• Cloud Computing Security

Introduction to Cloud computing

 Topics in Unit -1
• UNIT - I Introduction to cloud – Basic Concepts
and Terminology – Concepts and Models of
cloud computing – Cloud delivery and
deployment models.
 Cloud
• A cloud refers to a distinct IT environment that
is designed for the purpose of remotely
provisioning scalable and measured IT
resources.
• The term originated as a metaphor for the
Internet.
• A network of networks providing remote
access to a set of decentralized IT resources.
 Cloud Vs Internet

• A cloud has a finite boundary.

• There are many individual clouds that are
accessible via the Internet.
• Internet provides open access to many Web-
based IT resources,
• A cloud is typically privately owned and offers
access to IT resources that is metered.
• Much of the Internet is dedicated to the
access of content-based IT resources
published via the World Wide Web.

• IT resources provided by cloud environments,

on the other hand, are dedicated to supplying
back-end processing capabilities and user-
based access to these capabilities
• Another key distinction is that it is not
necessary for clouds to be Web-based even if
they are commonly based on Internet
protocols and technologies.

• A cloud can be based on the use of any

protocols that allow for the remote access to
its IT resources
 IT Resource
• An IT resource is a physical or virtual IT-related
artifact that can be either software-based,
such as a virtual server or a custom software
program, or hardware-based, such as a
physical server or a network device
 On-Premise
• cloud represents an option for the deployment of IT resources.
• An IT resource that is hosted in a conventional IT enterprise within
an organizational boundary (that does not specifically represent a
cloud) is considered to be located on the premises of the IT
enterprise, or on-premise for short.

• In other words, the term “on-premise” is another way of stating “on

the premises of a controlled IT environment that is not cloud-
based.”

• This term is used to qualify an IT resource as an alternative to

“cloud-based.” An IT resource that is on-premise cannot be
• cloud-based, and vice-versa.
• An on-premise IT resource can access and
interact with a cloud-based IT resource.
• An on-premise IT resource can be moved to a
cloud, thereby changing it to a cloud-based IT
resource.
• Redundant deployments of an IT resource can
exist in both on-premise and cloud-based
environments.
•An on-premise IT resource can access and
interact with a cloud-based IT resource.

• An on-premise IT resource can be moved to a

cloud, thereby changing it to a cloud-based IT
resource.

• Redundant deployments of an IT resource

can exist in both on-premise and cloud-based
environments.
Cloud Consumers and Cloud Providers
• The party that provides cloud-based IT
resources is the cloud provider.
• The party that uses cloudbased IT resources is
the cloud consumer.
• These terms represent roles usually assumed
by organizations in relation to clouds and
corresponding cloud provisioning contracts
 Scaling

• Scaling, from an IT resource perspective,

represents the ability of the IT resource to
handle increased or decreased usage
demands.
• The following are types of scaling:
• • Horizontal Scaling – scaling out and scaling
in
• • Vertical Scaling – scaling up and scaling
down
 Horizontal Scaling

• The allocating or releasing of IT resources that

are of the same type is referred to as
horizontal scaling.
• The horizontal allocation of resources is
referred to as scaling out and the horizontal
releasing of resources is referred to as scaling
in.
• Horizontal scaling is a common form of scaling
within cloud environments
An IT resource (Virtual Server A) is scaled out by adding more of
the same IT resources
(Virtual Servers B and C).
 Vertical Scaling

• When an existing IT resource is replaced by

another with higher or lower capacity.
• vertical scaling is considered to have occurred
• Specifically, the replacing of an IT resource with
another that has a higher capacity is referred to
as scaling up and the replacing an IT resource
with another that has a lower capacity is
considered scaling down.
• Vertical scaling is less common in cloud
environments due to the downtime required
while the replacement is taking place
 Cloud Service
• A cloud service is any IT resource that is made remotely
accessible via a cloud.
• Unlike other IT fields that fall under the service technology
umbrella—such as service-oriented architecture—the term
“service” within the context of cloud computing is
especially broad.

• A cloud service can exist as a simple Web-based software

program with a technical interface invoked via the use of a
messaging protocol, or as a remote access point for
administrative tools or larger environments and other IT
resource
 Cloud Service Consumer
• The cloud service consumer is a temporary
runtime role assumed by a software program
when it accesses a cloud service.

