System Software and Network Security
Table of contents
- Security Factors To Consider When Choosing A Good Cloud Provider.
- Types of Cloud Computing.
- Public Cloud.
- Benefits of Public Cloud Computing.
- Drawbacks of Public Cloud Computing.
- Applications suitable for Public Cloud Computing.
- Private cloud.
- Benefits of Private Cloud.
- Challenges of Private Cloud computing.
- Hybrid Cloud.
- Benefits of Hybrid Cloud.
- Public Cloud.
- Final Thoughts.
Cloud computing which is becoming one of the next industry buzz worlds, is defined as the use of a collection of various distributed services, different applications, information as well as infrastructure which comprise of pools of computers, various networks, information as well as storage resources. It’s joining the ranks of grid computing, utility computing, and virtualization and clustering. The term cloud computing comes from the use of the term ‘cloud’ image to signify the Internet or a large networked environment. The cloud computing technology adopts the use of services to replace the data pipes, routers and servers. Despite an underlying hardware as well as software for networking being there, there is the presence of higher level service capabilities used to build the applications. This therefore means that the user doesn’t need to worry how the implementation is done, technologies used or the management issues. The main area of concern should be the access to it as well as the reliability level required to meet the user requirements.
Cloud computing is in a way similar to distributed computing. This means that the application is built using the resource from the multiple services available in multiple locations. A client is therefore required to know the end points to access the services instead of the cloud having to offer you with all the services. Behind the given service interface is usually a grid of many computers put to provide the resources. Normally an application or a service developer usually requests a service from the cloud rather that from a specific endpoint. For the cloud to manage multiple infrastructures across multiple organizations, a number of framework mechanisms are required namely: Self-healing, self-monitoring, automatic reconfiguration, resource registration and discovery etc.
The cloud computing has been surrounded by much hype as well as marketing strategies of how the IT infrastructure will eventually be placed in the “Cloud” if one needs to keep at pace with the technological advances. It’s widely acceptable that there is a wide array of benefits accruing from cloud computing. This includes fast deployment, scalability, business agility, and lower costs (Hurwitz, 2009). Despite these accruing benefits, there is a great danger to a cloud customer. With new providers emerging each day offering the cloud based services, this makes it very difficult for future cloud adopters to undertake due diligence and proper evaluation of the options.
Whenever the company decides on the type of cloud (public, private, hybrid) (Furht, 2010) as well as the cloud service (IaaS, PaaS, SaaS) which best suits its specific infrastructure and the business needs, the next major task should be to choose the one specific vendor who is able to provide the above services putting into consideration both cost and performance. At the moment there are no universal standards with which a user can use to evaluate the different cloud service providers which make the entire process quite challenging. Nevertheless there are a few guidelines that a company should put in place before deciding on the best cloud service provider.
Most common reasons why companies are being drawn to this type of cloud service is that it offers good choice for companies having complex applications running on the company-owned hardware infrastructure. The companies’ further benefit by avoiding the upfront capital hardware investments since this particular model is based on the pay-per-use model. Before transferring parts or the entire IT infrastructure to the cloud, companies need to state down the specific service requirements the company needs in terms of support, security, monitoring.
Security Factors to Consider When Choosing a Good Cloud Provider
However with the many available choices of providers to choose from, the selection of the appropriate one might seem daunting and that’s why we shall state some of the important things that we need to consider.
Required Storage Space: You need to put into consideration the space you require while you are marketing for a cloud storage provider. This helps you calculate the true cost per GB and this will assist in choosing the best provider as well as the best plan that actually fits your business needs at the most affordable price. If the storage space is a limited one, there are a number of free cloud storage services available and can offer anywhere between 1GB to 500GBs.
Pricing: this is always another important consideration. Care should be taken when choosing not only the actual price but also the best pricing model. One need to check if the provider offers the pay as you go plans or the fixed price plans.
Compatibility: this is also an important factor to consider. You need to establish the number as well as the various types of platforms that the various providers support. This is very important especially if you will be accessing your files using a variety of different devices and platforms.
Security: this is one of the main concerns with any potential and current cloud storage user. You need to check if the stored files are usually encrypted and if so what kind of encryption is used.
Performance: this is one of the main concerns for consideration. The greatest challenge is usually achieving the high-speed application delivery in the cloud. Performance issues to be considered include the geographical proximity of the application and the data to the end-user, the network performance within the given cloud as well as the in-and-out of cloud.
