Cloud Computing: Evolution, Services, and Security Challenges, High school final essays of Computer science

The history, services, and security concerns of cloud computing. It discusses the evolution of cloud computing from its origins in the 1990s to its current state, including various cloud services such as infrastructure, software, application, and business clouds. The document also highlights the importance of trust and security in cloud computing, with a focus on data confidentiality, integrity, and availability.

Typology: High school final essays

2020/2021

Uploaded on 09/20/2021

anandsiriya
anandsiriya 🇮🇳

3 documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
It All Depends
John Harauz, [email protected]
Lori M. Ka ufman, lo ri.kau fman@ ieee.org
Bruce Potter, [email protected]
JULY/AUGUST 20 09 1540-7993/ 09/$26. 00 © 2009 IEEE COP UbLIShEd bY ThE I EEE COmPUTE r And rELIAbIL ITY SOCIE TIES 61
Lo r i M.
Ka u f M a n
BAE Systems
er s, p artn ers , an d ve ndor s. B y sh ar-
ing resources at various levels, this
platfor m offers various serv ices,
such as an infrastructure cloud (for ex-
ample, hardware or IT inf rastruc-
ture management), a software cloud
(such as software, middleware, or
traditional cu stomer relationship
management as a service), an ap-
plication cloud (application, UML
modeling tools, or socia l networks
as a service), and a business cloud
(for insta nce, business processes
as a service) (see www.thecloud
computing.org/2009/2/). Cloud
computing itself is a field within
service computing, a cross-disc ipline
that bridges the g ap between busi-
ness and IT services. This disci-
pline aim s to enable IT services
and computing technology to
perform busines s serv ices more ef-
ficiently and effect ively (see http://
tab.computer.org/tcsc/).
The UC Berkeley Space Sci-
ences Laboratory’s SETI@home
(Search for Extra-Terrestrial Intel-
ligence) project began in 1999 as
an attempt to implement distrib-
uted computing through comput-
ers connected vi a the Internet to
search for intelligent life beyond
Earth. This implementation’s suc-
cess demonstrated the viability of
using the Inter net as a host for grid
computing applications. Concu r-
rent with this project, others were
also developing their own va riants
of cloud computing.
Salesforce.com introduced one
of the first pract ical cloud comput-
ing implementations in 1999 and
established t he concept of del iver-
ing enterpri se services through a
Web site. In 20 02, Amazon Web
Services launched a suite of cloud-
This environment strives to be
dynamic, reliable, and custom iz-
able w ith a guaranteed quality of
service.1 Within this system, users
have a myriad of vir tua l resources
for t heir computing needs, a nd
they don’t need a complete un-
dersta nding of the infrastructu re.
Cloud computing’s advent has
made the declaration by Scott Mc-
Nealy, Sun Microsystems’ founder,
that “T he network is the comput-
er” a reality and given the old Sun
marketing motto a new life.
In this new world of comput-
ing, users are universa lly required
to accept the underlying premise
of trust. In fact, some have con-
jectured that trust is the biggest
concern facing cloud computing.2
Nowhere is the element of trust
more apparent than in security,
and many believe trust and secu-
rity to be synonymous. Here, I
examine some security issues and
the associated regulatory and legal
concerns that have arisen as cloud
computing emerges as a pri mar y
distr ibuted comput ing plat form.
Background
of the Cloud
The concept of cloud computi ng
has been evolvi ng for more than
40 years. In the 1960s, J.C.R.
Licklider introduced the ter m “in-
tergalactic computer network
at the Advanced Research Proj-
ects Agency. Th is concept ser ved
to introduce the concept that the
world came to know as the Inter-
net. The underlying premise was
a global interconnection of com-
puter programs and d ata.
The term “cloud originates
from the telecommunications
world of the 1990s, when pro-
viders beg an using vir tual pri-
vate network ( VPN) service s
for data communicat ion. VPNs
maint ained the same bandw idth
as fixed networks with consider-
ably less cost: these net works sup-
ported dyn amic routing, which
allowed for a balanced uti lization
acros s the net work a nd an i ncrea se
in bandwidth efficiency, and led
to the coining of the term “tele-
com cloud.” Cloud computing’s
premise is very similar in that it
provides a v irt ual computing en-
vironment that’s dynam ical ly al-
located to meet user needs.
From a technical perspective,
cloud computing includes service-
oriented architectu re (SOA) and
virtual applications of both hard-
ware and software. Withi n this
environment, it provides a scalable
services delivery platform. Cloud
computing sh ares its resources
among a cloud of serv ice consum-
I
n the 1990s, the world was introduced to the Internet,
and we began to see distributed computing’s power real-
i ze d o n a l ar ge sc a le . To da y, we ha ve th e a bi l it y to ut i li z e
scalable, distr ibuted computing environments within
the confines of the Internet, a practice known as cloud computing.
data Security in the World
of Cloud Computing
pf3
pf4

