What is Cloud Computing?
In Cloud Computing, the word cloud is used to refer to the internet, so the phrase cloud computing means a type of internet based computing where different service such as servers, storage, applications are delivered to an organisation through an internet.Cloud computing allows an organisation to create, configure and customise the business applications through an internet.
Cloud Computing and Security
There are many things that can be done using cloud computing. Below is the list to name a few:-
- Create new applications and services
- Store, backup and recovery data.
- Hosting blogs and websites.
- Deliver software on demand.
Cloud computing services mainly fall into three categories :
- Infrastructure-as-a-service(IaaS):-IaaS offers the computing infrastructure such as servers, virtual machines, operating systems, storage on a rental basis.
From security viewpoint mostly on physical security, aspects are offered from cloud service provider.
- Platform-as-a-service(PaaS):PaaS provides a platform that has an operating system, programming language execution environment, web server and database. The infrastructure is provided for a quick development and deployment of the application.
From the security point of view physical and connectivity aspects are offered from cloud service provider as options.
- Software-as-a-service(SaaS):-In SaaS, the software application is hosted and managed by the cloud provider and the maintenance and security aspects are handled by the cloud provider.
There is no rule on which of these categories are best suitable for an organisation to refer during decision making. This is because there are multiple parameters of technology, expertise, resource, cost, ROI, availability option, growth plan, roadmap which will also influence in decision making.
Security measures taken on cloud
To make a cloud secure, various security controls are used by the cloud provider to safeguard any weakness in the system and revert any attack. The various security measures taken to secure the cloud, in general, are as below:-
- Identity Management :-
In order to control the access of information and resources, the cloud provider either integrates the enterprise identity management system or it provides with one of its own. AWS, for instance, provides its users with IAM(Identity And Access Management) through which different users can be granted different access to different resources.
- Physical Security :-
Securing the hardware, network, servers against any unauthorised access that could cause serious loss to an enterprise. The physical security also includes protection from, flood, fire, burglary and theft.
- Data Security :-
Maintaining control over the data paramount to cloud success. With virtualization and cloud, the data physically resides in the infrastructure owned by the cloud provider. Some of the measures that are required to secure the data are.
- Data Confidentiality:-
Confidential data is considered to be sensitive where the objective is to limit the data access to those who are authorised to view it. The data owners expect to utilise all the data services such as data search, computation and modification without any leakage.
- Data Access Controllability:-
Access Control means the data owner has the complete control over the data placed on cloud and the data owner can restrict or grant selective permissions to the data users. The data owner is able to enforce fine-grained access control over the data users.
- Data Integrity:-
The data in the cloud should be stored correctly and no one is able to change, modify or delete the data illegally without having the authorization access. There should be no corruption or loss of data and if there is any, the data owner should be able to retrieve it.
Data encryption is the technique used to protect specification of data, in spite of access to data and towards integrity protection.
There are several encryption techniques that are being used by the cloud providers in order to secure the data such as-
- Homomorphic Encryption:-
Homomorphic encryption is the kind of encryption that ensures computations and algebraic operation on the encrypted data without decrypting it, hence providing the data confidentiality.
- Searchable Encryption:-
The searchable encryption scheme is a technique that allows the search of specific information in an encrypted content. Searchable encryption generally builds keyword indexes to securely perform the user search queries.
- Attribute-based Encryption(ABE):-
ABE is a public-key encryption in which the secret key of a user depends on certain attributes such as Country of the user. In this type of encryption, the decryption of cypher text is only possible if the user matches the attributes of the cypher text.
These are few samples of encryption technique. There are many more encryption mechanisms which are new and evolved over the years. At Teknospire, For security we use various security measures provided by the cloud provider, below are a few:-
- Security groups:-
It act as a firewall to the cloud instance and control the traffic that is outbound and inbound at the instance level.
- Network ACLs(Access Control Lists):-
It act as a firewall and control the inbound and outbound traffice at the subnet level.
- User Access Control:-
To control the access of any user, the Identity and Access Management(IAM) is used to allow the user the access to resources and services. A user can be granted limited or full access to the use of resources.
Enterprise Deployment on Cloud
The deployment on a cloud can be done in Four different models.The deployment model to be chosen depending on the requirements of an organization.
The Four Deployment models are discussed below:-
- Private Cloud Deployment:-
The private cloud also called as the internal cloud; is provisioned for the exclusive use by a single organisation. Private cloud is often chosen by the organisation that already owns a data centre and developed IT infrastructure and has particular needs around security and performance.
- Public Cloud Deployment:-
The public cloud deployment represents the true cloud hosting. In this model, cloud services and infrastructure is provided to various clients. This model is best suited for the organisation that hosts SaaS applications, utilise interim infrastructure to develop and test applications and manage the applications that are consumed by a large number of users that would otherwise require the large investment in infrastructure from the business.
- Hybrid Cloud Deployment:-
Hybrid cloud is the combination of two or more clouds that are separate entities but are bound together. A hybrid cloud combines the core cloud-based infrastructure and high load tasks outsourcing to the public cloud. It also combines benefits of the controlled environment in private clouds and rapid elasticity of the public clouds. For Example, An organisation may store the sensitive data on a private cloud and connect that to a business intelligence application hosted on a public cloud as a software service.
- Community Cloud Deployment:-
In the community cloud model, the cloud infrastructure is shared by several organisations with the same policy and compliance considerations. This type of deployment ca either be managed internally or by a third party.
Considering cost optimisation, time to market and expertise constraints are the main drivers of referring cloud as the option for enterprise solution offering. Whereas security is the key mandatory factor organisations can not compromise.
Now, there are government, policy makers, auditors, regulatory bodies across the world and domains (financial, banking, insurance, e-commerce, social networking, value added services, education, logistics, telecommunications) are adopting cloud as the way forward.
Apart from cloud service provider offerings architecture level patterns like multi-tier deployments, multi-dimension authentication, evolved security test certifications and control measures makes cloud as an acceptable option.
In Conclusion, Cloud security provides multiple levels of control in a network infrastructure to afford continuity and protection. Various security protocols are in place to protect sensitive information and data, hence preventing any third party from tampering with the data being transmitted.
We Teknospire adopted public and hybrid cloud based on specific requirement basis evaluating security aspects in addition to cost, time to market, end customer requirement basis. And keep passing on the advantage to our customers.
Our Blog on Baas (Banking as A Service) is in making. Please watch this space for the same.