Private cloud. The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.
Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.
Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).
Public Clouds: In its simplest definition, a public cloud exists externally to its end user and is generally available with little restriction as to who may pay to use it. As a result, the most common forms of public clouds are ones that are accessed via the Internet. There has been tremendous development in the public cloud space, resulting in very sophisticated Infrastructure-as-a-Service offerings from companies like Amazon, with their Elastic Compute Cloud (EC2), Rackspace’s Cloud Offerings, and IBM’s BlueCloud. Other forms of public cloud offerings can take the form at more of the application layer, or Platform-as-a-Service, like Google’s AppEngine and Windows’ Azure Services platform, as well as Amazon’s service-specific cloud hosting SimpleDB, Cloud Front, and S3 Simple Storage.
Private Clouds: In contrast to a public cloud, a private cloud is internally hosted. The hallmark of a private cloud is that it is usually dedicated to an organization. Although there is no comingling of data or sharing of resources with external entities, different departments within the organization may have strong requirements to maintain data isolation within their shared private cloud. Organizations deploying private clouds often do so utilizing virtualization technology within their own data centers. A word of caution here: “Describing private cloud as releasing you from the constraints of public cloud only does damage to the cloud model. It’s the discipline in cloud implementations that makes them more interesting (and less costly) than conventional IT. Private clouds could very well be more constrained than their public counterparts and probably will be to meet those needs that public clouds cannot address.”
Community Clouds: The promise of community clouds is that they allow multiple independent entities to gain the cost benefits of a shared nonpublic cloud while avoiding security and regulatory concerns that might be associated with using a generic public cloud that did not address such concerns in its SLA. This model has tremendous potential for entities or companies that are subject to identical regulatory, compliance, or legal restrictions. Different kinds of community clouds are being considered in the United States and the European Union by governments at the national and local levels. This makes great sense since there are multiple benefits to both the individual entities as well as collectively. For instance, when multiple government agencies that transact business with each other have their processing colocated in a single facility, they can achieve both savings and increased security in terms of reducing the amount of traffic that would otherwise need to traverse the Internet. Continuity of operations can also be enhanced at a lower overall cost to all parties when multiple data centers are used to implement such a community cloud.
Hybrid Clouds: Hybrid clouds are just as the name implies. They are formed when an organization builds out a private cloud and wishes to leverage public or community clouds in conjunction with its private cloud for a particular purpose; the linking of the two clouds is what would be called a hybrid cloud. (Actually, a hybrid cloud could be formed by any combination of the three cloud types: public, private, and community.) Many organizations deploy an internal private cloud for their critical infrastructure but find certain needs that just aren’t economical to build out internally. A common example would be for testing or quality assurance purposes. For instance, an internal cloud might be used to run the infrastructure of a business, but the business may need to test an upgrade or roll out of a new system. It might be advantageous to pay for capacity of a public cloud for a few months to complete the testing, and when their own private cloud is upgraded, discontinue the public cloud usage.
Before we consider security in the cloud arena, we should have an appreciation for the basic definitions and the fact that there are several closely related security fields:
Information Security: This term refers to a broad field that has to do with the protection of information and information systems. Information security has historical roots that include ciphers, subterfuge, and other practices whose goals were to protect the confidentiality of written messages. In our era, information security is generally understood to involve domains that are involved in the security of IT systems as well as with the non-IT processes that are in interaction with IT systems. The objective of information security is to protect information as well as information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Subdomains to Information Security: Among these are computer security, network security, database security, and information assurance. In cloud security, we will be drawing upon each of these as necessary to address issues that we face.
Confidentiality, Integrity, and Availability: The overall objective for security can largely be boiled down to the triad of security: protecting the confidentiality, integrity, and availability of information.
Least Privilege Principle: Users and processes acting on their behalf should be restricted to operate with a minimal set of privileges. This is to prevent the pervasive use of privilege or access rights within IT systems.
Authentication: The means to establish a user’s identity, typically by can become very complex in many ways. Authentication data may reside in multiple systems in the same infrastructure or domain.
Authorization: The rights or privileges that are granted to a person, user, or process. These can be electronically represented in many ways, and access control lists (ACLs) are simple lists of users and their rights (generally simple statements such as read, write, modify, delete, or execute) against either specific resources or classes of resources. Even simpler are traditional UNIX file permissions, which are at the granularity of Owner, Group, and Others with read, write, execute, and other permissions. The problem with such authorization schemes is that they only work well enough with a very small population of users. They do not scale to large populations, and these schemes are ineffective for computing environments where underlying user IDs are recycled. They are also ineffective against problems that are more difficult to represent, such as we have with SOA services.
Cryptography: From the Greek word for secret kryptos , cryptography has two faces: One is focused on hiding or obfuscating information, and the other ( cryptoanalysis ) is dedicated to exposing secrets that are protected by cryptographic means. Encryption is the process of converting information in plain text into cipher text , with decryption serving the reverse function. Ciphers are the algorithms that are used to perform encryption and decryption, and they are dependent on the use of keys or keying materials . An in-depth treatment of cryptography is beyond the scope of this book, but several further points should be made. First, modern computer cryptography is measured in several dimensions. Cryptography is computationally expensive, but typically the stronger the algorithm the greater the overhead. Second, there are different kinds of algorithms; among them are key pairs (public–private) whereby an individual can safely publish their public key for anyone else to use to encrypt information that can only be decrypted using the associated private key. This has great utility in many ways. Third, cryptography has many other uses in computing; one such use is digital signatures whereby an individual or entity can authenticate data by signing it. Another use is to authenticate two or more communicating parties.
Auditing: This encompasses various activities that span the generation, collection and review of network, system, and application events to maintain a current view of security. Electronic security monitoring is based on the automated assessment of such audit data. But the term auditing is overloaded in security, and it is also used to refer to periodic also overloaded, and we will find many cases where it is used to refer to activities associated with audit event assessment as well as with the periodic activities to verify security controls are appropriate and operating correctly. (We will strive to put sufficient context in our use of these terms.)
Accountability: This amounts to being able to retroactively establish who did what, when, and how. Accountability is dependent on identity and auditing. If accountability is important, then we need to appropriately protect all data and control information that is used to grant access as well as audit access. Since we may not discover a need to perform a forensic review of such data for relatively long periods of time, the general requirements for retaining such event data range from about 120 days and up. (At least one government organization had a requirement to retain such data indefinitely, but ran into physical media problems after 10 years!)