CLOUD COMPUTING

“When it’s smarter to rent than to

buy”

1
HISTORY OF CLOUD COMPUTING

 1960 - John McCarthy

 came into commercial use around the turn of the 21st century

 2007 saw increased activity, including Google, IBM

 It was a hot topic by mid-2008 and numerous cloud computing

events had been scheduled.

2
INTRODUCTION

 With traditional desktop computing, we run copies of software

programs on our own computer. The documents we create are
stored on our own pc.
 Although documents can be accessed from other computers on
the network, they can’t be accessed by computers outside the
network. This is PC-centric.
 With cloud computing, the software programs one use aren’t run
from one’s personal computer, but are rather stored on servers
accessed via the Internet.

3
 If a computer crashes, the software is still available for others
to use. Same goes for the documents one create; they’re stored
on a collection of servers accessed via the Internet.
 Anyone with permission can not only access the documents,
but can also edit and collaborate on those documents in real
time.
 Unlike traditional computing, this cloud computing model isn’t
PC-centric, it’s document-centric.

4
WHAT IS CLOUD
COMPUTING?

5
CLOUDCOMPUTING:
 Cloud computing is Internet- ("CLOUD-") based development and
use of computer technology ("COMPUTING").
 Cloud computing is a general term for anything that involves
delivering hosted services over the Internet.
 It is used to describe both a platform and type of application.
 Cloud computing also describes applications that are extended
to be accessible through the Internet.
 These cloud applications use large data centers and powerful
servers that host Web applications and Web services.
User of the cloud only care about the service or information they are
accessing - be it from their
PCs, mobile devices, or anything else connected
to the Internet - not about the underlying details
of how the cloud works.”
KEY PROPERTIES OF CLOUD
COMPUTING
 Cloud Computing Is User Centric:
Once a user is connected to the cloud, whatever is stored there—
documents, messages, images, applications, whatever—becomes
authorized to the user access them.

 Cloud Computing Is Powerful:

Connecting hundreds or thousands of computers together in a
cloud creates a wealth of computing power impossible with a
single desktop PC.

 Cloud Computing Is Accessible:

Because data is stored in the cloud, users can instantly retrieve 8
more information from multiple repositories.
KEY PROPERTIES OF CLOUD
COMPUTING
 Cloud Computing Is Intelligent:
With all the various data stored on the computers in a cloud,
data mining and analysis are necessary to access that
information in an intelligent manner.

 Cloud Computing Is Programmable:

Many of the tasks necessary with cloud computing must be
automated. For example, to protect the integrity of the data,
information stored on a single computer in the cloud must be
replicated on other computers in the cloud. If that one
computer goes offline, the cloud’s programming automatically
redistributes that computer’s data to a new computer in the 9
cloud.
Driving Cloud Computing
The CLOUD COMPUTING is driving in two types:
Customer perspective
Vendor perspective
Customer Perspective
1. In one word: economics.
2. Faster, simpler, cheaper to use cloud computation.
3. No upfront capital required for servers and storage.
4. No operational expenses for running data-center.
5. Application can be run from anywhere.
Vendor perspective
1. Easier for application vendors to reach new customers.
2. Lowest cost way of delivering and supporting
applications.
3. Ability to use commodity server and storage hardware.
4. Ability to drive down data-center operational cots.
Types of Services
These services are broadly categorized into three divisions.
1. Infrastructure-as-a-service (IAAS)
2. Platform-as-a-service (PAAS)
3. Software-as-a-service (SAAS)
INFRASTRUCTURE-AS-A-SERVICE
(IAAS)
• Infrastructure-as-a-Service(IaaS) like Amazon Web
Services provides virtual
• servers with unique IP addresses and blocks of storage
on demand.
• Customers benefit from an API from which they can
control their servers.
• Because customers can pay for exactly the amount of
service they use, like for electricity or water, this service
is also called utility computing.
PLATFORM-AS-A-SERVICE (PAAS)

• Infrastructure-as-a-Service(IaaS) like Amazon Web Services

provides virtual servers with unique IP addresses and blocks of
storage on demand.
• Customers benefit from an API from which they can control
their servers.
• This is because customers can pay for exactly the amount of
service they use like for electricity or water, this service is also
called utility computing.
SOFTWARE-AS-A-SERVICE (SAAS)
 Software-as-a-Service (SaaS) is the broadest market.
 In this case the provider allows the customer only to use its
applications.
 The software interacts with the user through a user interface.
 These applications can be anything from web based email, to
applications like Twitter or Last.fm.
 Agenda 4

•Why Cloud Computing?

