Cloud Security

Cloud Security

DOI: 10.4018/978-1-4666-4683-4.ch005
OnDemand PDF Download:
No Current Special Offers


Although cloud computing has been widely accepted in the enterprise, and its usage is growing exponentially, security and privacy are big challenges for adoption and survival of cloud computing. Security has two facets in the cloud computing landscape, that is there are pros and there are cons. Security is obligatory for all service delivery models of cloud computing. Additionally, cloud deployment options are another orthogonal dimension to the cloud service delivery models. With the adoption of cloud computing, a large part of network, system, applications, and data will move under provider control. The cloud service delivery model will create several virtual perimeters as well as a security model with responsibilities shared between the customer and the provider. This shared responsibility model will bring new security management challenges to the organization. This chapter discusses these issues and enumerates some initiatives to address them.
Chapter Preview

2. Deployment Options Security

This section reviews security aspects of clouds’ deployment options. Depending on how the cloud infrastructure is operated, it can be categorized as: (a) public, (b) private, or (c) hybrid or federated.

2.1 Private Cloud

In comparison with the traditional IT infrastructure, private clouds do not impose new vulnerabilities, attacks, and threats to the infrastructure security. In addition, they do not require changes in risks specific to this deployment option.

With the implementation of a private cloud, an organization’s IT architecture may change; however, its network topology will not change significantly. Moreover, there is no big difference between the traditional IT security model and a private cloud security model. That is the pervasive security considerations, strategies and measures can be kept in place for a private cloud. Thus, they are applicable to a private cloud infrastructure. In addition, the current security tools are necessary for a private cloud and they operate in the same way (Getov, 2012).

Security concerns for a private cloud’s IT manager are almost the same as those associated with other distributed systems. However, when this private cloud is hosted by a third party, the security issues facing the customers become very complex and difficult to solve. Although in theory this cloud is still private, the fact that it relies on outsourced resources means that the users are no longer in control of their data. As a result, security remains a major adoption concern, as many cloud service providers (CSPs) put the burden of cloud security on the customer, leading some to explore costly ideas like third party insurance (Getov, 2012).

The security management processes that are relevant to cloud service delivery models in private clouds are enumerated as the following, these functions typically can be managed by IT department or managed services:

  • Availability management

  • Access control

  • Vulnerability management

  • Patch management

  • Configuration management

  • Incident response

  • Monitoring system use and access

Hence, organizations that are looking to augment the public cloud for certain use cases can leverage and extend their internal security management practices and processes developed for their internal private cloud services.

Complete Chapter List

Search this Book: