Cloud computing - Security issues and remediation steps - Part 1

As we are coming to an end of 2009, I think it is appropriate to discuss the most talked about computing method and security concerns associated with that. Yes, I am talking about cloud computing and cloud security. Take a look at the Google trends data for this:

As you can see, cloud security has been getting lot of importance this year and it is going to continue though 2010 as well. It also made the number one in the list of Gartner’s top 10 technologies and trends that will be strategic for most organizations in 2010.

In this two part series, I will try to explain what cloud computing is, the benefits, security aspects, risks that comes with it, and what are the important things to check before an organizations decides to go in that direction.

What is cloud computing?

There are multiple definitions available, some of them are below:

NIST:

Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is comprised of five key characteristics, three delivery models, and four deployment models.

The Economist:

“Cloud-computing"-the delivery of computer services from vast warehouses of shared machines-enables companies and individuals to cut costs by handing over the running of their [enterprise applications] to someone else, and then accessing it over the internet.

Gartner

Cloud Computing. Cloud computing is a style of computing that characterizes a model in which providers deliver a variety of IT-enabled capabilities to consumers.

ENISA

 Cloud computing is an on-demand service model for IT provision, often based on virtualization and distributed computing technologies.

What are some of the benefits?


Having defined cloud computing, let's look at why organizations are moving towards cloud computing. Some of the benefits are:

• Cost benefits
• Performance improvements
• Availability improvements
• Availability of support personnel and expertise
• Strong SLAs with the provider may be a risk mitigation strategy

 What are some of the basic offerings?

 Even though there are many types of offerings within cloud computing, they all can be divided into three main categtories.

 1. Software as a Service (SaaS)


This type of service lets the consumer use the various applications running on provider’s infrastructure using a web browser. In this scenario, the provider manages the network, servers, operating systems, storage, and the applications. Vendors include Salesforce, Concur, Google, etc

2. Platform as a Service (PaaS)

This type of service lets the consumer deploy their own applications onto the cloud infrastructure. In this scenario, the provider manages the network, servers, operating systems, and storage, but the consumer has control over the deployed applications. Vendors include Google App Engine, Force.com, Intuit, etc

3. Infrastructure as a Service (IaaS)

This type of service lets the consumer use the infrastructure, which may include, the network, servers, operating systems, or storage. The consumers get to deploy any part of the infrastructure and they get to manage it as well. Vendors offering this type of service include Amazon EC2, rPath, Microsoft Azure, etc.

 
In the second part of the series, I will cover the security issues associated with this type of computing technology and identify a series of questions that organizations can ask the potential vendors.