•Cloud Definition and Characteristics
•Cloud Tiered Architecture
•Cloud Benefits
•Cloud Drawbacks and Concerns
•Cloud Futures
•Conclusions
Why Cloud Computing? 5

Business needs are straining IT

•Business dependency on IT continues to grow
• Business and IT are becoming one
•As business dependency grows, so do the IT
resources necessary to run the business
• Many organizations have built massive, overly
complex, underutilized, rigid IT infrastructure
•Why we are seeing some IT initiatives
• Data center consolidation, application rationalization,
virtualization
• These efforts aren’t enough to stem the tide; revealing
some harsh realities…
Why Cloud Computing? 6

IT is too expensive, rigid, and complex

• Owning and operating IT is an expensive,
and time consuming proposition
• Many data centers are out of power/ space
• Complex infrastructures decrease the
ability to respond to business needs
• Install new applications, provision additional
capacity, and secure their environment
• Limits business agility and growth
• Business units are forced to go outside their IT
organizations to meet their needs
• IT organizations have more work than
personnel can reasonably manage
• Many data centers house extraneous, infrastructure
that has nothing to do with the organization’s core
business
Cloud Computing: Transforming IT
Strategic and
non-strategic
IT Services
Enterprise

IT is completely “owned
IT and operated” by the
Enterprise’s IT
organization
Cloud Computing: Transforming IT
Strategic IT Non-Strategic
Services IT Services

Enterprise

SaaS

IT PaaS Cloud
SIaaS Computing
HIaaS

Post-Modern or
Hybrid IT
 HOW DOES CLOUD
COMPUTING WORK?

23
UNDERSTANDING CLOUD ARCHITECTURE:

Individual users connect to the cloud from their own personal computers or
portable devices, over the Internet. To these individual users, the cloud is seen as
a single application, device, or document. The hardware in the cloud (and the
24
operating system that manages the hardware connections) is invisible.
1. It all starts with the front-end interface seen by individual users.
2. The user’s request then gets passed to the system management, which finds the
correct resources and then calls the system’s appropriate provisioning services.
3. These services carve out the necessary resources in the cloud, launch the
appropriate web application.
4. After the web application is launched, the system’s monitoring and metering
functions track the usage of the cloud so that resources are apportioned and 25
attributed to the proper user(s).
UNDERSTANDING CLOUD STORAGE

 One of the primary uses of cloud computing is for data

storage.
 With cloud storage, data is stored on multiple third-party
servers, rather than on the dedicated servers used in
traditional networked data storage.
 When storing data, the user sees a virtual server—that is,
it appears as if the data is stored in a particular place.
 But that place doesn’t exist in reality.

 In reality, the user’s data could be stored on any one or

more of the computers used to create the cloud.
26
UNDERSTANDING CLOUD SERVICES

 Any web-based application or service offered via cloud

computing is called a cloud service.
 Cloud services can include anything from calendar and
contact applications to word processing and
presentations.
 With a cloud service, the application itself is hosted in
the cloud. An individual user runs the application over
the Internet, typically within a web browser.
 The browser accesses the cloud service and an instance
of the application is opened within the browser window.
 Once launched, the web-based application operates and
27
behaves like a standard desktop application.
UNDERSTANDING CLOUD
COMPUTING

28
 A WORKING DEFINITION OF CLOUD
COMPUTING
 Cloud computing is a model for enabling convenient,
on-demand network access to a shared pool of
configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can
be rapidly provisioned and released with minimal
management effort or service provider interaction.
 This cloud model promotes availability and is composed of
five essential characteristics, three service models, and four
deployment models.