Partial preview of the text

Download Cloud Computing: Evolution, Services, and Security Challenges and more High school final essays Computer science in PDF only on Docsity!

John Harauz, [email protected] Lori M. Kaufman, [email protected] Bruce Potter, [email protected]

JULY/AUGUST 2009 ■ 1540-7993/09/$26.00 © 2009 IEEE ■ COPUbLIShEd bY ThE IEEE COmPUTEr And rELIAbILITY SOCIETIES 61

Lori M. K aufMan BAE Systems

ers, partners, and vendors. By shar- ing resources at various levels, this platform offers various services, such as an infrastructure cloud (for ex- ample, hardware or IT infrastruc- ture management), a software cloud (such as software, middleware, or traditional customer relationship management as a service), an ap- plication cloud (application, UML modeling tools, or social networks as a service), and a business cloud (for instance, business processes as a service) (see www.thecloud computing.org/2009/2/). Cloud computing itself is a field within s ervice computing , a cross-discipline that bridges the gap between busi- ness and IT services. This disci- pline aims to enable IT services and computing technology to perform business services more ef- ficiently and effectively (see http:// tab.computer.org/tcsc/). The UC Berkeley Space Sci- ences Laboratory’s SETI@home (Search for Extra-Terrestrial Intel- ligence) project began in 1999 as an attempt to implement distrib- uted computing through comput- ers connected via the Internet to search for intelligent life beyond Earth. This implementation’s suc- cess demonstrated the viability of using the Internet as a host for grid computing applications. Concur- rent with this project, others were also developing their own variants of cloud computing. Salesforce.com introduced one of the first practical cloud comput- ing implementations in 1999 and established the concept of deliver- ing enterprise services through a Web site. In 2002, Amazon Web Services launched a suite of cloud-

This environment strives to be dynamic, reliable, and customiz- able with a guaranteed quality of service.^1 Within this system, users have a myriad of virtual resources for their computing needs, and they don’t need a complete un- derstanding of the infrastructure. Cloud computing’s advent has made the declaration by Scott Mc- Nealy, Sun Microsystems’ founder, that “The network is the comput- er” a reality and given the old Sun marketing motto a new life. In this new world of comput- ing, users are universally required to accept the underlying premise of trust. In fact, some have con- jectured that trust is the biggest concern facing cloud computing. 2 Nowhere is the element of trust more apparent than in security, and many believe trust and secu- rity to be synonymous. Here, I examine some security issues and the associated regulatory and legal concerns that have arisen as cloud computing emerges as a primary distributed computing platform.

Background

of the Cloud

The concept of cloud computing has been evolving for more than 40 years. In the 1960s, J.C.R. Licklider introduced the term “in-

tergalactic computer network” at the Advanced Research Proj- ects Agency. This concept served to introduce the concept that the world came to know as the Inter- net. The underlying premise was a global interconnection of com- puter programs and data. The term “cloud” originates from the telecommunications world of the 1990s, when pro- viders began using virtual pri- vate network (VPN) services for data communication. VPNs maintained the same bandwidth as fixed networks with consider- ably less cost: these networks sup- ported dynamic routing, which allowed for a balanced utilization across the network and an increase in bandwidth efficiency, and led to the coining of the term “tele- com cloud.” Cloud computing’s premise is very similar in that it provides a virtual computing en- vironment that’s dynamically al- located to meet user needs. From a technical perspective, cloud computing includes service- oriented architecture (SOA) and virtual applications of both hard- ware and software. Within this environment, it provides a scalable services delivery platform. Cloud computing shares its resources among a cloud of service consum-

