Cloud Computing and Security Issues
Cloud computing is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure in the "cloud" that supports them. Cloud computing is a method of delivering hosted services -- Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) – over the Internet in a fast, cost-effective way. The technology has gained popularity in a weakened economy as enterprises seek ways to save money, but as always, this emerging technology presents certain risks, and it could open an organization to security vulnerabilities and threats.
The concept generally incorporates combinations of infrastructure as a service (IaaS) , platform as a service (PaaS), software as a service (SaaS) . Cloud computing services often provide common business applications online that are accessed from a web browser, while the software and data are stored on the servers. Cloud computing can be confused with Grid computing which is a form of distributed computing whereby a 'super and virtual computer' is composed of a cluster of networked, loosely-coupled computers, acting in concert to perform very large tasks and Utility computing – the packaging of computing resources, such as computation and storage, as a metered service similar to a traditional public utility such as electricity
Characteristics
Cloud computing customers do not generally own the physical infrastructure serving as host to the software platform in question. Instead, they avoid capital expenditure by renting usage from a third-party provider. They consume resources as a service and pay only for resources that they use. Many cloud-computing offerings employ the utility computing model, which is analogous to how traditional utility services (such as electricity) are consumed, while others bill on a subscription basis. Sharing "perishable and intangible" computing power among multiple tenants can improve utilization rates, as servers are not unnecessarily left idle (which can reduce costs significantly while increasing the speed of application development). A side effect of this approach is that overall computer usage rises dramatically, as customers do not have to engineer for peak load limits. Additionally, "increased high-speed bandwidth" makes it possible to receive the same response times from centralized infrastructure at other sites.
Companies
Vmware, Sun Microsystems, IBM, Amazon, Google, Microsoft and Yahoo are some of the major cloud computing service providers. Cloud services are being adopted by individual users through large enterprises including vmware, General Electric and Procter & Gamble.
Cloud computing types
Public cloud
Public cloud or external cloud describes cloud computing in the traditional mainstream sense, whereby resources are dynamically provisioned on a fine-grained, self-service basis over the Internet, via web applications/web services, from an off-site third-party provider who shares resources and bills on a fine-grained utility computing basis.
Hybrid cloud
A hybrid cloud environment consisting of multiple internal and/or external providers "will be typical for most enterprises".
Private cloud
Private cloud and internal cloud are neologisms that some vendors have recently used to describe offerings that emulate cloud computing on private networks. These (typically virtualization automation) products claim to "deliver some benefits of cloud computing without the pitfalls", capitalising on data security, corporate governance, and reliability concerns. They have been criticised on the basis that users "still have to buy, build, and manage them" and as such do not benefit from lower up-front capital costs and less hands-on management, essentially "[lacking] the economic model that makes cloud computing such an intriguing concept".
Cloud Computing and Security Issues
The benefits of virtualization and cloud computing are transforming the way we look at IT outsourcing for development, testing, and production. Existing skills, processes, and projects seem to translate naturally to a virtualized environment, and few obstacles seem to impede the adoption of the cloud model for production. Practitioners and the media alike have touted the potential security issues of virtualization. The cloud brings with it a layer of additional security considerations, in terms of both technology and process.
This layer of additional security isn’t necessarily scary or complicated. But right now, trust in the security of cloud computing is the number one impediment to its growth. This article takes a look at the cloud from various points of view. I will compare real-world examples to look at security implications of the Cloud, and show how they integrate with traditional security processes.
Cloud computing is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure in the "cloud" that supports them. Cloud computing is a method of delivering hosted services -- Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) – over the Internet in a fast, cost-effective way. The technology has gained popularity in a weakened economy as enterprises seek ways to save money, but as always, this emerging technology presents certain risks, and it could open an organization to security vulnerabilities and threats.
The concept generally incorporates combinations of infrastructure as a service (IaaS) , platform as a service (PaaS), software as a service (SaaS) . Cloud computing services often provide common business applications online that are accessed from a web browser, while the software and data are stored on the servers. Cloud computing can be confused with Grid computing which is a form of distributed computing whereby a 'super and virtual computer' is composed of a cluster of networked, loosely-coupled computers, acting in concert to perform very large tasks and Utility computing – the packaging of computing resources, such as computation and storage, as a metered service similar to a traditional public utility such as electricity
Characteristics
Cloud computing customers do not generally own the physical infrastructure serving as host to the software platform in question. Instead, they avoid capital expenditure by renting usage from a third-party provider. They consume resources as a service and pay only for resources that they use. Many cloud-computing offerings employ the utility computing model, which is analogous to how traditional utility services (such as electricity) are consumed, while others bill on a subscription basis. Sharing "perishable and intangible" computing power among multiple tenants can improve utilization rates, as servers are not unnecessarily left idle (which can reduce costs significantly while increasing the speed of application development). A side effect of this approach is that overall computer usage rises dramatically, as customers do not have to engineer for peak load limits. Additionally, "increased high-speed bandwidth" makes it possible to receive the same response times from centralized infrastructure at other sites.
Companies
Vmware, Sun Microsystems, IBM, Amazon, Google, Microsoft and Yahoo are some of the major cloud computing service providers. Cloud services are being adopted by individual users through large enterprises including vmware, General Electric and Procter & Gamble.
Cloud computing types
Public cloud
Public cloud or external cloud describes cloud computing in the traditional mainstream sense, whereby resources are dynamically provisioned on a fine-grained, self-service basis over the Internet, via web applications/web services, from an off-site third-party provider who shares resources and bills on a fine-grained utility computing basis.
Hybrid cloud
A hybrid cloud environment consisting of multiple internal and/or external providers "will be typical for most enterprises".
Private cloud
Private cloud and internal cloud are neologisms that some vendors have recently used to describe offerings that emulate cloud computing on private networks. These (typically virtualization automation) products claim to "deliver some benefits of cloud computing without the pitfalls", capitalising on data security, corporate governance, and reliability concerns. They have been criticised on the basis that users "still have to buy, build, and manage them" and as such do not benefit from lower up-front capital costs and less hands-on management, essentially "[lacking] the economic model that makes cloud computing such an intriguing concept".
Cloud Computing and Security Issues
The benefits of virtualization and cloud computing are transforming the way we look at IT outsourcing for development, testing, and production. Existing skills, processes, and projects seem to translate naturally to a virtualized environment, and few obstacles seem to impede the adoption of the cloud model for production. Practitioners and the media alike have touted the potential security issues of virtualization. The cloud brings with it a layer of additional security considerations, in terms of both technology and process.
This layer of additional security isn’t necessarily scary or complicated. But right now, trust in the security of cloud computing is the number one impediment to its growth. This article takes a look at the cloud from various points of view. I will compare real-world examples to look at security implications of the Cloud, and show how they integrate with traditional security processes.
0 comments:
Post a Comment