Possible Limitations: this is also an important factor. You need to verify the providers’ limitations. A provider may decide to offer unlimited storage space but limit the monthly bandwidth, or rather the maximum file size or the number of devices that can be used with the account.
Trust: you need to consider a service provider with whom you can entrust some of your most valuable assets, data back-up, intellectual property or the contents fueling the business. Care should be taken in choosing a cloud service provider which is in good financial strength, engages in ethical business practices as well as providing fair and equitable terms and conditions for service.
Assistance: clients need to determine what levels of assistance and support they will receive by subscribing to the service of the said cloud provider. The phone, e-mail, online (self-support) mechanism as well as the languages which the said provider provides. There are some providers that offer provision for integration as well as the development support for the cloud storage services that are available for any application development.
Ease of use: the complexity level of the given service can help determine if the cloud service provider is offering you the solutions full value. Ensure that the services are simple to integrate with your existing IT environment as well as easy implementation that hence reduce the overall operating costs and the switching costs.
Quality Commitment: another important factor to consider is quality of the provided service. The enterprise class services usually entail a well defined SLA (Service-Level-Agreement) that indicates the various provisions should the specific service quality fail to be met. This is because there are some service providers who set service objectives that they aren’t able to deliver.
Flexibility: Another important factor is to check if the specified cloud service provider is willing to adapt their services while working with you to suit your specific needs. It’s also vital to consider if the provided service provides room for future growth which aligns with your organizations changing business trends.
There are various types of cloud computing types namely the Public cloud, private cloud, hybrid cloud and community cloud. Whereas the three models have similar traits, they also embrace key features that make one a better choice for your business’ IT needs compared to others.
Types of Cloud Computing
A public cloud is defined as one that is based on the cloud computing model in which a given service provider makes the resources, usually applications as well as storage available to the general public over the Internet via web applications or web services.
Benefits of Public Cloud Computing
The main benefits accruing a public cloud are; it easy and inexpensive to set-up since the hardware, applications as well as the bandwidth costs is catered for by the provider. Secondly it is scalable meaning that it is able to meet the increasing business IT needs of clients. Thirdly, it ensures that resources are not wasted since a customer only pays for what he/she will use. In addition, as opposed to the private cloud where the entire infrastructure is designed as per clients’ specification, a public cloud is purchased online, configured and later deployed automatically usually through the providers’ website. Lastly is that it offers API access which enables the users to programmatically spin up as well as killing the servers through the API Access. This is very important for systems that need the spinning up of vast number of servers i.e. in research as well as test environments
Drawbacks of Public Cloud Computing
Despite the public computing being attributed with a lot of benefits, there are some drawbacks that one needs to be wary of before choosing this type. The first drawback is Security and compliance. Majority of the medium as well as the large enterprises prefer the private cloud since it handles network and the data security issues well as compared to the public. Secondly it doesn’t offer high availability Fail over. This therefore means that if the host crashes then all the virtual servers as well as the data on the particular hardware also get lost. This is because the public clouds aren’t built to support the high availability or the automatic fail over. Lastly, is the huge number of fraudsters and spammers. It’s believed that a single public cloud provider can accumulate fraud rates as high as 80% since the sign-up as well as the deployment process is usually easy and fast.
Moreover not all applications are usually fit for a public cloud. This therefore means that most of the mid-size as well as the large enterprises that wish to ensure the security and safety of their corporate as well as the client data will go for private cloud rather than a public cloud.
Applications Suitable for Public Cloud Computing
Nevertheless there are a number of applications that are most suited for public cloud hosting. They include the:
Compute intensive Research Applications: In the University of Michigan, the researchers spin up 1000’s of cores when running the DNA, genome as well as the weather analysis programs. Since the Public cloud is cost effective it provides a favorable tool for research computing.
Noncritical Web Servers: it is ideal for those applications where the crash of a given server or the loss of data is not a critical matter to the organization. Good examples of public clouds are the Amazon Elastic Compute Cloud (ECZ), Google AppEngine and Sun Cloud.
Private cloud is defined as the cloud infrastructure that that is usually operated solely for a given organization. It’s therefore managed by the organization or a third party and can be made to exist on or off premises of the organization. Whereas its similar to virtualization at the server, workstation or even application levels, it embraces enhance features which are usually appealing to most businesses.
