- Open Access
- Total Downloads : 7
- Authors : Shubham Vijayvargiya, Swatantra Deep Dangarh, Kuldeep Mudgal
- Paper ID : IJERTCONV2IS10062
- Volume & Issue : NCETECE – 2014 (Volume 2 – Issue 10)
- Published (First Online): 30-07-2018
- ISSN (Online) : 2278-0181
- Publisher Name : IJERT
- License: This work is licensed under a Creative Commons Attribution 4.0 International License
Shubham Vijayvargiya Mandsaur Institute Of Technology,
Swatantra Deep Dangarh Mandsaur Institute Of Technology,
Mandsaur Institute Of Technology,
AbstractCloud computing a relatively recent term, defines the paths ahead in computer science world. Being built on decades of research it utilizes all recent achievements in virtualization, distributed computing, utility computing, and networking. It enables hosting of applications from consumer, scientific and business domains. Cloud computing is basically an Internet-based network made up of large numbers of servers – mostly based on open standards, modular and inexpensive. Clouds contain vast amounts of information and provide a variety of services to large numbers of people. The benefits of cloud computing are reduced data leakage, decrease evidence acquisition time, they eliminate or reduce service downtime, they Forensic readiness, they decrease evidence transfer time the main factor to be discussed is security of cloud computing, which is a risk factor involved in major computing fields.
Keywords- cloud computing; service oriented; loose coupling; strong fault tolerant; business pattern; ease use
Clouds aim to drive the design of the next generation data centers by architecting them as networks of virtual services (hardware, database, user-interface, application logic) so that users can access and deploy applications from anywhere in the world on demand at competitive costs depending on their QoS (Quality of Service) requirements . Many people are confused as to exactly what cloud computing is, especially as the term can be used to mean almost anything. Roughly, it describes highly scalable computing resources provided as an external service via the internet on a pay-as-you-go basis. The cloud is simply a metaphor for the internet, based on the symbol used to represent the worldwide network in computer network diagrams. Economically, the main appeal of cloud computing is that customers only use what they need, and only pay for what they actually use.
Resources are available to be accessed from the cloud at any time, and from any location via the internet. Because of this, cloud computing has also been called utility computing, or IT on demand. This new, web- based generation of computing utilizes remote servers housed in highly secure data centers for data storage and management, so organizations no longer need to purchase and look after their IT solutions in-house.
The Cloud is a metaphor for the Internet, derived from its common depiction in network diagrams (or more generally components which are managed by others) as a cloud outline. The underlying concept dates back to 1960 when John McCarthy opined that "computation may some day be organized as a public utility" (indeed it shares characteristics with service bureaus which date back to the 1960s) and the term. The Cloud was already in commercial use around the turn of the 21st century. Cloud computing solutions had started to appear on the market, though most of the focus at this time was on Software as a service.2007 saw increased activity, including Goggle, IBM and a number of universities embarking on a large scale cloud computing research project, around the time the term started gaining popularity in the mainstream press. It was a hot topic by mid-2008 and numerous cloud computing events had been scheduled.
The Evolution of Cloud Computing
Enterprise organizations will likely experiment with cloud computing, carefully choosing projects that benefit from clouds features and cost benefits as they develop more formal cloud computing strategies. This evolution has already begun as enterprise businesses take a crawl, walk, run approach that builds toward an eventual cloud implementation. The phases of the model include:
3.1.1 Test and development- This phase introduces cloud for proof–of–concept use. During this initial phase, IT becomes comfortable
with server virtualization and gains experience with system performance, application response times, and technology stability.
3.1.2 Consolidation- This phase is highlighted by the migration of physical servers to virtual machines typically referred to as P2V. At this point, IT rapidly moves workloads that have been identified as viable candidates and gives them the green light for production usage on the virtualized infrastructure.
3.1.3 Enterprise- This phase is a significant milestone where the business chooses a virtualization platform for mission critical applications, standardizes data protection, implements disaster recovery, automates routine tasks, and meets SLAs. The goal in this phase is a near 100% virtualized data center.
3.1.4 Dynamic- In this phase, the IT infrastructure is tightly integrated with IT and business processes. As administrators apply security, performance, and availability policies, the virtualization platform responds automatically without manual interaction. This is the really the beginning of a true private cloud.
3.1.5 Cloud- The cloud or final phase provides a real–time consumption model that meets the descriptions and definitions detailed previously. At this phase, business owners only pay for what they consume and can quickly provision and decommission resources as needed. Control shifts into the hands of the application owner, allowing for management of an extremely fluid environment that instantaneously responds to change across distributed resources regardless of whether they are owned or leased from/hosted by a third party. This entire process is completely transparent to the application and its administrators.
