Securing the Cloud
eBook - ePub

Securing the Cloud

Security Strategies for the Ubiquitous Data Center

  1. 232 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Securing the Cloud

Security Strategies for the Ubiquitous Data Center

About this book

This book provides solutions for securing important data stored in something as nebulous sounding as a cloud. A primer on the concepts behind security and the cloud, it explains where and how to store data and what should be avoided at all costs. It presents the views and insight of the leading experts on the state of cloud computing security and its future. It also provides no-nonsense info on cloud security technologies and models.

Securing the Cloud: Security Strategies for the Ubiquitous Data Center takes the position that cloud security is an extension of recognized, established security principles into cloud-based deployments. It explores how those principles can be put into practice to protect cloud-based infrastructure and data, traditional infrastructure, and hybrid architectures combining cloud and on-premises infrastructure.

Cloud computing is evolving so rapidly that regulations and technology have not necessarily been able to keep pace. IT professionals are frequently left to force fit pre-existing solutions onto new infrastructure and architectures for which they may be very poor fits. This book looks at how those "square peg/round hole" solutions are implemented and explains ways in which the pegs, the holes, or both may be adjusted for a more perfect fit.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Securing the Cloud by Curtis Franklin Jr.,Brian Chee in PDF and/or ePUB format, as well as other popular books in Business & Operations. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Auerbach Publications
Year
2019
eBook ISBN
9781000012033
Topic
Business
Subtopic
Operations
Index
Business

Chapter 1

Introduction

Why This Book Is Needed

When we began writing Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center1 in 2008, the idea that an enterprise would entrust its data and operations to a computing platform on which function was divorced from specific hardware or geography was on the cutting edge of enterprise information technology. As we write this book, the concept of cloud computing has entered the mainstream, although not all organizations have chosen to dive in. Thousands of IT professionals, enterprise executives, consultants, students, and generally curious, intelligent people have been left wondering whether “The Cloud” can be part of their computing world. One of the most frequently asked set of questions in the wondering process revolves around just how secure their important data can be if it’s stored in something as nebulous sounding as a cloud. It is for all these curious people that we wrote this book.
Perhaps you’re an IT executive who has been working in the field for a number of years. You have a reasonably good idea of how security works in the traditional data center, and you’ve begun to wrap your head around the particulars of security as it’s applied to virtual servers and storage appliances. When it comes to the cloud, though, you heard early on that security was a problem and you haven’t really been able to dive into the subject deeply enough to decide whether that impression is correct or just convenient. Now, your users and the rest of the management team is bringing up the cloud every time an IT problem is mentioned. You’ve decided that you need to get a handle on just how secure your data would be in the cloud, but you don’t know where to start.

We wrote this book for you

Maybe you’re part of the management team at a small company. Or perhaps you’re the entire management team at a small company. You’re not a computer expert, but the responsibility for making the final computer decisions rests on your shoulders, and people, from vendors to consultants to your own employees, keep bringing up the cloud. You’ve heard horror stories about how vulnerable things can be when they’re stored “out there,” but the economics sure are enticing. You’d love to be able to have a solid discussion with cloud providers and IT people without feeling like they’re speaking some horrible language that you don’t understand. You need a primer on the concepts behind security and the cloud and a guide book to this cloudy land—something that can help you understand where your data can have a good time and which places you should avoid at all costs.

We wrote this book for you

It could be that you’re a consultant who’s built a solid business helping companies with their computer issues. Your command of the classic client and server model is solid, you’ve helped firms move their applications to the Web, and you’ve even figured out how to make virtualization work for some of your larger customers. Now, you believe that there’s a business model that would be viable for you and your clients if you could help them see how cloud computing might work for their situation. First, though, you have to be able to show them that their information will be safe if they store it in a cloud architecture that’s been portrayed as the IT version of the “Wild, Wild West.” You need to make sure that you understand the concepts and can describe them to customers in simple, direct language.

