r
 

 

Cloud Security Solutions

s

By offering Internet-based computing and on-demand resources (software and data), cloud-based services are rapidly changing the IT service landscape. The term “cloud” stands as a metaphor for the Internet and originates from the use of cloud icons representing the telephone system and Internet throughout early network architecture diagrams. The cloud is an abstraction of the underlying infrastructure of a network – usually the Internet. The idea is essentially one of ambiguity – there are some services “out there,” “in the cloud” which can be accessed over “some sort of network.” The amorphous shape of a cloud illustrates the ambiguity around the location of services and the connectivity to those services.


ISFMT's Cloud Security Focus

The current state of cloud infrastructure is of the typical data center, consisting of servers and network equipment, with interfaces out to the “world”. Services offered in a cloud can range from simple application web user interfaces to dynamically allocated virtual machines and databases. The key concept in cloud computing is to commoditize the infrastructure on which an application runs, so network connectivity, computing capacity, and operating systems, are provisioned on demand , through a utility (i.e. telephone or electric utility) business model.

There are broadly three kinds of services offered by cloud vendors:

  • Cloud application services or Software as a Service (SaaS) delivers application software over the Internet. This frees up customers from needing to provision hardware to host their own copies of these applications, installing the applications, and maintaining them.
  • Cloud platform services or Platform as a Service (PaaS) delivers computing platforms as a service. Customers can quickly provision virtual Windows or Linux servers where they can install and run their own applications.
  • Cloud infrastructure services or Infrastructure as a Service (IaaS) delivers complex computing infrastructure, on demand. In this scenario, customers can provision not only individual virtual or physical machines, but the network topology which connects them as required.

There are a variety of implementations of the cloud concept:

  • A public cloud (or external cloud) is the most common. In this model, an cloud vendor offers solutions that are dynamically provisioned on a fine-grained, self-service basis, accessible over the Internet. Usually the services are billed using a fine-grained utility computing model.
  • A community cloud might be established when several organizations have similar computing requirements and they wish to share infrastructure costs in order to realize some of the benefits of cloud computing. This approach may offer a higher level of privacy, security or policy compliance than a public cloud. An example of this approach is the Google “Gov Cloud”.
  • A private cloud typically refers to a set of servers that run virtual machines inside an organization's perimeter, where virtual servers can be activated and deactivated on demand. This allows organizations to get some of the benefits of cloud computing (i.e., rapid provisioning and de-provisioning) but without relying on a third party. This eliminates both benefits and risks associated with a public cloud.
  • A hybrid cloud is an architecture that combines a private cloud with a public cloud. For example, an application might be configured to normally run on a private cloud, except in situations where there is short-lived high demand, in which case additional resources on a public cloud are also consumed. Alternately, some components of an application might run on a public cloud while others remain inside the corporate network perimeter.

There are security and control issues with the various types of cloud infrastructures. ISFMT approaches each cloud deployment independently, but with industry best practices and Security as a Service (SECaaS) constructs. We utilize a risk-based approach to evaluate and investigate cloud-based networks, cloud brokers, along with disaster recovery and governance in a cloud-services environment. We utilize the Cloud Security Alliance CCSK as the foundation of a security knowledge-base for our activities.

We additionally provide a Cloud Computing Security training course for common Information Assurance and Computer Security component training needs and requirements in preparation for students to take the Cloud Security Alliance CCSK examination. The CSA CCSK Certification exists as the first professional security certification in the Cloud Computing Security arena. Our course offers detailed instruction on the foundation concepts and technologies of all domains comprising the Cloud Security Knowledge (CSK) fundamentals for a CCSK professional.

These fifteen domains are:

  • Cloud Computing Reference Models
  • Contractual Requirements for Security
  • Security Considerations for Cloud Services Management
  • Compliance Requirements
  • Data Security Lifecycle
  • Portability
  • Insider & BCP Issues
  • Resourcing Issues
  • Provider Issues
  • SDLC Impacts & Implications
  • Management Requirements
  • Identification, Authorization & Access Control
  • Clouds & Virtual Machines
  • ENISA Requirements
  • Applied Knowledge

 

 
 
 
 
 
©2011 ISFMT, Inc. All Rights Reserved. Office: 803-593-4162 : Fax: 866-247-4819
i
Contact Us | Partners & Teaming | Capabilities