1
Cloud Computing Introduction
Cloud Computing Introduction
What Is Cloud Computing?
Cloud computing (cloud) is an evolving term that describes the development of many existing technologies and approaches to computing into something different. Cloud separates application and information resources from the underlying infrastructure, and the mechanisms used to deliver them. Cloud enhances collaboration, agility, scaling, and availability, and provides the potential for cost reduction through optimized and efficient computing.
Cloud Computing Introduction
Cloud Computing:
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. network, servers, storage, applications and services ) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Essential Characteristics
Cloud services exhibit five essential characteristics that demonstrate their relation to, and Differences from, traditional computing approaches: On-demand self-service. A consumer can unilaterally provision computing capabilities such as server time and network storage as needed automatically, without requiring human interaction with a service provider. Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs) as well as other traditional or cloud based software services. Resource pooling. The providers computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a degree of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources, but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines. Even private clouds tend to pool resources between different parts of the same organization.
Rapid elasticity. Capabilities can be rapidly and elastically provisioned in some cases automatically to quickly scale out; and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.
Measured service. Cloud systems automatically control and optimize resource usage by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, or active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the service.
Cloud Computing Introduction
Cloud Full private cluster is provisioned Individual user can only get a tiny fraction of the total resource pool No support for cloud federation except through the client interface Opaque with respect to resources Grid Built so that individual users can get most, if not all of the resources in a single request Middleware approach takes federation as a first principle Resources are exposed, often as bare metal
Cloud Computing Introduction
Service Models
Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the providers applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or Copyright 2009 Cloud Security Alliance 16 even individual application capabilities, with the possible exception of limited userspecific application configuration settings. Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).
Cloud Computing Introduction
Cloud Deployment Models Regardless of the service model utilized (SaaS, PaaS, or IaaS) there are four deployment models for cloud services, with derivative variations that address specific requirements: Public Cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Private Cloud. The cloud infrastructure is operated solely for a single organization. It may be managed by the organization or a third party, and may exist on-premises or offpremises. Community Cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, or compliance considerations). It may be managed by the organizations or a third party and may exist on-premises or off-premises. Hybrid Cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds). It is important to note that there are derivative cloud deployment models emerging due to the maturation of market offerings and customer demand. An example of such is virtual private clouds a way of utilizing public cloud infrastructure in a private or semi-private manner and interconnecting these resources to the internal resources of a consumers datacenter, usually via virtual private network (VPN) connectivity.
7
Why Cloud Computing
Cloud Computing Introduction
Data centers are notoriously underutilized, often idle 85% of the time Over provisioning Insufficient capacity planning and sizing Improper understanding of scalability requirements etc including thought leaders from Gartner, Forrester, and IDCagree that this new model offers significant advantages for fast-paced startups, SMBs and enterprises alike. Cost effective solutions to key business demands Move workloads to improve efficiency Multi-Tenancy Although not an essential characteristic of Cloud Computing in NISTs model, CSA has identified multi-tenancy as an important element of cloud. Multi-tenancy in cloud service models implies a need for policy-driven enforcement, segmentation, isolation, governance, service levels, and chargeback/billing models for different consumer constituencies. Consumers might utilize a public cloud providers service offerings or actually be from the same organization, such as different business units rather than distinct organizational entities, but would still share infrastructure.
From a providers perspective, multi-tenancy suggests an architectural and design approach to enable economies of scale, availability, management, segmentation, isolation, and operational efficiency; leveraging shared infrastructure, data, metadata, services, and applications across many different consumers.
Cloud Computing Introduction
Cloud Reference Model Understanding the relationships and dependencies between Cloud Computing models is critical to understanding Cloud Computing security risks. IaaS is the foundation of all cloud services, with PaaS building upon IaaS, and SaaS in turn building upon PaaS as described in the Cloud Reference Model diagram. In this way, just as capabilities are inherited, so are information security issues and risk.
IaaS includes the entire infrastructure resource stack from the facilities to the hardware platforms that reside in them. It incorporates the capability to abstract resources (or not), as well as deliver physical and logical connectivity to those resources. Ultimately, IaaS provides a set of APIs which allow management and other forms of interaction with the infrastructure by consumers. PaaS sits atop IaaS and adds an additional layer of integration with application development frameworks; middleware capabilities; and functions such as database, messaging, and queuing; which allow developers to build applications upon to the platform; and whose programming languages and tools are supported by the stack. SaaS in turn is built upon the underlying IaaS and PaaS stacks; and provides a self-contained operating environment used to deliver the entire user experience including the content, its presentation, the application(s), and management capabilities.
