Making Clouds Secure

The concept of Cloud Computing — what just about every IT community is dreaming about these days — has a multitude of indisputable advantages over more traditional modes of software distribution and usage. But Cloud Computing has a long way to go before it takes over the market — not in terms of technology, but in terms of how it is perceived by potential clients. For the majority of them, Cloud Computing seems like an interesting — but not very secure — idea.

If you were to review the evolution of the concept (which, incidentally, is considerably older than it might seem), you would see the close connections between Cloud Computing and information security. As Enomaly founder and Chief Technologist Reuven Cohen has rightly noted, the Cloud Computing concept was first mastered by cyber criminals who had created rogue networks as early as ten years ago. Not much time passed before people started using Cloud Computing for legitimate purposes, and the technology is just now beginning to come into its own.

What is a “Cloud”?

Let’s take a look at the formal definition of the concept before we tackle the modern aspects of security and Cloud Computing. There is still no common or generally recognized definition of “Cloud Computing” in the IT industry, and most experts, analysts, and users have their own understanding of the term.

In order to come to a more precise definition, we first need to move from the general to the specific. In general, Cloud Computing is a concept whereby a number of different computing resources (applications, platforms or infrastructures) are made available to users via the Internet. While this definition seems to capture the essence of Cloud Computing, in practice it is much too abstract and broad. If you wanted to, you could include practically everything even vaguely related to the Internet in that definition. The definition needs to be made more specific, and in order to do so, we will first take a look at the position of the scientific and expert community.

The work “Above the Clouds,” published by the RAD Lab at UC Berkeley, has identified the three most common features of Cloud Computing:

• The illusion of infinite computing resources available on demand, thereby eliminating the need for Cloud Computing users to plan far ahead for provisioning.
• The elimination of an up-front commitment by Cloud users, thereby allowing companies to start small and increase hardware resources only when there is an increase in their needs.
• The ability to pay for use of computing resources on a short-term basis as needed (e.g., processors by the hour and storage by the day) and release them as needed, thereby rewarding conservation by letting machines and storage go when they are no longer useful.

The specifications for building a Cloud platform, such as virtualization, global distribution or scale, are not so much features of Cloud Computing, but merely help put this paradigm into practice. In particular, the use of virtualization technologies helps achieve the “illusion of infinite computing resources” mentioned above.

The main features of any Cloud service are the kinds of resources it offers users via the Internet. Depending on these resources, all services can be divided into a number of different categories (see Figure 1). Each of these carries the suffix *aaS, where the asterisk represents the letter S, P, I or D, and the abbreviation “aaS” means “as a service.”

Figure 1. The ontology of Cloud services

 Essentially, Cloud Computing makes resources available through the Internet and has three fundamental features, as noted above.  The types of resources made available may be software (SaaS), a platform (PaaS), an infrastructure (IaaS), or storage (DaaS).