Types of cloud computing
3.2.1Public Cloud -Public cloud also referred to as
external cloud describes the conventional meaning of cloud computing: scalable, dynamically provisioned, often virtualized resources available over the Internet from an off- site third-party provider, which divides up resources and bills its customers on a utility basis.
An example is Think Grid, a company that provides a multi-tenant architecture for supplying services such as Hosted Desktops, Software as a Service and Platform as a Service. Other popular cloud vendors include Salesforce.com, Amazon EC2 and Flexi scale.
3.2.2Private Cloud -Private cloud (also referred to as corporate or internal cloud) is a term used to
denote a proprietary computing architecture providing hosted services on private networks. This type of cloud computing is generally used by large companies, and allows their corporate network and data centre administrators to effectively become in- house service providers catering to customers within the corporation. However, it negates many of the benefits of cloud computing, as organizations still need to purchase, set up and manage their own clouds.
3.2.3Hybrid Cloud-It has been suggested that a hybrid cloud environment combining resources from both internal and external providers will become the most popular choice for enterprises. For example, a company could choose to use a publi cloud service for general computing, but store its business-critical data within its own data centre. This may be because larger organizations are likely to have already invested heavily in the infrastructure required to provide resources in- house or they may be concerned about the security of public clouds.
Essential characteristics of Cloud Computing
3.3.1 On demand self services-computer services such as email, applications, network or server service can be provided without requiring human interaction with each service
Provider. Cloud service providers providing on demand self services include Amazon Web Services (AWS), Microsoft, Google, IBM and Salesforce.com. New York Times and
NASDAQ are examples of companies using AWS (NIST). Gartner describes this characteristic as service based
3.3.2 Broad network access- Cloud Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms such as mobile phones, laptops and PDAs.
3.3.3 Resource pooling- The providers computing resources are pooled together to serve multiple consumers using multiple-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. The resources include among others storage, processing, memory, network bandwidth, virtual machines and email services. The pooling together of the resource builds economies of scale .
3.3.4 Rapid elasticity- Cloud services can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.
3.3.5 Measured service- Cloud computing resource usage can be measured, controlled, and
reported providing transparency for both the provider and consumer of the utilized service. Cloud computing services use a metering capability which enables to control and optimize resource use. This implies that just like air time, electricity or municipality water IT services are charged per usage metrics pay per use. The more you utilize the higher the bill. Just as utility companies sell power to subscribers, and telephone companies sell voice and data services, IT services such as network security management, data center hosting or even departmental billing can now be easily delivered as a contractual service.
3.3.6 Multi Tenacity-It is the 6th characteristics of cloud computing advocated by the Cloud Security Alliance. It refers to the need for policy-driven enforcement, segmentation, isolation, governance, service levels, and chargeback/billing models for different consumer constituencies. Consumers might utilize a public cloud providers service offerings or actually be from the same organization, such as different business units rather than distinct organizational entities, but would still share infrastructure
Working of cloud computing
Supercomputers today are used mainly by the military, government intelligence agencies, universities and research labs, and large companies to tackle enormously complex calculations for such tasks as simulating nuclear explosions, predicting climate change, designing airplanes, and analyzing which proteins in the body are likely to bind with potential new drugs. Cloud computing aims to apply that kind of powerÂ²measured in the tens of trillions of computations per secondÂ²to problems like analyzing risk in financial portfolios, delivering personalized medical information, even powering immersive computer games, in a way that users can tap through the Web. It does that by networking large groups of servers that often use low- cost consumer PC technology, with specialized connections to spread data-processing chores across them. By contrast, the newest and most powerful desktop PCs process only about3 billion computations a second. Let's say you're an executive at a large corporation. Your particular responsibilities include making sure that all of your employees have the right hardware and software they need to do their jobs. Buying computers for everyone isnt enough — you also have to purchase software or software licenses to give employees the tools they require. Whenever you have a new hire, you have to buy more software or make sure your current software license allows another user. It's so stressful that you find it difficult to go.
What does it comprise?
Cloud computing can be visualized as a pyramid consisting of three sections:
3.5.1 Cloud Application -This is the apex of the cloud pyramid, where applications are run and interacted with via a web browser, hosted desktop or remote client. A hallmark of commercial cloud computing applications is that users never need to purchase expensive software licenses themselves. Instead, the cost is incorporated into the subscription fee. A cloud application eliminates the need to install and run the application on the customer's own computer, thus removing the burden of software maintenance, ongoing operation and support.
