Taking the Smoke out of the Cloud

What Cloud technologies promise vs. what they currently deliver

June 9, 2014

These are a series on securing cloud computing environments and a brief overview of various cloud environments their strengths and weaknesses. "The Cloud" is a marketing term that describes the current trend in web hosting, which allows a customer to configure their own network and also allows a provider or hosting company to allow multiple customers to concurrently use the same pieces of technology. This will cover how a cloud platform is defined, logically how a cloud platform is built and their advantages.

The National Institute of Science and Technology (NIST) describes cloud computing as "a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction." (NIST-800-145)

Characteristics of a cloud environment are the following: On-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Rapid deployment in a cloud platform means that creating a new server and pushing that new server into production is usually as easy as creating a file, however a specially formatted file.  That file will contain attributes of your server and will be booted and run in your network. Most cloud platforms use virtualized servers and virtualized networks to facilitate this ease of deployment. Broad Network Access means that these cloud platforms have always present network access for their service, so they are always "ON". This access is considered to be more of the service provider environment than the actual customer's cloud, but an integral part of a customer's service. Resource Pooling is allowing multiple customers to use the same hardware for their servers, same network hardware and same storage hardware, for example. This allows from a service provider perspective more customers per square foot. Resource sharing also creates new interesting security issues. Elasticity is similar to rapid deployment, only meaning new services can be deployed or expanded easily. Measured Service is where a hosting company can charge for the resource usage per customer whether that resource is network data bandwidth, server processing cycles or data storage, for example.

Finally NIST defines Service and Deployment models. I will review these to complete this introduction to cloud computing and cloud platforms, or just "The Cloud".

The most useful NIST Service models are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). SaaS is where a process that previously was sold as a shrink wrap package can be deployed to customers as an always available cloud service. Usually a customer will access this type of software via a web browser or software client. PaaS is where a service provider gives their customer access to create and manage their own cloud services by using a preset selection of development tools, and the resulting application will reside on a cloud network and servers. IaaS is where a hosting company allows a customer to provision network equipment and servers to create a customized cloud presence, though usually virtualized. SaaS products generally reside on PaaS and PaaS generally is built upon IaaS.

There are three deployment models of interest. These deployment models are characterized by whether a cloud infrastructure is located internally (private) to a customer, externally (public) or services are run both externally and internally (hybrid).

I will continue with describing cloud technologies and information security issues.

.wdnii.

© 2014 Norris Proprietaries Inc.