The key takeaway for security architecture is that the lower down the stack the cloud service provider stops, the more security capabilities and management consumers are responsible for implementing and managing themselves.
Data centers are notoriously underutilized, often idle 85% of the time Over provisioning
9
Insufficient capacity planning and sizing Improper understanding of scalability requirements etc
Cloud Computing Introduction
including thought leaders from Gartner, Forrester, and IDCagree that this new model offers significant advantages for fast-paced startups, SMBs and enterprises alike. Cost effective solutions to key business demands Move workloads to improve efficiency
10
Cloud Computing Introduction
Identify the asset for the cloud deployment At the simplest, assets supported by the cloud fall into two general buckets: 1. Data 2. Applications/Functions/Processes We are either moving information into the cloud, or transactions/processing (from partial functions all the way up to full applications). With cloud computing our data and applications dont need to reside in the same location, and we can even shift only parts of functions to the cloud. For example, we can host our application and data in our own data center, while still outsourcing a portion of its functionality to the cloud through a Platform as a Service. The first step in evaluating risk for the cloud is to determine exactly what data or function is being considered for the cloud. This should include potential uses of the asset once it moves to the cloud to account for scope creep. Data and transaction volumes are often higher than expected.
11
Cloud Computing Introduction
Evaluate the asset The next step is to determine how important the data or function is to the organization. You dont need to perform a detailed valuation exercise unless your organization has a process for that, but you do need at least a rough assessment of how sensitive an asset is, and how important an application/function/process is. Copyright 2009 Cloud Security Alliance 10 For each asset, ask the following questions: 1. How would we be harmed if the asset became widely public and widely distributed? 2. How would we be harmed if an employee of our cloud provider accessed the asset? 3. How would we be harmed if the process or function were manipulated by an outsider? 4. How would we be harmed if the process or function failed to provide expected results? 5. How would we be harmed if the information/data were unexpectedly changed? 6. How would we be harmed if the asset were unavailable for a period of time? Essentially we are assessing confidentiality, integrity, and availability requirements for the asset; and how those are affected if all or part of the asset is handled in the cloud. Its very similar to assessing a potential outsourcing project, except that with cloud computing we have a wider array of deployment options, including internal models. Map the asset to potential cloud deployment models Now we should have an understanding of the assets importance. Our next step is to determine which deployment models we are comfortable with. Before we start looking at potential providers, we should know if we can accept the risks implicit to the various deployment models: private, public, community, or hybrid; and hosting scenarios: internal, external, or combined. For the asset, determine if you are willing to accept the following options: 1. Public. 2. Private, internal/on-premises. 3. Private, external (including dedicated or shared infrastructure). 4. Community; taking into account the hosting location, potential service provider, and identification of other community members. 5. Hybrid. To effectively evaluate a potential hybrid deployment, you must have in mind at least a rough architecture of where components, functions, and data will reside. At this stage you should have a good idea of your comfort level for transitioning to the cloud, and which deployment models and locations fit your security and risk requirements. Evaluate potential cloud service models and providers In this step focus on the degree of control youll have at each SPI tier to implement any required risk management. If you are evaluating a specific offering, at this point you might switch to a fuller risk assessment. Your focus will be on the degree of control you have to implement risk mitigations in the different SPI tiers. If you already have specific requirements (e.g., for handling of regulated data) you can include them in the evaluation. Sketch the potential data flow If you are evaluating a specific deployment option, map out the data flow between your organization, the cloud service, and any customers/other nodes. While most of these steps have been high-level, before making a final decision its absolutely essential to understand whether, and how, data can move in and out of the cloud. Copyright 2009 Cloud Security Alliance 11 If you have yet to decide on a particular offering, youll want to sketch out the rough data flow for any options on your acceptable list. This is to insure that as you make final decisions, youll be able to identify risk exposure points.
12
Cloud Computing Introduction
What Is Security for Cloud Computing? Security As described earlier in this document, the security responsibilities of both the provider and the consumer greatly differ between cloud service models. Amazons AWS EC2 infrastructure as a service offering, as an example, includes vendor responsibility for security up to the hypervisor, meaning they can only address security controls such as physical security, environmental security, and virtualization security. The consumer, in turn, is responsible for security controls that relate to the IT system (instance) including the operating system, applications, and data. The inverse is true for Salesforce.coms customer resource management (CRM) SaaS offering. Because the entire stack is provided by Salesforce.com, the provider is not only responsible for the physical and environmental security controls, but it must also address the security controls on the infrastructure, the applications, and the data. This alleviates much of the consumers direct operational responsibility.