• common types of cloud service consumers can

include software programs and services capable
of remotely accessing cloud services with
published service contracts, as well as
workstations, laptops and mobile devices running
software capable of remotely accessing other IT
resources positioned as cloud services.
 Goals and Benefits
• Reduced Investments and Proportional Costs
• Similar to a product wholesaler that purchases
goods in bulk for lower price points, public
cloud providers base their business model on
the mass-acquisition of IT resources that are
then made available to cloud consumers via
attractively priced leasing packages
• The most common economic rationale for
investing in cloud-based IT resources is in the
reduction or outright elimination of up-front
IT investments, namely hardware and
software purchases and
• ownership costs
• This elimination or minimization of up-front
financial commitments allows enterprises to
start small and accordingly increase IT
resource allocation as required. Moreover,
the reduction of up-front capital expenses
allows for the capital to be redirected to the
core business investment
• The same rationale applies to operating
systems, middleware or platform software,
and application software.
• Pooled IT resources are made available to and
shared by multiple cloud consumers
 Common measurable benefits
• On-demand access to pay-as-you-go computing resources
on a short-term basis (such as processors by the hour), and
the ability to release these computing resources when they
are no longer needed.
• The perception of having unlimited computing resources
that are available on demand, thereby reducing the need to
prepare for provisioning.
• The ability to add or remove IT resources at a fine-grained
level, such as modifying available storage disk space by
single gigabyte increments.
• Abstraction of the infrastructure so applications are not
locked into devices or locations and can be easily moved if
needed.
• Increased Scalability
• By providing pools of IT resources, along with
tools and technologies designed to leverage
them collectively, clouds can instantly and
dynamically allocate IT resources to cloud
consumers, ondemand or via the cloud
consumer’s direct configuration.
• Increased Availability and Reliability
• The availability and reliability of IT resources are directly
associated with tangible business benefits. Outages limit
the time an IT resource can be “open for business” for its
customers, thereby limiting its usage and revenue
generating potential.

• Runtime failures that are not immediately corrected can

have a more significant impact during high-volume usage
periods. Not only is the IT resource unable to respond to
customer requests, its unexpected failure can decrease
overall customer
• confidence.
 Concepts and Models
• Roles and Boundaries
• Organizations and humans can assume
different types of pre-defined roles depending
on how they relate to and/or interact with a
cloud and its hosted IT resources.
• Each of the upcoming roles participates in and
carries out responsibilities in relation to cloud-
based activity.
• Cloud Provider
• The organization that provides cloud-based IT resources
is the cloud provider.

• When assuming the role of cloud provider, an

organization is responsible for making cloud services
available to cloud consumers, as per agreed upon SLA
guarantees.

• The cloud provider is further tasked with any required

management and administrative duties to ensure the
on-going operation of the overall cloud infrastructure.
• Cloud providers normally own the IT resources
that are made available for lease by cloud
consumers; however, some cloud providers
also “resell” IT resources leased from other
cloud providers
• Cloud Consumer
• A cloud consumer is an organization (or a
human) that has a formal contract or
arrangement with a cloud provider to use IT
resources made available by the cloud
provider.
• Specifically, the cloud consumer uses a cloud
service consumer to access a cloud service
• Cloud Service Owner
• The person or organization that legally owns a
cloud service is called a cloud service owner.
The cloud service owner can be the cloud
consumer, or the cloud provider that owns
the cloud within which the cloud service
resides
• Several cloud consumer organizations develop
and deploy cloud services in clouds owned by
other parties for the purpose of making the
cloud services available to the general public.
• The reason a cloud service owner is not called
a cloud resource owner is because the cloud
service owner role only applies to cloud
services
• Cloud Resource Administrator
• A cloud resource administrator is the person or
organization responsible for administering a
cloudbased IT resource (including cloud services).
• The cloud resource administrator can be (or belong to)
• the cloud consumer or cloud provider of the cloud
within which the cloud service resides.
• Alternatively, it can be (or belong to) a third-party
organization contracted to administer the cloudbased
• IT resource.
• The reason a cloud resource administrator is not
referred to as a “cloud service administrator” is
• because this role may be responsible for
administering cloud-based IT resources that don’t
exist as cloud services.
• For example, if the cloud resource administrator
belongs to (or is contracted by) the cloud
provider, IT resources not made remotely
accessible may be administered by this role (and
• these types of IT resources are not classified as
cloud services).
 Additional Roles
• Cloud Auditor – A third-party (often accredited) that
conducts independent assessments of cloud
environments assumes the role of the cloud auditor.
• The typical responsibilities associated with this role
include the evaluation of security controls, privacy
impacts, and performance.
• The main purpose of the cloud auditor role is to
provide an unbiased assessment (and possible
endorsement) of a cloud environment to help
strengthen the trust relationship between cloud
consumers and cloud providers.
• .
• • Cloud Broker – This role is assumed by a party
that assumes the responsibility of managing and
negotiating the usage of cloud services between
cloud consumers and cloud providers.
• Mediation services provided by cloud brokers
include service intermediation, aggregation, and
arbitrage.
• Cloud Carrier – The party responsible for
providing the wire-level connectivity between
• cloud consumers and cloud providers assumes
the role of the cloud carrier. This role is often
• assumed by network and telecommunication
providers
 Organizational Boundary
• An organizational boundary represents the
physical perimeter that surrounds a set of IT
resources that are owned and governed by an
organization.
• The organizational boundary does not represent
the boundary of an actual organization, only an
organizational set of IT assets and IT resources.
• Similarly, clouds have an organizational
boundary
 Trust Boundary
• When an organization assumes the role of cloud consumer
to access cloud-based IT resources, it needs to extend its
trust beyond the physical boundary of the organization to
include parts of the cloud environment.

• A trust boundary is a logical perimeter that typically spans

beyond physical boundaries to represent the extent to
which IT resources are trusted .

• When analyzing cloud environments, the trust boundary is

most frequently associated with the trust issued by the
organization acting as the cloud consumer.