Benefits of Private Cloud
First it offers increased data security. This therefore means that you as well as your business are in control of the security since the data will never leave the organization. Secondly, it has simple compliance enforcement. This is unlike the hybrid cloud computing or the traditional cloud computing where government regulations may prohibit your organization fro using them depending on your vertical market. While using a private cloud computing you are able to grab the benefits of cloud computing features while ensuring that all regulated data is onsite and secure. It also offers customized IT network control. By using private cloud, one is free to customize the given network to suit the specific business needs.
Challenges of Private Cloud Computing
Despite private cloud being a favorable tool for organization that need security with their information, a number of challenges still befall the private cloud.
First is image management. Private clouds are attributed with the virtual images which are the foundations on top of which the users build the value. To be able to effectively and efficiently manage the virtual images is usually no small task. This is because you need a centralized repository for all the images that will also provide governance in terms of version control, fine grained access as well as the change history. The repository must also provide easy integration of the components which will drive provisioning into the private cloud. By using advance image management solutions, they keep the number of images at repository at minimum thus ensuring that reduced management overheads.
Secondly, is the service management. Most of the private cloud initiatives usually start small and grow to later address future long-term goals. Once the given private cloud beyond the defined scope, the company must handle the challenge of effective management of the various services being offered by the cloud. They therefore are required to maintain a service catalog. While doing that, they are required to be on the watch for a few capabilities. These include basic governance capabilities for the case of image management solutions.
The third challenge is getting meaningful elasticity. This is one of the most eye-catching as well as an intriguing aspect of the private cloud. Users should be able to get the right amount of resources at the right time. For example a company should be in a position to dictate that scaling out a poorly performing back-office application should not have adverse effects on the performance of another revenue generating application.
Good examples of private cloud are the VMware, vCloud and Citrix VDI.
A hybrid cloud is composed of at least one private cloud as well as at least one public cloud. It is defined a cloud computing where the organization usually provides and manages some of the resources in-house and has the rest provided externally.
Benefits of Hybrid Cloud
There is increased convenience and flexibility. This is because the managers are able to decide on the particular data and applications that should reside within and be run from the private cloud and those that should be moved to the public cloud.
Secondly, there is API compatibility. For instance many public cloud providers including Terremark have deployed WMware vcloud Express in the datacenters which enables enterprises already using the technology to extend their private data center to a public cloud provider.
It therefore means that the hybrid cloud are likely to play an important part in making the cloud computing more accessible and of value to the enterprises and that it will finally become increasingly vital and hence be deployed
From the above research, it is evident that most of the cloud providers are not focused on the security in the cloud but rather their main concern is the delivery of the their customers need i.e. low cost solutions, fast application deployment which will improve the customer service while increasing the efficiency of the IT function.
It is therefore important for the end-users who plan to use the cloud services to cautiously look for a good provider who has met most of the above stated security breaches witnessed on many providers.
- Furht, B. et al. (2010) Handbook of Cloud Computing, New Mexico: Springer, p.330-350.
- Hurwitz, J. et al. (2009) Cloud Computing For Dummies –For dummies Volume 1 of Bestselling computer book series, New York: John Wiley & Sons, p.8-13.
- Krutz, R. and Vines, R. (2010) Cloud Security: A Comprehensive Guide to Secure Cloud Computing, New York: John Wiley & Sons, p.153-180.
- Marks, E. and Lozano, B. (2010) Executive’s Guide to Cloud Computing, New York: John Wiley and Sons, p.60-100.
- Molen, F. (2010) Get Ready for Cloud Computing Van Haren Series, Cape Town: Van Haren Publishing, p.75-100.
- Smoot, S. and Tan, N. (2011) Private Cloud Computing: Consolidation, Virtualization, and Service-Oriented Infrastructure, New York: Elsevier, p.9-11.
- Manzuik S, Gold A & Gatford C. (2007) Network security Assessment: from vulnerbility to patch,
- Stallings W. (2005), Cryptography and Network Security: Rockland, Ma: Syngress Publishing
- Oppliger R. (1998) Internet and Intranet Security, London: McGraw-Hill
- Scambray J & McClure S. (2008) Hacking Exposed Windows: Windows Security, Secrets and Solutions: London: McGraw-Hill
- Schneier B. (2000) Secrets and Lies: Digital Secrets in a Networked World, Chichester: John Wiley.
- Burgess M. (2003), Principles of Systems and Network Administration: Chichester, John Wiley
- Cheswick W & Bellovin S. (1994) Firewalls and Internet Security: Repelling the Wily Hacker, Wokingham: Addison-Wesley
- Forouzan B.A. (2008) Introduction to Network Security and Cryptography, London: McGraw-Hill