We wrote this book for you

You could be a student working in a class on security or cloud architecture. It’s possible you’re a student who hasn’t been assigned this book for a class, but you’re interested in the cloud and security because you’ve heard that it’s important and you want to be able to find a job after you graduate from university. You’re pretty good with basic programming, and you’re rapidly building your knowledge of different facets of information processing and general computing. You might even have decided that becoming an expert in cloud computing could be a good direction for the early stages of your career. Before you can move from the academic to the real world, however, you have to be able to talk intelligently about how cloud computing can reasonably be used for companies that are doing real work “out there.” You need to understand the basics and have a real foundation in the theory so you can start building a practice that makes sense.

We wrote this book for you

And it might just be that you’re none of the above. You’re interested in cloud computing because you keep reading about how it’s the greatest thing since sliced bread, and you’re interested in security because you keep reading about massive data breaches, the impact of cyber-warfare, and the scary consequences of identity theft and you want to know how companies are able to keep anything safe and private when it’s stored in something as open sounding as “The Cloud.” When you’re interested in something you read about it, whether we’re talking about cloud security or the impact of the Crimean War on 20th-century European politics.

We even wrote this book for you

A reasonable person could reasonably ask how we intend to make one book meet the needs of all these different people. The answer is that we take the position that everyone reading this book is smart and curious. Everyone reading this book has some basic knowledge about computers and networks. And everyone reading this book deserves to have the information laid out in terms that use jargon as little as possible and build on basic concepts until we’ve conveyed what you need to know about security of, by, and for the cloud. Now, it’s also important for you to understand what this book won’t do for you.
If you’re looking for a book that contains a lot of programming examples and configuration files that can be copied into routers and firewalls, then you really should expand your search. If you’re looking for a book that prepares you for a particular certification exam, with specific answers and practice exams, then there are other titles that will better suit your needs. If, on the other hand, you’d like to know what some of the leading experts in the field think about the current state of cloud computing security and its likely future; if you’re looking for something that will let you hold your own in a discussion of cloud computing security; or if you want to be able to fine-tune the level of your nonsense detector when people are coming at you with cloud security claims, then sit back, settle in, and grab your favorite beverage. It’s time to get started on the book that is absolutely the right one for you.
Companies and organizations care so deeply about cloud security because they are adopting the cloud in large and growing numbers. What kind of numbers? According to a report by Cisco®,2 by 2014, more than half of all data loads (and in this case we’re talking about business information processing) will be processed in cloud computing centers, and only a minority will be processed in traditional data centers. If companies are going to move a growing percentage of their processing to a cloud computing architecture, it makes sense that their interest in securing the data that lives outside their traditional data center would increase apace.
Among the reasons given for a reluctance to go to the cloud, security concerns frequently top the list. As cloud deployments have expanded, cloud storage and applications have become part of infrastructures that fall under regulatory control, leading many IT professionals to wonder how, or if, the cloud can be considered sufficiently secure to meet regulatory compliance muster. If cloud computing were still experimental rather than a part of mainstream enterprise IT, this reticence would have little overall impact. As it is, though, individuals who have an incomplete or mistaken understanding of the security issues within cloud computing may find themselves placing their organizations at a competitive disadvantage because of a reluctance to embrace a computing model that could have significant advantages in their business situation.
Cloud computing is moving out of experimental and niche deployments to play a significant role in the everyday run-of-business IT infrastructure of a growing number of mainstream businesses.
From another perspective, advances in cloud applications have led to a growing number of businesses that are eager to use cloud capabilities as part of their security infrastructure, protecting both data center and mobile platforms from their remote point of view.
This book takes the position that cloud security is an extension of recognized, established security principles into cloud-based deployments. Exploring how those principles can be put into practice in protecting the cloud, protecting the traditional infrastructure from the cloud, or a hybrid of the two is what we intend to do in the remainder of this book.
In times of rapid change, both of the organization and its customers/ partners/suppliers, the ability to rapidly change the scale and capability of the IT infrastructure is critical to success. Cloud computing is, in many ways, perfect for the times in which business now finds itself.
Flexibility is inherent in the cloud model of computing. Computing resources, whether processor cycles or storage capacity, are treated as nearly infinitely flexible commodities, deployed or released as demand requires. This is perfect for matching IT services to the needs of the business and is unlikely to be supplanted as a model until something even more flexible replaces it.
Unfortunately, cloud computing is evolving so rapidly that regulations and security technology have not necessarily been able to keep pace. This means that IT professionals are frequently left to force fit pre-existing models and technologies onto new infrastructures and architectures for which they may be very poor fits, indeed. This book will look at the way those “square peg/round hole” matings are being implemented and suggest ways in which the pegs, the holes, or both may be adjusted for a more perfect fit.
One of the important reasons for this book is that the area covered by the word “cloud” has increased significantly in the last five years. Where cloud computing once meant straightforward services obtained under contract from a public cloud provider, there are now clouds that incorporate a wide variety of services and applications—services that may be hosted on a public cloud infrastructure, on a company’s own servers, or on a combination of both types of servers.
Public cloud services are still what most people mean when they speak of the cloud, and they remain the focal point of security efforts. Quite a bit of this focus comes from the simple fact that vital enterprise data is stored or processed on systems owned by another company—systems that are accessed via the Internet. Knowing what is possible in protecting cloud-stored data is critical, but by itself, it misses a major facet of cloud security. A cloud architecture allows for a view from outside the protected data and processing infrastructure. This protection from “the high ground” is, in many ways, consistent with traditional military strategy. Although the analogy to physical defense can be stretched only so far without breaking, there are elements that provide a useful illustration of critical points, as you’ll see a bit later in the book.

