Cloud Computing Paper2

Download as pdf or txt
Download as pdf or txt
You are on page 1of 4

Cloud Computing – Security implications and Views

Abstract -Cloud computing is a relatively very popular and beneficial because they are easy and inexpensive in use,
recent term for virtualization, distributed computing and most scalable and no wasted resources. A hybrid cloud is a cloud
recently for networking, web and software services. It is flexible, or environment in cloud computing in which an organization
cost effective, reduced information technology overhead for the
locally provides and manages some resources and has others
end users, on-demand services and many more. Albeit the benefit
provided publically or externally. For example, an
of cloud computing are clear but we need to develop proper
organization might use a public cloud service, such
security for cloud implementation. This paper discusses the
concept of cloud computing and also concern about the security
as Amazon Simple Storage Service (Amazon S3) for archived
of clouds. data but continue to maintain in-local storage for operational
customer data. Ideally, the hybrid approach allows a business
Keyword- Cloud computing, Infrastructure-as-a-Service to take advantage of the scalability and cost-effectiveness that
(IaaS), Software-as-a-Service (SaaS), Platform-as-a-Service a public cloud computing environment offers without
(PaaS), Security. exposing mission-critical applications and data to third-party
vulnerabilities.
Cloud computing represents a way of computing that uses
internet and central remote servers to manage data and 1. Basic Layers
applications on internet. This computing permits their Hosted services are divided into three categories-
consumers to use applications without any installation of Infrastructure-as-a-services (IaaS), Platform-as-a-service
software and access their data at any time at any computer (PaaS), Software-as-a-service (SaaS)
with just an internet connection.
Main aim of cloud computing is to provide consumers and 1.1 Infrastructure-as-a-Service (IaaS)

businesses easy and scalable access to computing resources IaaS is the base layer of the cloud stack. It provides the
and services. foundation for the other two layers, for their execution. This
A cloud can be private, public and hybrid. Private or internal cloud stack uses a keyword virtualization. We can understand
cloud is one that provides hosted services (Amazon's Elastic this using Amazon EC2(Elastic Compute Cloud). In Amazon
Compute Cloud (EC2) or Simple Storage Service (S3)) to a EC2 our application will be executed on a virtual computer
few number of people. Public cloud is the basis of cloud
standard model of cloud computing, in which the service

providers provides the resources like applications and storage


to the public over the internet. Public cloud services may be
offered free or pay-per-usage based. Public clouds are

1
1.3 Platform-as-a-Service (PaaS)
For instace, next step up into the cloud from SaaS is the
Platform as a Service. While SaaS offers applications for end
users, PaaS offers a wide development platform for
developers. Developers do not need to worry about the
operating system, storage or hosting. Developers write the
code and the PaaS provider provides a very simple method to
upload that code and present it over the internet. The PaaS
provider provides the hardware, operating system, software
upgrades, security and everything else related to the day to
Figure-Basic Layers of Cloud Computing day hosting of an application to the developer. Mostly PaaS
providers are limited to specific languages and IDEs. As set
(instance). We are free to choose the configuration of virtual apart, the IDE is web based and in others, the IDE provides
computer, like configuration of CPU, memory & storage that features for uploading code.
is optimal for our application. The whole cloud infrastructure
viz. servers, routers, hardware based load-balancing, firewalls, 2. Difference between IaaS, SaaS, and PaaS
storage and other network equipments are provided by the The lowest level is infrastructure-as-a-service (IaaS). This is
IaaS providers. The customers buy these resources as a service where pre-configured hardware is provided via a virtualized
on a need basis. interface or hypervisor. There is no high level infrastructure
software provided such as an operating system, this must be
1.2 Software-as-a-Service (SaaS) provided by the buyer embedded with their own virtual
SaaS is one of the strategies of Cloud Computing, which is applications. Platform as a service (PaaS) goes a stage further
based on a "one-to-many" model whereby an application is and includes the operating environment included the operating
shared across multiple clients. system and application services. PaaS suits organizations that
SaaS apply a major impact on the software industry, because are committed to a given developing environment for a given
software as a service will be changed by the way of people application but like the idea of someone else maintaining the
build, sell, buy, and use software. Software as a service (or deployment platform for them. Saas offers fully functional
SaaS) is a way of delivering applications over the Internet-as a applications on-demand to provide specific and reliable
service. In other words we can simply access the software services such as email management, CRM, ERP, web
without any installation and maintaining of it specifically conferencing and an increasingly wide range of other
using internet connection. SaaS applications run on a SaaS applications.
provider's servers. The provider manages access to the
application, including security, availability, and performance. 3. Cloud Security
SaaS customers do not have hardware or software to buy, Security as a service is not only a reality but as the world
install, maintain, or update. Accessing applications is to make becomes a more insecure. The reality of the situation is that
easy: All we need is just an Internet connection. data is flowing through the internet in all over the world

