talk about it)


3- Community Cloud (talk about it)


4- Hybrid Cloud (talk about it)


Cloud services

1- SaaS (talk about it)

2- PaaS (talk about it)

3- IaaS (talk about it)


Risks (disadvantages)

Need to talk about it


Benefits (Advantages)


Security Breaches


Privacy in the Clouds

Cloud privacy continuously evolves as does the methods to secure the information rich

environment. Ann Cavoukian has identified a security method known as “privacy-enhancing

technologies, (PET’s) (Cavoukian, 2008). This concept of PET’s was created to raise awareness

of privacy-enhancing technologies which targets systems designers and appointing them. So

much data is transferred and or accessed by individuals, organizations, and third party entities

that need to be secured. A greater portion of the data is personally distinguishable, which lies in

the hands of third party organizations. I was not able to identify anything that was new to cloud

security, and as much as I could research this article written in 2008. The word “trust” was

emphasized to give the user a little added assurance. Trust can only go so far, organizations have

to do more than trust hardware, software, third parties, or the personal devices that interface with

the Internet.

Centric identity was labeled as a security measure that can be implemented against cloud

attacks. “In user-centric identity systems, a user logs in to a Web site via a third party identity

provider, who passes on information at the user’s request” (CDT, 2009). User-centric identity

places the burden of security on the user. Once the user gives their credentials to a third party

identity provider they then pass the information along upon the user’s request. This method is

safer because the user is not directly logging on to the organizations website, their identity is

verified via third party then they pass it along as being safe. This method improves the way users

interact with organization information while leveraging current credentials for users.

In conclusion, the need to provide privacy is a critical aspect to cloud computing, however, some

privacy issues are related to system complexity and providing CIA. For example tracking

cookies associated with cloud computing are generally used for the following purposes (Lanois,


2011):

• Authentication purposes, such as to identify server-based sessions

• To store and maintain login and password information and similar data

• To administer users’ accounts

• To identify the browsers used

This leave data vulnerable to potential privacy risk with relation to the information in

tracking cookies as well as the data distributed throughout the CSP systems. For this reason it

would seem that it would be appropriate to outline some data privacy policies. While countries

like EU are enacting laws and regulation that protect personal data, the United States has been

slow to take a stance on the matter leaving the states to form a lay of protection.


Security Audit in the Cloud


The Jericho Cloud Cube Model

In the article Cloud Cube Model: Selecting Cloud Formations for Secure Collaboration by

Jericho Forum it is noted to “be wary of making a false assumption that Internal is more secure

than External. The effective use of both is likely to provide the most secure usage model” (N.A.,

2012).Therefore, it would not be as important to evaluate security as involving internal and

external implementations on an domain bases but rating and ranking the implementation based

on the collaborative needs then strategically aligning the implementation within the appropriate

controls. For example: where both internal and external domains collaborate or share data

traditional security approach of protecting the internal network from the external is seen as

limiting information flow to the intended parties because the intended parties could exist on

either ends of the spectrum (Anthes, 2010). By managing internal/external cloud security in a

manner that best suits the strategic alignment as they relate to organizational needs and business

functions. However, it is enviable that there will be an erosion of the network perimeter. This

concept equates to building security into the information infrastructure as well as taking an

outside-in approach (Jikumar, 2009).

The implementation of SAAS is accompanied with explicit list of vulnerabilities that

should be taken into account before considering it a more secure solution. These considerations

include: the governance and ownership; data security policies; data protection, location of data;

identity and access control; communications; service level and contract management; regulatory

compliance; vendor management (Ames, 2011). This list identifies the security issues

surrounding the SAAS as well as issues of evaluating the associated risk based on the traditional

outside-in security model. To combat these issues CSA(Cloud Security Alliance) illustrates an

audit program that consist of various layers to address security concerns at various layers. These


layers include: hardware and infrastructure layer, database layer, server layer, application layer,

network layer, and governance (Ames, 2011).

Data Breaches

Data Confidentiality and Integrity in the Public Cloud

One of the challenges of using the public cloud is data confidentiality and integrity. It could be

terrifying for a public cloud subscriber to surrender control of its sensitive data and depend

solely on the cloud provider to keep that data safe. But, if I were to move my data in the public

cloud, what was the first thing I could think of to make sure the confidentiality and integrity of

my sensitive information. I would ask the cloud provider for a stricter service level agreement

(SLA). This may include an agreement that the cloud provider will abide by and enforce all

legal policies and procedures while handling the sensitive information. Another way of ensuring

data integrity and confidentiality in the public cloud is by using good encryption.

According to Rubens, “The obvious solution to this integrity problem -- and one which

also provides confidentiality -- is to encrypt any data stored in the cloud. This will ensure you

data can't be maliciously modified, deter curious administrators or hackers from prying on your

data, and reduce the risk that cloud storage devices could be sold or reused while they still

contain confidential company information, he said. Make sure encryption keys are kept secure

and separate from the data. "Encrypting a volume won’t stop a hacker if the encryption key is

also easily available in the cloud (2011)." This means that the information stored in the cloud

needs to be encrypted so it can’t be modified and to prevent prying eyes from spying on your

data. (still need to talk more)

Data remanence is the data that is left, in other words is the residue or bits that are left

when a media or system is deleted (Mather, Kumaraswamy and Latif, 2009). Those pieces left of


the data could be used to reconstruct the data that was deleted (Krutz and Vines, 2010).

According to Bloomberg (2011), the data remanence issue gets very complicated when dealing

with cloud computing, due to the fact that you don’t have physical access to where your data is.

Schmelzer (2011) states, “But in a Cloud, you can never be sure that data is truly deleted, given

the multitude of distributed data stores, logs, temporary tables, caches, and who knows what

else” (para. 10).

