Скачиваний:
50
Добавлен:
20.06.2019
Размер:
50.48 Mб
Скачать

268

F. Gagliardi and S. Muscella

able to scale to support massive enterprise applications, provide seamless support for third party applications, and easily substitute in-house management and monitoring tools.

The current opportunities are for the next generation of cloud computing virtualization providers (e.g. 3Tera, Xen), computing giants with massive data centers (e.g. Amazon), bridging providers and integrated Platform as a Service (PaaS) (e.g. Google, Elastra), and for SaaS systems providers for databases, app servers, and business intelligence (e.g. salesforce.com).

Overall, hyper-competitive markets are pushing the business to demand ever faster time to market, reduced entry/exit barriers, while reducing IT costs, allowing SMEs to have world-class enterprise application functionality at affordable price points, and startups to build their infrastructure on clouds to gain cost advantages. Existing companies are starting to consider migrating just to remain at par.

15.1.13  Priorities Moving Forward

While many cloud providers’ solutions for extending applications between physically distributed resources are still at the concept stage, the market should expect significant developments over the coming months by hosting services to the providers, which bridge the gap between dedicated application hosting and cloudbased infrastructure services.

These two approaches have plenty in common, perhaps, the most important being that the larger Grid infrastructures and Clouds run on shared infrastructure accessed via the network, often remotely.

It is this common attribute that results in shared problems that both the Grid and Cloud communities need to address, including, but not limited to, the portability of services and data between grids or clouds, the secure access to and operation of those services, the secure movement and storage of data, the need for location awareness to cater for disparate regulatory requirements, unified management for both internal and external platforms, etc.

15.2  Conclusions

Standardization and interoperability are invaluable characteristics to a successful application of distributed computing, either the already mature grid e-Infrastructure efforts or the momentum around its cloud-focused counterparts in the industry. As grids made the transition from academic and research exclusivity to potential industry adoption, the role of standardization took precedence. The same must be done for clouds, but being mindful that its arrival has taken quite a different path. Contrary to the evolution of grid, cloud computing has seen its growth through

15  Cloud Computing – Data Confidentiality and Interoperability Challenges

269

business interest as the practical Infrastructure as a Service (IaaS) model. The challenge now is to see how this can be best adapted toward further strengthening of e-Infrastructure and its e-Science communities.

One of the Ten Cloud Computing Predictions for 2009, by Michael Sheehan [15], was the obvious conclusion that Cloud adoption will be significant in 2009. Moreover, Sheehan also insisted that the government will play a much larger role too. The French government’s mission is to bring the Cloud to their government infrastructure. With the 2008 US Election, Barack Obama proved how critical an online presence was to furthering the concept of change in many EU27 governments. Cloud computing certainly implies risks as discussed in this chapter, but creates economies of scale that can benefit large as well as small government organizations.

One of the major concerns in today’s society is still data security. Cloud providers will give you a list of legal terminology about what will happen to the data in the cloud and who it is invisible to, and the customer may request to lock down sets of machines by building a firewall. Moreover, if the customer requires tighter controls beyond the service offered by default due to regulatory issues, then this becomes open to further discussion and no doubt ambiguous interpretation. If the customer has publicly available data, then this is a non-issue, but is still an area of further analysis. A recent Avanade study found that on a margin of five to one, consumers placed a higher priority of security of their data in the cloud over potential economic benefits and efficiencies [16]. These are not new issues; nevertheless, some further challenges for the future in the scope of cloud computing cover the analysis of internal data protection, communication, foundational security between the provider and the customer, and virtualization security.

At a Cloudscape event organized in Brussels in January 2009 to explore the cloud computing landscape and its impact on enterprise Information Technology in collaboration with an EC-funded project OGF-Europe [17], some thought-provoking conclusions were drawn to the extent that a follow-up was organized in February 2010 to address the points further. A clear need for grid/cloud standardized operation guidelines emerged from interactive discussions exploring enterprise feedback on standards requirements.

Areas of further efforts among the e-Science and industry communities lie in pursuing the clarification of grid/cloud taxation aspects while operating grids/ clouds, introducing guidelines for handling/guaranteeing privacy in clouds and grids (liability issues), and in general providing guidelines for work across legislative domains.

Finally, while Enterprise and Government are pioneering fields, it is expected that industrial adoption will proceed apace as organizations seeking to gain energy efficiency and offload expensive data center infrastructure to be replaced by on-demand access to cloud resources. We anticipate that this field will be cost-sensitive, and in spite of much fear about security, 80% or more of the organizations’ IT implementation could be via cloud computing resources in the future.