3.5.2 Cloud Platform- The middle layer of the cloud pyramid, which provides a computing platform or framework as a service. A cloud computing platform dynamically provisions, configures, reconfigures and de-provisions servers as needed to cope with increases or decreases in demand. This in reality is a distributed computing model, where many services pull together to deliver an application or infrastructure request.
3.5.3 Cloud Infrastructure-The foundation of the cloud pyramid is the delivery of IT infrastructure through virtualization. Virtualization allows the splitting of a single physical piece of hardware into independent, self governed environments, which can be scaled in terms of CPU, RAM, Disk and other elements. The infrastructure includes servers, networks and other hardware appliances delivered as either Infrastructure Web Services, farms or "cloud centers". These are then interlinked with others for resilience and additional capacity.
6 S eve n Tec hn ica l Sec ur ity Ben efits of the Cloud
. 1 C e ntra l iz e d data
18.104.22.168-Reduced Data Leakage- The data landmines of today could be greatly reduced by the Clouds thin client technology becomes prevalent. Small, temporary caches on handheld devices or Net book computers pose less risk than transporting data buckets in the form of laptops. Despite best efforts around asset management and endpoint security we continue to see embarrassing and disturbing misses. Monitoring benefits: central storage is easier to control and monitor. The flipside is the nightmare scenario of comprehensive data theft. However, I would rather spend my time as a security professional figuring out smart ways to protect and monitor access to data stored in one place (with the benefit of situational advantage) than trying to figure out all the places where the company data resides across a myriad of thick clients! Cloud Storage provides a way to centralize the data faster and potentially cheaper. The logistical challenge today is getting Terabytes of data to the Cloud in the first place.
3.6.2. INCIDENT RESPONSE / FORENSICS
22.214.171.124Forensic readiness- with Infrastructure as a Service (IaaS) providers, I can build addicted forensic server in the same Cloud as my company and place it offline, ready for use when needed. I would only need pay for storage until an incident happens and I need to bring it online. I dont need to call someone to bring it online or install some kind of remote boot software – I just click a button in the Cloud Providers web interface. If I have multiple incident responders, I cangive them a copy of the VM so we can distribute the forensic workload based on the job at hand or as new sources of evidence arise and need analysis. To fully realize this benefit, commercial forensic software vendors would need to move away from archaic, physical dongle based licensing schemes to a network licensing model.
126.96.36.199 Decrease evidence acquisition time-If a server in the Cloud gets compromised (i.e. broken into), I can now clone that server at the click of a mouse and make the cloned disks instantly available to my Cloud Forensics server. I didnt need to Â³findÂ´ storage or have it Â³ready, waiting and unusedÂ´ – its just there. Eliminate or reduce service downtime: Note that in the above scenario I didnt have to go tell the COO that the system needs to be taken offline for hours whilst I dig around in the R AID Array hoping that my physical acquisition toolkit is compatible (and that the version of RAID firmware isnt supported by my forensic software).Abstracting the hardware removes a barrier to even doing forensics in some situations.
188.8.131.52 Decrease evidence transfer time- In the same Cloud, bit foot bit copies are super fast – made faster by that replicated, distributed file system my Cloud provider engineered for me. From a network traffic perspective, it may even be free to make the copy in the same Cloud. Without the Cloud. I would have to a lot of time consuming and expensive provisioning of physical devices. I only pay for the storage as long as I need the evidence.
184.108.40.206 Eliminate forensic image verification time- Some Cloud Storage implementations expose a cryptographic checksum or hash. For example, Amazon S3 generates an MD5 hash automatically when you store an object. In theory you no longer need to generate time-consuming MD5 checksums using external tools its already there.
220.127.116.11 Decrease time to access protected documents-Immense CPU power opens some doors. Did the suspect password protect a document that is relevant to the investigation? You can now test a wider range of candidate passwords in less time to speed investigations.
3.6.3 Password Assurance Testing (AKA CRACKING)
18.104.22.168Decrease password cracking time- If your organization regularly tests password strength by running password crackers you can use Cloud Compute to decrease crack time and you only pay for what you use. Ironically, your cracking costs go up as people choose better passwords.
22.214.171.124 Keep cracking activities to dedicated machines-If today you use a distributed password cracker to spread the load across non-production machines, you can now put those agents in dedicated Compute instances – and thus stop mixing sensitive credentials with other workloads.