Mather et al., (2009), talks about the risk data remanence has in the cloud and how can it

be “inadvertently exposed to an authorized party” (p. 64). No matter what type of cloud services

your using, the data can be compromise. Mather et al., (2009) states, “ When using SaaS or Paas,

the risk is almost certainly unintentional or inadvertent exposure” (p. 64). One thing that Mather

et al., (2009), discusses is the low attention that is pay to the data remanence by the cloud service

provider and how some of the cloud service providers don’t even discuss it in the service’s they

offer. No one is paying attention to this problem in the cloud, except for the hackers that will use

this data remanence that is left in the cloud to steal your data without you even knowing it

(Bloomberg, 2011).

Cloud providers should refer to the NIST special publication 800-88. This publication

will provide the cloud service providers with guidelines on how data security should be

accomplish (Mather et al., 2009). Even companies are using these guidelines to learn how to

secure the data (Mather et al., 2009)

Cloud Computing 2013

Look at this link please: http://cloud-computing.tmcnet.com/

http://cloud-computing.tmcnet.com/


Conclusion


Bibliography


References

Bowers, L. (2011). Cloud computing efficiency. Applied Clinical Trials, 20(7), 45-46,48-51.

Retrieved from http://search.proquest.com/docview/879724187?accountid=26967

Newton, J. (2010). Is cloud computing green computing? GPSolo, 27(8), 28-31.

Retrieved from http://search.proquest.com/docview/845231362?accountid=26967

Thomas, P. Y. (2011). Cloud computing. The Electronic Library, 29(2), 214-224. doi:

http://dx.doi.org/10.1108/02640471111125177

Ames, B. (2011). Auditing the cloud. Internal Auditor, 68(4), 35

Anthes, G. (2010). Security in the Cloud. Communications of the ACM, 53(11), 16-18.

doi:10.1145/1839676.1839683

Jikumar, V. (2009, February 9). RAS: Web, mobile apps erode network perimeter security.

Computer World. Retrieved October 20, 2012, from

http://www.computerworld.com/s/article/9010924/RSA_Web_mobile_apps_erode_netwo

rk_perimeter_security?taxonomyId=17&pageNumber=

N, A. (2012, September 6). Cloud cube model. In TheOpenGroup. Retrieved October 20, 2012,

from https://collaboration.opengroup.org/jericho/cloud_cube_model_v1.0.pdf

Cavoukian, Ann. (2008). Privacy in the clouds. Retrieved from http://www.icp.on.ca/images/reso

urces/privacyintheclouds.pdf

CDT. (2009). CDT discusses key policies surrounding user-centric identity management.

retrieved from https://www.cdt.org/policy/cdt-discusses-key-policies-issues-surrounding-

user-centric-identity-management

Lanois, P. (2011). Privacy in the age of the cloud. Journal of Internet Law, 15(6), 3-17.

https://collaboration.opengroup.org/jericho/cloud_cube_model_v1.0.pdf

http://www.computerworld.com/s/article/9010924/RSA_Web_mobile_apps_erode_network_perimeter_security?taxonomyId=17&pageNumber=

http://www.computerworld.com/s/article/9010924/RSA_Web_mobile_apps_erode_network_perimeter_security?taxonomyId=17&pageNumber=

http://dx.doi.org/10.1108/02640471111125177

http://search.proquest.com/docview/845231362?accountid=26967

http://search.proquest.com/docview/879724187?accountid=26967


Abubakr, T. (2011). Protect data in the public cloud with encryption tools. Retrieved from

http://www.techrepublic.com/blog/datacenter/protect-data-in-the-public-cloud-with-

encryption-tools/5056

Krutz, R., & Vines, R. S. (2010). Cloud security: a comprehensive guide to secure cloud

computing. Indianapolis: Wiley Publishing, Inc. DOI: www.wiley.com

Mather, T., Kumaraswamy, S., & Latif, S. (2009). Cloud security and privacy: an enterprise

perspective on risks and compliance. (1st ed., pp. 7-34). Sebastopol: O'Reilly Media, Inc:

DOI: mysafaribooksonline.com

Rubens, P. (2011). Ensuring Data Security in the Cloud. Retrieved from http://www.

esecurityplanet.com/trends/article.php/3933241/Ensuring-Data-Security-in-the-

Cloud.htm

Bloomberg, j. (2011, May 19). Data remanence: Cloud computing shell game. In ZapThink.

Retrieved November 3, 2012, from http://www.zapthink.com/2011/05/19/data-

remanence-cloud-computing-shell-game/

Schmelzer, R. (2011, March 24). Cloud security: Not an oxymoron. In ZapThink. Retrieved

November 3, 2012, from http://www.zapthink.com/2011/03/24/cloud-security-not-an-

oxymoron/

Mather, T., Kumaraswamy, S., & Latif, S. (2009). Cloud Security and Privacy (pp. 64-65).

Sebastopol, CA: O'Reilly Media, Inc

Krutz, R. L., & Vines, R. D. (2010). Cloud Security A Comprehensive Guide to Secure Cloud

Computing (p. 255). Indianapolis, IN: Wiley Publishing, Inc.

http://www.zapthink.com/2011/03/24/cloud-security-not-an-oxymoron/

http://www.zapthink.com/2011/03/24/cloud-security-not-an-oxymoron/

http://www.zapthink.com/2011/05/19/data-remanence-cloud-computing-shell-game/

http://www.zapthink.com/2011/05/19/data-remanence-cloud-computing-shell-game/

f01.justanswer.com€¦ · Web view11.12.2012 · Cloud computing is the style of computing...

Documents

Transcript of f01.justanswer.com€¦ · Web view11.12.2012 · Cloud computing is the style of computing...