270

F. Gagliardi and S. Muscella

References

1.Section 1 How secure is your cloud? A close look at cloud computing security issues. This is the first document in the “Secure Cloud Computing” series by Chenxi Wang, Ph.D. with Jonathan Penn, Allison Herald

2.Privacy in the clouds: risks to privacy and confidentiality from cloud computing. Prepared by Robert Gellman for the World Privacy Forum, Date February 23, 2009 World Privacy forum. http://www.worldprivacyforum.org/cloudprivacy.html

3.Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. http://ec.europa.eu/justice_home/fsj/privacy/docs/95-46-ce/dir1995- 46_part1_en.pdf and http://ec.europa.eu/justice_home/fsj/privacy/docs/95-46-ce/dir1995- 46_part2_en.pdf

4.Adoption of Council Conclusions of the future of ICT research, innovation and infrastructures

16128/09 of the 25th November 2009, Brussels, BE

5.http://www.w3.org/DesignIssues/GovData.html Putting Government Data Online by TimBerners Lee

6.http://www.cloudsecurityalliance.org/

7.Privacy, Security and Identity in the Cloud Giles Hogben European Network & Information Security Agency ENISA. http://www.enisa.europa.eu/

8.Cloud Computing Report Benefits, risks and recommendations for information security http:// www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/

9.http://cloud-standards.org. Every SDO has representatives that maintain the wiki updated

10.Dave Bost, Developer Evangelist at Microsoft focusing on the Visual Studio tools and the

.NET application platform

11.ZEND Framework – http://framework.zend.com/about/overview

12.Jean-Christophe Cimetiere – Sr. Technical Evangelist, Microsoft. http://blogs.msdn.com/ interoperability/archive/2009/09/10/viewing-public-government-data-with-windows-azure- and-php-a-cloud-interoperability-scenario-using-rest.aspx?CommentPosted=true#commentm essage

13.http://www.microsoft.com/presspass/press/2009/may09/05-07OpenGovDataInitiativePR. mspx

14.Is Cloud Computing Killing Open Source in Government? Gartner September 2nd, 2009

15.Ten Cloud Computing Predictions for 2009, Written by Michael Sheehan on Dec 2nd, 2008. Filed under: cloud computing, features, general, GoGrid, Hosting, Industry, Partners, ServePath. Read more: http://blog.gogrid.com/2008/12/02/ten-cloud-computing-predictions- for-2009/#ixzz0TOFX54F5

16.http://www.avanade.com/us/_uploaded/pdf/pressrelease/uscloudsurveyreleasefinal053414. pdf. Avanade is an IT consultancy joint venture between Microsoft and Accenture

17.CLOUDSCAPE – A Workshop to explore the cloud computing landscape and its impact on enterprise IT, January 2009 Multiple perspectives on cloud & Grid computing learn more at www.ogfeurope.eu

Chapter 16

Security Issues to Cloud Computing

Cyril Onwubiko

AbstractWith the growing adoption of cloud computing as a viable business proposition to reduce both infrastructure and operational costs, an essential requirement is to provide guidance on how to manage information security risks in the cloud. In this chapter, security risks to cloud computing are discussed, including privacy, trust, control, data ownership, data location, audits and reviews, business continuity and disaster recovery, legal, regulatory and compliance, security policy and emerging security threats and attacks. Finally, a cloud computing framework and information asset classification model are proposed to assist cloud users when choosing cloud delivery services and deployment models on the basis of cost, security and capability requirements.

16.1  Introduction

As organisations seek new ways of driving businesses forward, increasing demands are now placed on computer networks to provide competitive edge and create new opportunities at reduced cost. This has accelerated business and technological initiatives that promise to provide services at comparably low infrastructure and operating costs. The rapid growth of cloud computing is a good example.

This new model of service (cloud computing) offers tremendous reduction in operating cost; unfortunately, it has also introduced a set of new and unfamiliar risks. Most networks today are borderless, spanning across different network estates, security domains and enterprise, whose security policies, security protection mechanisms and business continuity plans are different, varying and diverse. Consequently, new security requirements are needed, new forms of protection strategies become essential and existing practices may require reviewing.

C. Onwubiko (*)

Security & Information Assurance, Research Series Limited, 1 Meadway, Woodford Green, IG8 7RF, Essex, UK

e-mail: cyril.onwubiko@research-series.com

N. Antonopoulos and L. Gillam (eds.), Cloud Computing: Principles,

271

Systems and Applications, Computer Communications and Networks,

DOI 10.1007/978-1-84996-241-4_16, © Springer-Verlag London Limited 2010

Соседние файлы в папке CLOUD COMPUTING