I

n the 1990s, the world was introduced to the Internet,

and we began to see distributed computing’s power real-

ized on a large scale. Today, we have the ability to utilize

scalable, distributed computing environments within

the confines of the Internet, a practice known as cloud computing.

data Security in the World

of Cloud Computing

62 IEEE SECUrITY & PrIVACY

based services, including storage, computation, and even human intelligence through the Amazon Mechanical Turk. It followed up

this accomplishment in 2006 with its Elastic Compute Cloud (E2C) service, which provides a com- mercial service through which users can rent computers and run their own applications. AT&T also entered the cloud computing realm when it acquired USinter- networking (USi) in 2006. USi was an application service provid- er for more than 30 countries. In 2008, AT&T introduced Synaptic, which combined USi’s five Inter- net data centers in the US, Eu- rope, and Asia to serve as regional gateways within its cloud. Today, the latest example of cloud computing is Web 2.0; Google, Yahoo, Microsoft, and other service providers now offer browser-based enterprise service applications (such as webmail and remote data backup). Now that cloud computing has emerged as a viable and readily available plat- form, many users from disparate backgrounds (for example, finan- cial institutions, educators, or cy- bercriminals) are sharing virtual machines to perform their daily activities. This environment re- quires an implicit level of trust as well as an explicit level of vigi- lance to ensure success.

Security and

Responsibility

Within the cloud computing world, the virtual environment lets users access computing power that exceeds that contained within their own physical worlds. To enter this virtual environment requires

them to transfer data throughout the cloud. Consequently, several data storage concerns can arise. Typically, users will know neither

the exact location of their data nor the other sources of the data collectively stored with theirs. To ensure data confidentiality , integrity , and availability (CIA), the storage provider must offer capabilities that, at a minimum, include

  • a tested encryption schema to ensure that the shared storage environment safeguards all data;
  • stringent access controls to pre- vent unauthorized access to the data; and
  • scheduled data backup and safe storage of the backup media.

Security is implicit within these capabilities, but further fundamental concerns exist that need attention. For example, is security solely the storage provid- er’s responsibility, or is it also in- cumbent on the entity that leases the storage for its applications and data? Furthermore, legal is- sues arise, such as e-discovery, regulatory compliance (including privacy), and auditing. The range of these legal concerns reflects the range of interests that are cur- rently using or could use cloud computing. These issues and their yet-to-be-determined answers provide significant insight into how security plays a vital role in cloud computing’s continued growth and development. To overcome these and other concerns, we must develop a se- curity model that promotes CIA. This model could enable each cloud to offer a measure of its to-

date and projected CIA, but the obvious difficulty is that obtain- ing security data is difficult, if not impossible. This problem has ex- isted since computing’s advent due to financial, business, and national security concerns. It might be exacerbated in cloud computing because the need to provide data confidentiality can also impact in- cident reporting.

Who Will Use Clouds

and Proffer Security?

Cloud computing users range from individuals and small businesses to Fortune 500 firms and govern- ments. According to a September 2008 survey from the Pew Re- search Institute, nearly 69 percent of Americans use cloud computing services (such as webmail and on- line data backup sites). 3 In India, companies such as Ashok Ley- land, Tata Elxi, Bharti, Infosys, Asian Paints, and Maruti are either piloting or using cloud computing. Additionally, nearly 1,500 compa- nies in India already use blended (voice-chat-data) cloud-based com- munication services from vendors such as Cisco WebEx and Micro- soft.^4 The US government projects that between 2010 and 2015, its spending on cloud computing will be at approximately a 40-percent compound annual growth rate (CAGR) and will pass $7 billion by 2015.^5 A major selling point for cloud computing is that it offers significant computing capability that otherwise might not be af- fordable. For example, a startup might not have the resources to purchase in-house computers or ensure the necessary secu- rity, but the cloud offers a cost- effective alternative. Similarly, well-established entities might see the cloud as an effective way to reduce costs and improve IT capabilities. Although these two examples might be at the ex- tremes, they describe the range of entities that will be partner-

The US government projects that between 2010 and 2015,

its spending on cloud computing will be at approximately

a 40-percent compound annual growth rate and will pass

$7 billion by 2015.