3.6.4 Logging- logging is often an afterthought, consequently insufficient disk space is allocated and logging is either non-existent minimal. Cloud Storage changes all this – no more guessing how much storage you need for standard logs.
126.96.36.199 Improve log indexing and search- With your logs in the Cloud you can leverage Cloud Compute to index those logs in real-time and get the benefit of instant search results. The Compute instances can be plumbed in and scale as needed based on the logging load – meaning a true real- time view.
188.8.131.52Getting compliant with Extended logging- Most modern operating systems offer extended logging in the form of a C2 audit trail. This is rarely enabled for fear of performance degradation and log size. If you are willing to pay for the enhanced logging, you can do so. Granular logging makes compliance and investigations easier.
Improve the State of Security Software (PERFORMANCE)
184.108.40.206 Drive vendors to create more efficient security software- Billable CPU cycles get noticed. More attention will be paid to inefficient processes; e.g. poorly tuned security agents. Process accounting will make a comeback as customers target expensive processes. Security vendors that understand how to squeeze the most performance from their software will win.
220.127.116.11 Pre-hardened change control builds- This is primarily a benefit of virtualization based Cloud Computing. Now you get a chance to start secure. There are ways to do this today with bare-metal OS installs but frequently these require additional 3rd party tools, are time consuming to clone or add yet another agent to each endpoint.
18.104.22.168 Reduce exposure through patching offline- Gold images can be kept up securely kept up to date. Offline VMs can be conveniently patched off the network.
22.214.171.124 Easier to test impact of security changes-
This is a big one. Spin up a copy of your
production environment, implement a security change and test the impact at low cost, with minimal startup time. This is a big deal and removes a major barrier to doing security in production environments.
126.96.36.199 Reduce cost of testing security:-Its provider only passes on a portion of their security testing costs. By sharing the same application as a service, you dont foot the expensive security code review and/or penetration test.Evenwith Platform as a Service (PaaS) where your developers get to write code, there are potential cost economies of.
5.6 Improve accessibility- You have access anytime, anywhere, making your life so much easier!
5.7 Monitor projects more effectively- Stay within budget and ahead of completion cycle times.
5.8 Less personnel training is needed- It takes fewer people to do more work on a cloud, with a minimal learning curve on hardware and software issues.
5.9 Minimize licensing new software-Stretch and grow without the need to buy expensive software licenses or programs.
5.10 Improve flexibility- You can change direction without serious people or financial issues at stake.
A cloud application leverages cloud computing in software architecture, often eliminating the need to install and run the application on the customer's own computer, thus alleviating the burden of software maintenance, ongoing operation, and support. For example:
Peer-to-peer / volunteer computing (BOINC, Skype)
Web applications (Webmail, Face book, Twitter, YouTube, and Yammer)
Security as a service (Message Labs, Pure wire, Scan Safe, Scalar)
Software as a service (GoogleApps, Salesforce, Nivio, Learn.com, Zoho, BigGyan.com)
Software plus services (Microsoft Online Services)
Content distribution (Bit Torrent, Amazon Cloud Front)
Synchronization (Drop box, Live Mesh, Spider Oak, ZumoDrive
5.1 Achieve economies of scale increase volume output or productivity with fewer people. Your cost per unit, project or product plummets.
5.2 Reduce spending on technology infrastructure-Maintain easy access to your information with minimal upfront spending.
5.3 Globalize your workforce on the cheap- People worldwide can access the cloud, provided they have an Internet connection.
5.4 Streamline processes- Get more work done in less time with less people.
5.5 Reduce capital costs- Theres no need to spend big money on hardware, software or licensing fees.
6.1 Possible downtime-Cloud computing makes your small business dependent on the reliability of your Internet connection. When it's offline, you're offline. And even the most reliable cloud computing service providers suffer server outages now and again.
6.2 Security issues- How safe is your data? Cloud computing means Internet computing. So you should not be using cloud computing applications that involve using o storing data that you are not comfortable having on the Internet. That being said, established, reliable cloud computing vendors will have the latest, most sophisticated data security systems possible as they want your business and realize that data security is a big concern. Switching to the cloud can actually improve security for a small business, says Michael Redding, managing director of Accenture Technology Labs. "Because large cloud computing companies have more resources, he says, they are often able to offer levels of security an average small business may not be able to afford implementing on its own servers".
