Ministry Of Public Education.

Colegio Técnico Profesional de Upala. STN

Teacher: Javier Parajeles.

Cloud Computing: It based on software applications and hardware

equipment with processing capacity and data storage that are located in a
Datacenter that allows users to access available applications and services through
the “Cloud.” It's a natural evolution from virtualization, automation, and service-
oriented architectures.

Top benefits of cloud computing

Cloud computing is a big shift from the traditional way businesses think about IT
resources. Here are seven common reasons organizations are turning to cloud
computing services:

Cost
 Moving to the cloud helps companies optimize IT costs. This is because
cloud computing eliminates the capital expense of buying hardware and
software and setting up and running onsite datacenters—the racks of
servers, the round-the-clock electricity for power and cooling, and the IT
experts for managing the infrastructure. It adds up fast.
Speed
 Most cloud computing services are provided self service and on demand, so
even vast amounts of computing resources can be provisioned in minutes,

1
Ministry Of Public Education.
Colegio Técnico Profesional de Upala. STN
Teacher: Javier Parajeles.

typically with just a few mouse clicks, giving businesses a lot of flexibility
and taking the pressure off capacity planning.

Global scale
 The benefits of cloud computing services include the ability to scale
elastically. In cloud speak, that means delivering the right amount of IT
resources—for example, more or less computing power, storage, bandwidth
—right when they’re needed, and from the right geographic location.

Productivity
 Onsite datacenters typically require a lot of “racking and stacking”—
hardware setup, software patching, and other time-consuming IT
management chores. Cloud computing removes the need for many of these
tasks, so IT teams can spend time on achieving more important business
goals.

Performance
 The biggest cloud computing services run on a worldwide network of secure
datacenters, which are regularly upgraded to the latest generation of fast
and efficient computing hardware. This offers several benefits over a single
corporate datacenter, including reduced network latency for applications and
greater economies of scale.

Reliability
 Cloud computing makes data backup, disaster recovery, and business
continuity easier and less expensive because data can be mirrored at
multiple redundant sites on the cloud provider’s network.

Security
 Many cloud providers offer a broad set of policies, technologies, and
controls that strengthen your security posture overall, helping protect your
data, apps, and infrastructure from potential threats.

Types of cloud computing

Not all clouds are the same and no single type of cloud computing is right for
everyone. Several different models, types, and services have evolved to help offer
the right solution for your needs.
First, you need to determine the type of cloud deployment, or cloud computing
architecture, that your cloud services will be implemented on. There are three
different ways to deploy cloud services: on a public cloud, private cloud, or hybrid
cloud.

2
Ministry Of Public Education.
Colegio Técnico Profesional de Upala. STN
Teacher: Javier Parajeles.

Public cloud

Public clouds are owned and operated by third-party cloud service providers, which
deliver computing resources like servers and storage over the internet. Microsoft
Azure is an example of a public cloud. With a public cloud, all hardware, software,
and other supporting infrastructure is owned and managed by the cloud provider.
You access these services and manage your account using a web browser.

Private cloud

A private cloud refers to cloud computing resources used exclusively by a single

business or organization. A private cloud can be physically located on the
company’s onsite datacenter. Some companies also pay third-party service
providers to host their private cloud. A private cloud is one in which the services
and infrastructure are maintained on a private network.

Hybrid cloud

Hybrid clouds combine public and private clouds, bound together by technology
that allows data and applications to be shared between them. By allowing data and
applications to move between private and public clouds, a hybrid cloud gives your
business greater flexibility and more deployment options and helps optimize your
existing infrastructure, security, and compliance.

Types of cloud services: IaaS, PaaS, serverless, and SaaS

Most cloud computing services fall into four broad categories: infrastructure as a
service (IaaS), platform as a service (PaaS), serverless, and software as a service
(SaaS). These are sometimes called the cloud computing "stack" because they
build on top of one another. Knowing what they are and how they’re different
makes it easier to accomplish your business goals.

IaaS

The most basic category of cloud computing services. With infrastructure as a

service (IaaS), you rent IT infrastructure—servers and virtual machines (VMs),
storage, networks, operating systems—from a cloud provider on a pay-as-you-go
basis.

3
Ministry Of Public Education.
Colegio Técnico Profesional de Upala. STN
Teacher: Javier Parajeles.

PaaS

Platform as a service (PaaS) refers to cloud computing services that supply an

on-demand environment for developing, testing, delivering, and managing software
applications. PaaS is designed to make it easier for developers to quickly create
web or mobile apps, without worrying about setting up or managing the underlying
infrastructure of servers, storage, network, and databases needed for
development.

SaaS

Software as a service (SaaS) is a method for delivering software applications

over the internet, on demand and typically on a subscription basis. With SaaS,
cloud providers host and manage the software application and underlying
infrastructure, and handle any maintenance, like software upgrades and security
patching. Users connect to the application over the internet, usually with a web
browser on their phone, tablet, or PC.

Serverless computing

Overlapping with PaaS, serverless computing focuses on building app

functionality without spending time continually managing the servers and
infrastructure required to do so. The cloud provider handles the setup, capacity
planning, and server management for you. Serverless architectures are highly
scalable and event-driven, only using resources when a specific function or trigger
occurs.