64 IEEE SECUrITY & PrIVACY

created a cloud computing security group. This group envisions its role as promoting “the effective and se- cure use of the technology within government and industry by pro- viding technical guidance and promoting standards” (see http:// csrc.nist.gov/groups/SNS/cloud- computing/index.html). NIST has recently released its draft “Guide to Adopting and Using the Securi- ty Content Automation Protocol” (SCAP; see http://csrc.nist.gov/ groups/SNS/cloud-computing/in- dex.html), which identifies a “suite of specifications for organizing and expressing security-related infor- mation in standardized ways, as well as related reference data, such as identifiers for software flaws and security configuration issues.” 4 Its application includes maintaining enterprise systems’ security. Inter- estingly, a major concern included in SCAP is the lack of interoper- ability among system-level tools. It states that

many tools for system security, such as patch management and vulnerability management soft- ware, use proprietary formats, nomenclatures, measurements, terminology, and content. For example, when vulnerability scanners do not use standard- ized names for vulnerabilities, it might not be clear to security staff whether multiple scanners are referencing the same vul- nerabilities in their reports. This lack of interoperability can cause delays and inconsistencies in security assessment, decision- making, and remediation.

This concern is but one of many SCAP has noted that needs action.

I

n addition to NIST’s efforts, the industry itself can affect an enterprise approach to cloud secu- rity. If it applies due diligence and develops a policy of self-regulation to ensure that security is effec-

tively implemented throughout all clouds, then this policy can serve to facilitate law-making as well. By combining industry best practices with the oversight NIST and other entities are developing, we can effectively address cloud computing’s future security needs. To achieve a recognized and ac- tionable security policy, SCAP recommends that organizations demonstrate compliance with se- curity requirements in mandates such as the US Federal Informa- tion Security Management Act (FISMA). By adhering to this ap- proach, the policy needed to en- sure cloud security can provide effective governance to both in- dustry and lawmakers.

References

  1. L. Wang et al., “Scientific Cloud Computing: Early Definition and Experience,” Proc. 10th Int’l Conf. High-Performance Computing and Communications (HPCC 08), IEEE CS Press, 2008, pp. 825–830. 2.J. Urquhart, “The Biggest Cloud- Computing Issue of 2009 is Trust,” C-Net News , 7 Jan. 2009; http:// news.cnet.com/8301-19413_ 3 -10133487-240.html. 3.J.B. Horrigan, “Cloud Com- puting Gains in Currency,” 12 Sept. 2008, http://pewresearch. org/pubs/948/cloud-computing -gains-in-currency. 4.S. Singh, “Different Cloud Com- puting Standards a Huge Chal- lenge,” The Economic Times , 4 June 2009; http://economictimes.india times.com/Infotech/Different -cloud-computing-standards/ar- ticleshow/4614446.cms. 5.“US Federal Cloud Computing Market Forecast 2010–2015,” tab- ular analysis, publication: 05/2009.

Lori M. Kaufman is a deputy chief technology officer at BAE Systems. Her research interests include cybersecurity, software assurance, and biometrics. Kaufman has a PhD in electrical engi- neering from the University of Virginia. Contact her at [email protected].

Computational

tools and

methods for 21st

century science.

MEMBERS

$47/year

for print and online

Subscribe to CiSE online at

http://cise.aip.org and

www.computer.org/cise

Interdisciplinary

Communicates to those at the intersection of science, engineer- ing, computing, and mathematics

Emphasizes real-world applica- tions and modern problem-solving