Cloud computing is service over the internet offering resources that can be dynamically scalable thus promising its adopters a lot of economic advantages. Cloud can be partitioned into different layers based on the type of resources provided. Bottom layer is Infrastructure-as-a-Service (IaaS) that provides the basic infrastructure components including Servers, CPUs, memory, and storage. Prominent examples of IaaS providers are Amazon Elastic Compute Cloud (EC2) and Amazon easy storage service (S3). The middle layer is Platform-as-a-service (PaaS) which deploys applications of python, java, .net languages and also allows dynamic scaling of those applications. An example for PaaS is Google App Engine for net. Top most layer is allows cloud consumers to use the available applications and is referred to as Software-as-a-architecture (SaaS). SaaS has been globally accepted to access application functionality through a browser in a very trusted environment with no requirement to purchase or subscribe and install costly hardware or software. Two main technologies are currently used to access cloud services. Internet browsers are used for SaaS application access and .net technology services are for accessing IaaS services. Both the afore mentioned approaches can be found in PaaS environment. This chapter summarizes the security problems concerned with cloud computing.
High-Level Overview of Cloud Architecture
This section gives the architectural view of security issues faced in cloud computing environment while providing security to consumers. Cloud computing services have been categorized into four layers depending on the three cloud computing resource categories viz. IaaS, SaaS and PaaS. We elaborate each of the four layers in this section and also map the various security issues in each layer as shown in Figure 1.
Important features of User layer are Cloud applications, environments, programming and tools. Few popular examples which come under this category are B2B, facebook, Myspace, Enterprise, ISV, scientific, CDNs, Web 2.0 interfaces, Aneka, Mashups, Map Reduce, Hadoop, Dyrad, Workflows, libraries, scripting. Security as a service, browser security and authentication are few of the security issues present in the user layer. They are discussed in detail in next section.
Few components of service provider layer are SLA monitoring, metering, accounting, resource provisioning, scheduler and dispatcher, load balancer, advance resource reservation monitor and policy management between costumers. Legal and regularity issues of cloud, access and identity management are components of Virtual machine (VM) layer. Important components of Data center (infrastructure) layer include servers, CPUs, memory, and storage. Main security issue of Data center layer is physical security: security of network and server.
Security of End User
End users should be informed about the access agreements including acceptable use or conflict of interest and should comply with them to access resources within the cloud. If a client organization finds vulnerable code or protocols at servers, firewalls, mobile devices or at other such entry points, they should have a mechanism to upload patches of such vulnerable code on native system as soon as they are found. And in turn cloud should secure its services from any user with malicious intent from gaining access to any information or services.
Security-as-a-Service
Cloud service providers (CSPs) provide security to cloud customers using cloud services. Security-as-a-Service is a cloud service to provide security and can be implemented in two ways; first method anybody can change the delivery methods including established information security vendors; in the second method, cloud service providers themselves provide security as part of cloud service (Varadharajan, V., & Tupakula, U., 2014).