Cloud Computing Threats, Risks, and Vulnerabilities

Cloud environments experience--at a high level--the same threats as traditional
data center environments; the threat picture is the same. That is, cloud computing
runs software, software has vulnerabilities, and adversaries try to exploit those
vulnerabilities. However, unlike information technology systems in a traditional data
center, in cloud computing, responsibility for mitigating the risks that result from
these software vulnerabilities is shared between the CSP and the cloud consumer.
As a result, consumers must understand the division of responsibilities and trust
that the CSP meets their responsibilities. Based on our literature searches and
analysis efforts, the following list of cloud-unique and shared cloud/on-premise
vulnerabilities and threats were identified. The figure below also details the threat
picture for cloud computing platforms.

4
Ministry Of Public Education.
Colegio Técnico Profesional de Upala. STN
Teacher: Javier Parajeles.

#1 Consumers Have Reduced Visibility and Control. When transitioning

assets/operations to the cloud, organizations lose some visibility and control over
those assets/operations. When using external cloud services, the responsibility for
some of the policies and infrastructure moves to the CSP.
#2 On-Demand Self Service Simplifies Unauthorized Use. CSPs make it very
easy to provision new services. The on-demand self-service provisioning features
of the cloud enable an organization's personnel to provision additional services
from the agency's CSP without IT consent. The practice of using software in an
organization that is not supported by the organization's IT department is commonly
referred to as shadow IT.
#3 Internet-Accessible Management APIs can be Compromised. CSPs expose
a set of application programming interfaces (APIs) that customers use to manage
and interact with cloud services (also known as the management plane).
Organizations use these APIs to provision, manage, orchestrate, and monitor their
assets and users. These APIs can contain the same software vulnerabilities as an
API for an operating system, library, etc. Unlike management APIs for on-premises
computing, CSP APIs are accessible via the Internet exposing them more broadly
to potential exploitation.
#4 Separation Among Multiple Tenants Fails. Exploitation of system and
software vulnerabilities within a CSP's infrastructure, platforms, or applications that
support multi-tenancy can lead to a failure to maintain separation among tenants.
This failure can be used by an attacker to gain access from one organization's
resource to another user's or organization's assets or data. Multi-tenancy increases
the attack surface, leading to an increased chance of data leakage if the separation
controls fail.

5
Ministry Of Public Education.
Colegio Técnico Profesional de Upala. STN
Teacher: Javier Parajeles.

#5 Data Deletion is Incomplete. Threats associated with data deletion exist

because the consumer has reduced visibility into where their data is physically
stored in the cloud and a reduced ability to verify the secure deletion of their data.
This risk is concerning because the data is spread over a number of different
storage devices within the CSP's infrastructure in a multi-tenancy environment. In
addition, deletion procedures may differ from provider to provider. Organizations
may not be able to verify that their data was securely deleted and that remnants of
the data are not available to attackers. This threat increases as an agency uses
more CSP services.
#6 Credentials are Stolen. If an attacker gains access to a user's cloud
credentials, the attacker can have access to the CSP's services to provision
additional resources (if credentials allowed access to provisioning), as well as
target the organization's assets. The attacker could leverage cloud computing
resources to target the organization's administrative users, other organizations
using the same CSP, or the CSP's administrators. An attacker who gains access to
a CSP administrator's cloud credentials may be able to use those credentials to
access the agency's systems and data.
#7 Vendor Lock-In Complicates Moving to Other CSPs. Vendor lock-in
becomes an issue when an organization considers moving its assets/operations
from one CSP to another. The organization discovers the cost/effort/schedule time
necessary for the move is much higher than initially considered due to factors such
as non-standard data formats, non-standard APIs, and reliance on one CSP's
proprietary tools and unique APIs.
#8 Increased Complexity Strains IT Staff. Migrating to the cloud can introduce
complexity into IT operations. Managing, integrating, and operating in the cloud
may require that the agency's existing IT staff learn a new model. IT staff must
have the capacity and skill level to manage, integrate, and maintain the migration
of assets and data to the cloud in addition to their current responsibilities for on-
premises IT.
#9 Insiders Abuse Authorized Access. Insiders, such as staff and administrators
for both organizations and CSPs, who abuse their authorized access to the
organization's or CSP's networks, systems, and data are uniquely positioned to
cause damage or exfiltrate information.
#10 Stored Data is Lost. Data stored in the cloud can be lost for reasons other
than malicious attacks. Accidental deletion of data by the cloud service provider or
a physical catastrophe, such as a fire or earthquake, can lead to the permanent
loss of customer data. The burden of avoiding data loss does not fall solely on the
provider's shoulders. If a customer encrypts its data before uploading it to the cloud
but loses the encryption key, the data will be lost. In addition, inadequate

6
Ministry Of Public Education.
Colegio Técnico Profesional de Upala. STN
Teacher: Javier Parajeles.

understanding of a CSP's storage model may result in data loss. Agencies must
consider data recovery and be prepared for the possibility of their CSP being
acquired, changing service offerings, or going bankrupt.