27-07-2012, 03:50 PM
Security Issues in Cloud Computing
Security Issues.ppt (Size: 268 KB / Downloads: 423)
Talk Objectives
Present cloud issues/characteristics that create interesting security problems
Identify a few security issues within this framework
Propose some approaches to addressing these issues
Preliminary ideas to think about
Cloud Computing Background
Features
Use of internet-based services to support business process
Rent IT-services on a utility-like basis
Attributes
Rapid deployment
Low startup costs/ capital investments
Costs based on usage or subscription
Multi-tenant sharing of services/ resources
Essential characteristics
On demand self-service
Ubiquitous network access
Location independent resource pooling
Rapid elasticity
Measured service
“Cloud computing is a compilation of existing techniques and technologies, packaged within a new infrastructure paradigm that offers improved scalability, elasticity, business agility, faster startup time, reduced management costs, and just-in-time availability of resources”
Cloud Computing: who should use it?
Cloud computing definitely makes sense if your own security is weak, missing features, or below average.
Ultimately, if
the cloud provider’s security people are “better” than yours (and leveraged at least as efficiently),
the web-services interfaces don’t introduce too many new vulnerabilities, and
the cloud provider aims at least as high as you do, at security goals,
then cloud computing has better security.
Loss of Control in the Cloud
Consumer’s loss of control
Data, applications, resources are located with provider
User identity management is handled by the cloud
User access control rules, security policies and enforcement are managed by the cloud provider
Consumer relies on provider to ensure
Data security and privacy
Resource availability
Monitoring and repairing of services/resources
Lack of Trust in the Cloud
A brief deviation from the talk
(But still related)
Trusting a third party requires taking risks
Defining trust and risk
Opposite sides of the same coin (J. Camp)
People only trust when it pays (Economist’s view)
Need for trust arises only in risky situations
Defunct third party management schemes
Hard to balance trust and risk
e.g. Key Escrow (Clipper chip)
Is the cloud headed toward the same path?