29
5 ESSENTIAL CLOUD
CHARACTERISTICS
 On-demand self-service
 Broad network access

 Resource pooling
 Location independence
 Rapid elasticity
 Measured service

30
 3 CLOUD SERVICE MODELS

 Cloud Software as a Service (SaaS)

 Use provider’s applications over a network
 Cloud Platform as a Service (PaaS)
 Deploy customer-created applications to a cloud
 Cloud Infrastructure as a Service (IaaS)
 Rent processing, storage, network capacity, and other
fundamental computing resources

 To be considered “cloud” they must be deployed on top

of cloud infrastructure that has the key characteristics
31
SERVICE MODEL ARCHITECTURES

Cloud Infrastructure Cloud Infrastructure Cloud Infrastructure

IaaS Software as a Service
PaaS PaaS (SaaS)
SaaS SaaS SaaS Architectures

Cloud Infrastructure Cloud Infrastructure

IaaS Platform as a Service (PaaS)
PaaS PaaS Architectures

Cloud Infrastructure
IaaS Infrastructure as a Service (IaaS)
Architectures
32
4 CLOUD DEPLOYMENT MODELS

 Private cloud
 enterprise owned or leased
 Community cloud
 shared infrastructure for specific community
 Public cloud
 Sold to the public, mega-scale infrastructure
 Hybrid cloud
 composition of two or more clouds

33
COMMON CLOUD CHARACTERISTICS

 Cloud computing often leverages:

 Massive scale
 Homogeneity
 Virtualization
 Resilient computing
 Low cost software
 Geographic distribution
 Service orientation
 Advanced security technologies

34
CLOUD COMPUTING
SECURITY

35
SECURITY IS THE MAJOR ISSUE

36
ANALYZING CLOUD SECURITY
 Some key issues:
 trust, multi-tenancy, encryption, compliance
 Clouds are massively complex systems can be reduced
to simple primitives that are replicated thousands of
times and common functional units
 Cloud security is a tractable problem
 There are both advantages and challenges

37
Former Intel CEO, Andy Grove: “only the paranoid survive”
GENERAL SECURITY
ADVANTAGES
 Shifting public data to a external cloud reduces the
exposure of the internal sensitive data
 Cloud homogeneity makes security auditing/testing
simpler
 Clouds enable automated security management

 Redundancy / Disaster Recovery

38
 GENERAL SECURITY
CHALLENGES
 Trusting vendor’s security model
 Customer inability to respond to audit findings

 Obtaining support for investigations

 Indirect administrator accountability

 Proprietary implementations can’t be examined

 Loss of physical control

39
SECURITY RELEVANT CLOUD
COMPONENTS
 Cloud Provisioning Services
 Cloud Data Storage Services
 Cloud Processing Infrastructure
 Cloud Support Services
 Cloud Network and Perimeter Security
 Elastic Elements: Storage, Processing, and Virtual
Networks

40
PROVISIONING SERVICE
 Advantages
 Rapid reconstitution of services
 Enables availability
 Provision in multiple data centers / multiple instances
 Advanced honey net capabilities
 Challenges
 Impact of compromising the provisioning service

41
DATA STORAGE SERVICES
 Advantages
 Data fragmentation and dispersal
 Automated replication
 Provision of data zones (e.g., by country)
 Encryption at rest and in transit
 Automated data retention
 Challenges
 Isolationmanagement / data multi-tenancy
 Storage controller
 Single point of failure / compromise?
 Exposure of data to foreign governments
42
CLOUD PROCESSING INFRASTRUCTURE
 Advantages
 Ability to secure masters and push out secure images
 Challenges
 Application multi-tenancy
 Reliance on hypervisors
 Process isolation / Application sandboxes

43
CLOUD SUPPORT SERVICES
 Advantages
 On demand security controls (e.g., authentication, logging,
firewalls…)
 Challenges
 Additional risk when integrated with customer applications
 Needs certification and accreditation as a separate application
 Code updates

44
CLOUD NETWORK AND
PERIMETER SECURITY
 Advantages
 Distributed denial of service protection
 VLAN capabilities
 Perimeter security (IDS, firewall, authentication)

 Challenges
 Virtual zoning with application mobility

45
CLOUD SECURITY ADVANTAGES
 Data Fragmentation and Dispersal
 Dedicated Security Team
 Greater Investment in Security Infrastructure
 Fault Tolerance and Reliability
 Greater Resiliency
 Hypervisor Protection Against Network Attacks
 Possible Reduction of C&A Activities (Access to Pre-
Accredited Clouds)