13
Cloud Computing Introduction
Key challenges regarding data lifecycle security in the cloud include the following: Data security. Confidentiality, Integrity, Availability, Authenticity, Authorization, Authentication, and Non-Repudiation. Location of the data. There must be assurance that the data, including all of its copies and backups, is stored only in geographic locations permitted by contract, SLA, and/or regulation. For Copyright 2009 Cloud Security Alliance 41 instance, use of compliant storage as mandated by the European Union for storing electronic health records can be an added challenge to the data owner and cloud service provider. Data remanance or persistence. Data must be effectively and completely removed to be deemed destroyed. Therefore, techniques for completely and effectively locating data in the cloud, erasing/destroying data, and assuring the data has been completely removed or rendered unrecoverable must be available and used when required. Commingling data with other cloud customers. Data especially classified / sensitive data must not be commingled with other customer data without compensating controls while in use, storage, or transit. Mixing or commingling the data will be a challenge when concerns are raised about data security and geo-location. Data backup and recovery schemes for recovery and restoration. Data must be available and data backup and recovery schemes for the cloud must be in place and effective in order to prevent data loss, unwanted data overwrite, and destruction. Dont assume cloud-based data is backed up and recoverable. Data discovery. As the legal system continues to focus on electronic discovery, cloud service providers and data owners will need to focus on discovering data and assuring legal and regulatory authorities that all data requested has been retrieved. In a cloud environment that question is extremely difficult to answer and will require administrative, technical and legal controls when required. Data aggregation and inference. With data in the cloud, there are added concerns of data aggregation and inference that could result in breaching the confidentiality of sensitive and confidential information. Hence practices must be in play to assure the data owner and data stakeholders that the data is still protected from subtle breach when data is commingled and/or aggregated, thus revealing protected information (e.g., medical records containing names and
14
Cloud Computing Introduction
medical information mixed with anonymous data but containing the same crossover field).
CLOUD COMPUTING SECURITY Policy and Organizational Risk Things that may directly degrade the ability of the consumer organization to conduct business in efficient manner Legal Risk Things that may put the consumer organization in breach of the law or that may prevent compliance with specific legal mandates Technical Risk Things that may disrupt normal operations of the consumer organization or cause loss of value over intangible assets (data, reputation, etc.) Transitional Risk Things that may temporarily put the consumer organizations traditional infrastructure and operations under increased risk Isolation failure Break out of the VM, storage compartment, virtual network, VPN, etc. Covert channels, Transitive trust. Compromise of the management interface Hijack of the consumer organizations cloud computing infrastructure, loss of control plane Data leakage Leakage to co-tenants (Intra-cloud ) or cloud exfiltration(Inter-cloud) Insecure data lifecycle management Insecure or ineffective deletion of data, loss of consistency, data duplication Economic denial of service Depletion of quota vs. runaway service costs vsloss of efficiency Coarse access control Insufficient granularity to implement authentication, authorization or auditing controls Conflicting Provider-Consumer security standards Provider cant meet the consumer organizations security requirements
15
Cloud Computing Introduction
Cloud Computing Market Definitions of Hype cycle on the Web: A hype cycle is a graphic representation of the maturity, adoption and business application of specific technologies. The term was coined by Gartner. Cloud Computing Hype Cycle Present Market 18 billion In coming two years will be 40 billion
CLOUD COMPUTING CHALLENGES Scalability Performance ProvisioningGranularity & Flexibility vs. ConfigurationComposition (Intra-cloud and Inter-cloud) Data life-cycle Management (Keying material?) Client-Side Weakness Compliance & Audit-ability
16
Cloud Computing Introduction
Some Successes of Cloud Computing
Salesforce.com CRM Provider Intacct software as services in finance management Gmail Google Apps docs videos, office Mozy data backup management Facebook, LinkedIn, Twitter, QualysGuard = IT security * compliance Microsoft azure: The Windows Azure platform is a flexible cloudcomputing platform that lets you focus on solving business problems and addressing customer needs. Terremark, same as above Amazon EC2 presents a true virtual computing environment, allowing you to use web service interfaces to launch instances with a variety of operating systems Gogrid.com for hosting Joyent's Proven Cloud Computing Infrastructure and sophisticated Cloud Management Software enable you to leverage benefits of virtual machines. RackspaceCloud
We're Hiring! Toll Free US & Canada: 1(877) 946-4743 Worldwide: +1(415) 869-7444
CLOUD HOSTING SUPPORT PARTNERS ABOUT US SIGN UP
17
Cloud Computing Introduction
Thanks