6.3 Cost- At first glance, a cloud computing application may appear to be a lot cheaper than a particular software solution installed and run in- house, but you need to be sure you're comparing apples and apples. You also need to be sure you are doing a total cost comparison. While many cloud computer vendors present themselves as utility- based providers, claiming that you're only charged for what you use, Gartner says that this isn't true; in most cases, a company must commit to a predetermined contract independent of actual use. To be sure you're saving money; you have to look closely at the pricing plans and details for each application.
6.4 Inflexibility- Be careful when you're choosing a cloud computing vendor that you're not locking your business into using their proprietary applications or formats. You can't insert a document created in another application into a
Google Docs spreadsheet, for instance. Also make sure that you can add and subtract cloud computing users as necessary as your business grows or contracts.
6.5 Lack of support- In These Issues Need to be Resolved before Cloud Computing Becomes Ubiquitous, (OPEN Forum) Anita Campbell writes, "Customer service for Web apps leaves a lot to be desired — All too many cloud-based apps make it difficult to get customer service promptly or at all. Sending an email and hoping for a response within 48 hours is not an acceptable way for most of us to run a business".
CLOUD COMPUTING CHALLENGES
7.1 Self-healing – In case of application/network/data storage failure, there will always be a backup running without major delays, making the resource switch appear seamless to the user.
7.2 SLA-driven – Cloud is administrated by service level agreements that allow several instances of one application to be replicated on multiple servers if need arises; dependent on a priority scheme, the cloud may minimize or shut down a lower level application.
7.3 Multi-tenancy – The cloud permits multiple clients to use the same hardware at the same time, without them knowing it, possibly causing conflicts of interest among customers.
7.4 Service-oriented – Cloud allows one client to use multiple applications in creating its own.
7.5 Virtualized – Applications are not hardware specific; various programs may run on one machine using virtualization or many machines may run one program.
7.6 Linearly scalable – Cloud should handle an increase in data processing linearly; if "n" times more users need a resource, the time to complete the request with "n" more resources should be roughly the same.
7.7 Data management – Distribution, partitioning, security and synchronization of data.
As a result of this paper, the client could now offer. Its healthcare applications on a cloud-hosted Infrastructure with various pricing options, depending upon the needs and desired service level delivery model of the customer. Because our client was able to support multiple customers without risk
to each other, hospitals, clinics, and nursing homes were able to eliminate capital investments in technology and infrastructure support. In addition, high availability and disaster recovery capabilities of the cloud infrastructure far exceeded previous onsite hosted models while operating at a reduced total cost of ownership. In short, the client became far more competitive by leveraging cloud computing technology.
Cloud computing is the next big wave in computing. It has many benefits, such as better hardware management, since all the computers are the same and run the same hardware. It also provides for better and easier management of data security, since all the data is located on a central server, so administrators can control who has and doesn't have access to the files. There are some down sides as well to cloud computing. Peripherals such as printers or scanners might have issues dealing with the fact that there is no hard drive attached to the physical, local machine. If there are machines a user uses at work that aren't their own for any reason, that require access to particular drivers or programs, it is still a struggle to get this application to know that it should be available to the user.
Cloud computing is still struggling in its infancy, with positive and negative comments made on its possible implementation for a large-sized enterprise. IT technicians are spearheading the challenge, while academia is bit slower to react. Several groups have recently been formed, such as the Cloud Security Alliance or the Open Cloud Consortium, with the goal of exploring the possibilities offered by cloud computing and to establish a common language among different providers. In this boiling pot, cloud computing is facing several issues in gaining recognition for its merits. Its security deficiencies and benefits need to be carefully weighed before making a decision to implement it. However, the future looks less cloudy as far as more people being attracted by the topic and pursuing research to improve on its drawbacks.
- [Balding08] Craig Balding, "ITG2008 World Cloud Computing Summit", 2008 http://cloudsecurity.org/
- [Croll08] Alistair Croll, "Why Cloud Computing Needs Security", 2008 http://gigaom.com/2008/06/10/the-amazon- outage-fortresses-in-the-clouds/
http://www.networkworld.com/news/2008/070208-cloud.html [Armrust09] Michael Armbrust, Armando Fox, "Above the Clouds: A Berkley View of Cloud Computing", February 10, 2009 [Reese09] George Reese, "Cloud Application Architectures",
April 2009, O'Reilly Media[Miller08] Michael Miller, "Cloud Computing: Web-Based Applications That Change the Way You Work and Collaborate Online", August 2008 [Lamb09] John Lamb, "The Greening of IT: How Companies Can Make a Difference for the Environment", April 2009, IBM Press