Are We Ready For The Public Cloud?

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. (National Institute of Standards and Tecnology (NIST), 2011).   A public cloud is a cloud made available to the general public for use and is the most common type of cloud. Users of a public cloud sign up with the cloud provider and make payments based on the provider's pricing schema.

Elements of the Public Cloud

• Computer and OS
• Internet access with web browser. (others you may access internet directly with software)
• Proprietary on-line storage software/account (i.e. dropbox, carbonite , downloadable through each website respectively)(Google docs requires just a log in)
• Some level of data encryption during transitions (usually 128-bit ) (Booth, 2011)
• Providers servers, data centers and software to store your data
• Network connections

 Advantages/Capabilities 

• Storage and maintenance cost significantly lower
• Frees up local storage
• Eliminates complex backup systems (Booth, 2011)
• Provides space for future storage needs (Booth, 2011)
• Availability  24/7 from unlimited range of locations and devices (Booth, 2011)
• Data is stored redundantly and with greater security than is available on a single disk or drive (Booth, 2011)
• Service providers’ supply all the software and hardware, so moving from one vendor to another involves little to no effort or expense for user. Can use two cloud services concurrently. (Booth, 2011)
• Monthly payments instead of front-end investment (Booth, 2011)
• Ability to run web workloads in the cloud  (Telecomworldwire(M2), 2011)
• 30% reduction in cost compared to traditional application environments with automation from the cloud  (Telecomworldwire(M2), 2011)
• Ability to host multi-tenant services to manage services to manage virtual server, storage, network, and security infrastructure  (Telecomworldwire(M2), 2011)
•  Management capabilities with GUI to install and configure applications along with setting up security. (IBM  Workload  Deployer) 

Security 

•  As computers become more dependent on the internet, the data on those computers becomes more accessible. (Booth, 2011)
• 128-bit encryption that is used by most(Booth, 2011)

Amazons’ Security for their EC2 Public Cloud

• Physical Security is strictly controlled; guards, video surveillance system, Intrusion detection systems. Guards must pass two-factor authentication to gain access to datacenter floors. All physical access is documented through logs and reports.  (Amazon, 2011).
• Environmental safeguards include; fire detection and suppression, fully redundant electrical power, and climate and temperature controls and alarms to notify management if any measurements are above or below standards.  (Amazon, 2011).
• Data Security includes; redundant and multiple locations (5 regions) for data, backups, fault separation, unique credentials using multi-factor authentication (6 digit single use code, username and password), an authenticating device that users must purchase, rotating access key and  certificates on regular basis, proprietary DDos  mitigation techniques, SSH host certificates and SSL used at end-points to deter MITM Attacks, firewall prevents IP spoofing, port scanning is used and all violations are investigated, hypervisor prevents from packet sniffing the virtual instances (Amazon, 2011).

International Information Systems Security Certification Consortium's findings

• Study based on a survey of more than 10,000 InfoSec professionals worldwide finds that a growing number of technologies being widely adopted by businesses are challenging InfoSec executives and their staffs, potentially endangering the security of governments, agencies, corporations and consumers worldwide.   (M2PressWIRE, 2011)
• Secure software development is a significant new area of focus for InfoSec professionals worldwide. Application vulnerabilities ranked as the No. 1 threat to organizations by 72% of respondents worldwide and in EMEA.   (M2PressWIRE, 2011)
• Cloud computing illustrates a serious gap between technology implementation and the skills necessary to provide security.   (M2PressWIRE, 2011)
• More than 50% of respondents reported to having private clouds in place, while more than 70% reported the need for new skills to properly secure cloud-based technologies.   (M2PressWIRE, 2011)
• Viruses, worms, hackers and internal employees all fell in significance as top threats from 2008. Most recent year of the study.   (M2PressWIRE, 2011)
• One of the main drivers in continued growth of IT professionals is the potential loss of control as organizations shift data to cloud-based services.   (M2PressWIRE, 2011)
• Security professional are going to have to re-skill for these new developments.   (M2PressWIRE, 2011)

Works Cited


http://www.infosecurity-magazine.com/view/16041/rsa-2011-isc-study-shows-gap-between-cloud-security-  technology-and-training-/


http://aws.amazon.com/security


http://www.nist.gov/itl/csd/cloud-020111.cfm