Cloud Security

Cloud Security:-

 Introduction:- 

Cloud computing has more to offer businesses and individuals than ever before. Many are moving to

the cloud to take advantage of the on-demand nature of documents, applications and services. An area

of cloud computing that is starting to garner more attention is cloud security, as well as Security-as-a-

Service (SECaaS). These security areas are increasing in attention in response to businesses move to

the cloud – cyber thieves follow data and confidential information. Similar to on-premise computer and

server security, cloud security adoption has

lagged behind cloud service adoption.

            

     

              

Infrastructure as a Service:-    

Overview Infrastructure-as-a-Service (IaaS) as a concept is easier to grasp because of some similarity it shares with the traditional infrastructure that was used and is still used in many organizations today. With the traditional infrastructure an organization needed to purchase servers, all networking components and storage devices. A lot of capital is required to start up a business and more funds may be required for a company that wants to change its business model to adapt to changes in the market. Even though the concept of cloud computing dates back to the 1960’s, Cloud Computing Services were not widely offered until mid 2008, at least in the way it is discussed in this paper (eyeOS Blog)—“cloud computing” may have different meanings depending on how the term is used. It was during 2008 when services such as IaaS began to be offered by companies such as Amazon. The ability for a business to acquire IaaS began to make it easier for Startups and other businesses, especially those who could not afford infrastructure they needed, to meet their technology requirements. Advancements in computer technology in areas such as networking, the Internet, virtualization technology, clustering and load balancing capabilities have enabled IaaS providers to offer scalable, shared and manageable environments (Dawoud). Other companies that provide cloud computing services specifically IaaS are Amazon, AT&T, HP, Verizon, CA Technologies, Cloud Scaling, DATA PIP and Eucalyptus Systems among others (Cloud360).

               However, even with the advantages that are mentioned above, IaaS has significant security challenges. The security challenges of providing this service become increasingly complex as the number of users increases. Also, customers of IaaS must share resources, which has security implications as well. The IaaS delivery model consists of components such as service level agreement, utility computing, cloud software, platform virtualization, network connectivity, and computer hardware (Dawoud). All of these components face different security and privacy issues. The challenges of cloud computing from a user’s (i.e. company that pays for the service) point of view are: knowing exactly where the data is located, whether others are accessing the data, and whether the data is being compromised. 

      

Products and Services:-  

                Products and services that are offered by IaaS providers are: Servers: Most business may require similar servers but depending on the nature and size of a business the number and type of servers required may differ. Examples of servers that are commonly used are Database servers, Application servers, and Mail servers, among many others. Security products used in traditional way of securing servers and storage are still relevant, e.g. use of firewall and Intrusion Detection Systems. An IaaS provider can provide a firewall for a fee to filter mail received by a startup business. Storage Devices: High Capacity hard drives are also made available for lease to companies that need these services. The IaaS providers are able to do this as they have data centers with hard drives that are able to store large-scale data, and with use of virtualization this capability is significantly improved. 

Features of IaaS:-

Currently there are security concerns that are holding businesses back from acquiring services such as IaaS. However, with more studies concerning these addressing these issues, we can expect that more companies/businesses will feel confident migrating to the cloud. Also by applying Moore’s Law there can be an expected increase in processing power and memory (Ushman). Based on Moore’s law we can then predict that virtualization capacity will also increase. With increased virtualized capacity, we can expect increased efficiency and scalability. This may cause more companies to migrate to the cloud in the future.

 

 

   

Platform as a Service:-   

    In the cloud stack, Platform-as-a-Service (PaaS) sits in the middle, between Infrastructure-as-a-Service and Software-as-a-Service. Customers who make use of PaaS do not want to deal with the hassle of purchasing a physical computer, installing the operating system, and all other steps that go into integrating a computer into the company’s workflow (Keene). PaaS is often used in instances of application development, which allows for a developer start programming without having to install an Operating System, a Database server, or a Web server. This frees organizations from significant overhead in terms of money and resources in supporting their hardware. PaaS offers the ability to make the computer into a service, freeing the user from maintenance on the machine – and truly – even caring about the operating system that they are using. PaaS deployments can be public – like Google App Engine and Windows Azure – allowing anyone to sign up and use the platform. They can also be private, set up and monitored by an organization, used only by internal members of that organization. Private clouds offer two distinct advantages: 1) sensitive information need not be transmitted over the public internet, 2) if the internet connection in the building is down, local network resources that are still available can serve data from the private cloud (Bhadauria).

   

Products and Services:-  

           High-Assurance Hypervisor is an idea that is on the rise, and very close to corporate acceptance. This would greatly improve the confidence in public PaaS in the commercial world. If a Hypervisor is HighAssurance, users can be confident that their data and deployments are safe from outside tampering. Many companies are beginning to support this capability (MacDonald). Along with the rise of High-Assurance Hypervisors, the private cloud is an idea that is also gaining traction. This is due to the natural progression from server virtualization to server virtualization in the cloud. Many companies have found the virtualization reduces capital costs, and will soon find that a private cloud can speed the delivery of services (Penn). Google App Engine, along with other offerings such as Engine Yard and Microsoft Azure allow for the complete development, deployment, and hosting of mission critical web applications. Customers only have to pay for the bandwidth they use, with the provider scaling network resources to fit the demand for the application (appengine.google.com).

   

Features of PaaS:-

          We believe that PaaS will continue to grow along with demand for SaaS. As consumers care less about what platform they need to run their software (as a service), they will care less about what, if any, platform they have. PaaS by way of Google’s Chrome OS will continue to make itself relevant through its use in schools, due to low cost hardware (Lardinois). Having PaaS tool as a startup can drastically lower barriers of entry. Companies will take advantage of the ability to run their whole operation without buying a single server.

   

  

Software as a Service:-   

   In the Cloud Computing Stack, Software-as-a-Service (SaaS) sits on top of Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS). SaaS is simply software that is delivered from a server in a remote location to your desktop, and is used primarily online. Typically, it is accessed using a thin client via a web browser, although some SaaS software uses its own interface, designed to provide special characteristics for its application or its users. Initially, SaaS software existed only in real time – within an online connection. But, as SaaS evolved, applications that live on an appliance (a server managed by the SaaS vendor) on the user organization’s premises became prevalent (Simon 97-112).

Products and Services:-  

   SaaS applications are available more or less for all business segments. As part of their SaaS product line, Google provides Google Apps for Business, which includes solutions like business email, calendar, documents and more. These products are bundled with features such as multiple platform integration and 99.9% uptime SLA (Google Apps for Business). SaaS startup desk.com (previously known as Assistly) helps companies collect and organize all of their customer conversations into a prioritized actionable list and equips support staff with the tools to respond to customers. The application allows businesses to filter conversations, access customer histories, automate processes and even tap into social media conversations on Facebook, Twitter and other sites (Rao). Demandforce‘s SaaS application automates Internet marketing and communications so customers can focus on running their day-to-day operations (Rao). Cloud financial management company Intacct sells cloud-based software for financial functions — including applications for accounting, contract management, revenue management, inventory management, purchasing, vendor management, financial consolidation and reporting (Lomas). Education technology company EverFi has created a SaaS application for schools to help educate young adults on financial literacy, student loan default prevention, filing taxes, credit card debt and other critical life skills. The application’s curriculum incorporates virtual worlds, social media and videos to help teach children these life skills (Rao)