Security Architecture of Cloud Computing

Security Architecture of Cloud Computing

DOI: 10.4018/978-1-5225-7924-3.ch001

Abstract

Cloud computing is an innovation for dynamic resources to be used over the internet. Though cloud computing is cost effective and easy to use, security is often an area of concern. Sharing of sensitive information and running critical applications on public and/or shared cloud environments require high degree of security. Amount of data stored and processed is increasing enormously requiring cloud environments to resize to larger capacities. Cloud environments have both pros and cons concerning the security of data of the consumers using cloud services. This chapter discusses the main security issues faced by cloud computing environments. The main focus of this chapter is to describe the issues faced during building cross-domain collaborations over the internet and usage of cloud services and its security. This chapter also identifies the security at various levels of cloud computing and, based on cloud architecture, categorizes the security issues.
Chapter Preview
Top

Cloud Computing Security Architecture

Cloud computing is service over the internet offering resources that can be dynamically scalable thus promising its adopters a lot of economic advantages. Cloud can be partitioned into different layers based on the type of resources provided. Bottom layer is Infrastructure-as-a-Service (IaaS) that provides the basic infrastructure components including Servers, CPUs, memory, and storage. Prominent examples of IaaS providers are Amazon Elastic Compute Cloud (EC2) and Amazon easy storage service (S3). The middle layer is Platform-as-a-service (PaaS) which deploys applications of python, java, .net languages and also allows dynamic scaling of those applications. An example for PaaS is Google App Engine for net. Top most layer is allows cloud consumers to use the available applications and is referred to as Software-as-a-architecture (SaaS). SaaS has been globally accepted to access application functionality through a browser in a very trusted environment with no requirement to purchase or subscribe and install costly hardware or software. Two main technologies are currently used to access cloud services. Internet browsers are used for SaaS application access and .net technology services are for accessing IaaS services. Both the afore mentioned approaches can be found in PaaS environment. This chapter summarizes the security problems concerned with cloud computing.

Figure 1.

Security architecture of cloud computing

(Mell, P., & Grance, T.,2011)

High-Level Overview of Cloud Architecture

This section gives the architectural view of security issues faced in cloud computing environment while providing security to consumers. Cloud computing services have been categorized into four layers depending on the three cloud computing resource categories viz. IaaS, SaaS and PaaS. We elaborate each of the four layers in this section and also map the various security issues in each layer as shown in Figure 1.

Important features of User layer are Cloud applications, environments, programming and tools. Few popular examples which come under this category are B2B, facebook, Myspace, Enterprise, ISV, scientific, CDNs, Web 2.0 interfaces, Aneka, Mashups, Map Reduce, Hadoop, Dyrad, Workflows, libraries, scripting. Security as a service, browser security and authentication are few of the security issues present in the user layer. They are discussed in detail in next section.

Few components of service provider layer are SLA monitoring, metering, accounting, resource provisioning, scheduler and dispatcher, load balancer, advance resource reservation monitor and policy management between costumers. Legal and regularity issues of cloud, access and identity management are components of Virtual machine (VM) layer. Important components of Data center (infrastructure) layer include servers, CPUs, memory, and storage. Main security issue of Data center layer is physical security: security of network and server.

Security of End User

End users should be informed about the access agreements including acceptable use or conflict of interest and should comply with them to access resources within the cloud. If a client organization finds vulnerable code or protocols at servers, firewalls, mobile devices or at other such entry points, they should have a mechanism to upload patches of such vulnerable code on native system as soon as they are found. And in turn cloud should secure its services from any user with malicious intent from gaining access to any information or services.

Security-as-a-Service

Cloud service providers (CSPs) provide security to cloud customers using cloud services. Security-as-a-Service is a cloud service to provide security and can be implemented in two ways; first method anybody can change the delivery methods including established information security vendors; in the second method, cloud service providers themselves provide security as part of cloud service (Varadharajan, V., & Tupakula, U., 2014).

Complete Chapter List

Search this Book:
Reset