46
CLOUD SECURITY ADVANTAGES
 Simplification of Compliance Analysis
 Data Held by Unbiased Party (cloud vendor assertion)
 Low-Cost Disaster Recovery and Data Storage Solutions
 On-Demand Security Controls
 Real-Time Detection of System Tampering
 Rapid Re-Constitution of Services
 Advanced Honeynet Capabilities

47
CLOUD SECURITY
CHALLENGES
 Data dispersal and international privacy laws
 EU Data Protection Directive and U.S. Safe Harbor program
 Exposure of data to foreign government and data subpoenas
 Data retention issues
 Need for isolation management
 Multi-tenancy
 Logging challenges
 Data ownership issues
 Quality of service guarantees

48
CLOUD SECURITY CHALLENGES
 Dependence on secure hypervisors
 Attraction to hackers (high value target)
 Security of virtual OSs in the cloud
 Possibility for massive outages
 Encryption needs for cloud computing
 Encrypting access to the cloud resource control interface
 Encrypting administrative access to OS instances
 Encrypting access to applications
 Encrypting application data at rest
 Public cloud vs internal cloud security
 Lack of public SaaS version control 49
 SEVEN TECHNICAL
SECURITY BENEFITS OF
CLOUD COMPUTING

50
1. CENTRALIZED DATA
 Reduced Data Leakage
 The data “landmines” of today could be greatly reduced
by the Cloud
 Monitoring benefits

central storage is easier to control and monitor

52
2. INCIDENT RESPONSE / FORENSICS
 Forensic readiness
 Decrease evidence acquisition time

 Eliminate or reduce service downtime

 Decrease evidence transfer time

 Eliminate forensic image verification time

 Decrease time to access protected documents

53
3. PASSWORD ASSURANCE TESTING
 Decrease password cracking time
you can use Cloud Compute to decrease crack time
 Keep cracking activities to dedicated machines

password cracker to spread the load across non-

production machines

54
4. LOGGING
 “Unlimited”, pay per drink storage
 Improve log indexing and search

 Getting compliant with Extended logging

55
5. IMPROVE THE STATE OF SECURITY
SOFTWARE
 Drive vendors to create more efficient security software
 Billable CPU cycles get noticed. More attention will be
paid to inefficient processes
Security vendors that understand how to squeeze the most
performance from their software will win

56
6. SECURE BUILDS

 Pre-hardened, change control builds

 Reduce exposure through patching offline

 Easier to test impact of security changes

57
7. SECURITY TESTING
Reduce cost of testing security
More attention will be paid to inefficient processes
Security vendors that understand how to squeeze the
most performance from their software will win.

58
PUBLIC STATISTICS ON CLOUD
ECONOMICS

59
 COST OF TRADITIONAL
DATA CENTERS
 11.8million servers in data centers
 Servers are used at only 15% of their capacity
 800 billion dollars spent yearly on purchasing and
maintaining enterprise software
 80% of enterprise software expenditure is on installation and
maintenance of software
 Data centers typically consume up to 100 times more per
square foot than a typical office building
 Average power consumption per server quadrupled from
2001 to 2006.
60
 Number of servers doubled from 2001 to 2006
 ENERGY CONSERVATION AND
DATA CENTERS
 Standard 9000 square foot costs $21.3 million to build with $1 million
in electricity costs/year
 Data centers consume 1.5% of our Nation’s electricity (EPA)
 .6% worldwide in 2000 and 1% in 2005
 Green technologies can reduce energy costs by 50%
 IT produces 2% of global carbon dioxide emissions

61
 CLOUD ECONOMICS
 Estimates vary widely on possible cost savings
 “If you move your data-centre to a cloud provider, it will
cost a tenth of the cost.” – Brian Gammage, Gartner Fellow
 Use of cloud applications can reduce costs from 50% to 90%
- CTO of Washington D.C.
 IT resource subscription pilot saw 28% cost savings -
Alchemy Plus cloud (backing from Microsoft)
 George Reese, founder Valtira and enStratus
 Using cloud infrastructures saves 18% to 29% before considering that you no
longer need to buy for peak capacity
62