2
Infrastructure today. The internet cloud makes up both the to control access to the web portal like management of user
private a public infrastructure of the worlds business and identities, configuration of applications and restriction on
private communication. access to the particular IP address ranges. In PaaS
If we take the fictitious assumption that the private cloud responsibility of managing the configuration, database
provide perfect transparency than the public cloud, but in software and application run time environment associated with
reality private cloud have some level of opacity. On the basis client rather than service provider.
of this assumption we conclude that public cloud have higher Most of the organizations are intrigued with these three
level of opacity than private cloud because of the perfect services because of their flexibility, reliability and cost
transparency of private clouds. Therefore anything that we can effectiveness but they are highly concerned about security.
know about the public cloud, we can also know about the Recent cloud studies show that lack of visibility and control,
private cloud, but the reverse is not true. Finally we conclude concerns about the protection of sensitive information and
that private clouds are more secure than public cloud. The storage of regulated information in a shared, externally via
policies, procedures, technologies, architecture, and controls their managed environment.
in place define the "security" of a given cloud. Risk analysis
and transparency are critical component in assessing the Conclusion-
security of a system. Higher risk associated with the lack of
In this paper we discussed, cloud computing which is internet
transparency with the public cloud provider can be mitigated:
based application services and depends on the inter cloud
If we securely encrypt the file systems in the cloud
computing (private) or intra cloud computing (public),in
If we keep the encryption keys away from the cloud
which clustering of networks via interconnected network
provider
made a significance impact on computer utilities.
These two controls offset the lack of transparency from the
Subsequently, data representation over internet in public or
cloud provider enabling us to meet our business objectives
private clouds embraces external giant network, helps to build
with only a moderately higher level of risk. Subsequently, if
security in networks of network. Although security is a major
the benefits of public cloud over private cloud outweigh that
aspect in inter or intra cloud computing as in terms refers to
moderate risk, then we should out rightly deploy in the public
security maintenance massive concentrations of resources and
cloud. Otherwise, the private cloud represents the best risk
data representation a more attractive way to attackers, and
scenario. If we determine the public cloud risk in this aura
cloud based privacy can be more reliable, scalable, robust and
apparently it is not acceptable even with the compensating
cost effective.
controls, however, that does not mean we have concluded that
our private cloud is more secure and protected than the public The key conclusion of this paper is the cloud’s economies of
cloud provider. scale, and flexibility both are friend and a foe they are
With IaaS, more responsibility for security maintain intertwined, when it comes to security aspects. Apart from that
amalgamated with the client than service provider for control inter cloud or intra cloud computing raising many challenging
and security. Highlighting, easily accessible features is features i.e. federations, cloud security, QOS, monitoring,
available to the operating system supporting virtual images, interoperability etc. And these resources spanning across
networking and storage etc. In SaaS most of the responsibility multiple servers, through three basic layers of cloud
for security maintaining associated and coordinated with computing- IaaS , PaaS, SaaS for building up external network
service provider. Service provider embraces number of ways via managed environment .highlighting , the features of

3
security aspects which lightens data representations and
business reviews makes easily accessible by building a huge
network over the external developed networks.

References

1. Michael Miller, Que, Amazon.com@Reviews Cloud


Computing: Web-Based Applications That Change
The Way You Work And Collaborate Online.

2. George Reese, Amazon.com Cloud Computing


Architectures: Building Applications And
Infrastructure In The Cloud( Theory In Practice(
O’Reilly).

3. Toby Velte, Antony Velte, Robert Elsenpeter Cloud


Computing, A Practical Approach.

4. http://en.wikipedia.org/wiki/Cloud_computing

You might also like