Public, Private, and Hybrid Clouds

One of the reasons that analogies to the physical world run into trouble in the realm of cloud computing is that The Cloud (as if such a unified, single entity truly existed) doesn’t really lend itself to neat categories. There is the public cloud mentioned in the last section. There are private clouds, in which the operational characteristics of public clouds—on-demand, elastic, self-provisioned computing services and storage—are applied to computing and storage infrastructures owned by (or contracted for on an exclusive basis with a service provider) the enterprise customer. To see what the differences are in a simplified format, see Figure 1.1.
Image
Figure 1.1. Public, private, and hybrid clouds are similar in structure and architecture, but distinct in ownership.
From a security standpoint, these private clouds have as much in common with traditional computing infrastructures as they do with public clouds, a situation that provides its own set of complications. Then there are the hybrid clouds, in which the entire computing structure is made up from pieces of private clouds, pieces of public clouds, and pieces of traditional computing infrastructure all brought together in a whirring IT blender.
These hybrid clouds can be as complex as the description suggests, and protecting them can be equally complicated. You’ll see in the Table of Contents that we discuss hybrid clouds and their protection in great detail.

What This Book Will Cover

Security in the cloud is a wide-ranging topic that requires basic knowledge in a number of areas and deeper knowledge in several others. This book will guide you from an introduction to general IT security through the basics of cloud architectures, with the goal of helping you understand how security applies to the various sorts of clouds—and how various clouds can be applied to the problems of security in many different circumstances.

Security Basics

We begin with security in IT and how it has evolved to the understanding that it must be viewed as a 360-degree issue if it’s to be effective. Part of this introduction, understandably, is a discussion of precisely what “360-degree security” means and why it’s so important. This point will be critical in latter parts of the book when we discuss just how security can be by and of the cloud. This foundation, therefore, isn’t just a way to increase the number of pag...

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Series Page
  6. Dedication
  7. Table of Contents
  8. Preface
  9. Acknowledgements
  10. About the Authors
  11. Chapter 1 Introduction
  12. Chapter 2 We Need a New Model for Security
  13. Chapter 3 The Basics of IT Security: From Mainframe to Cloud
  14. Chapter 4 The Basics of Security Failure
  15. Chapter 5 The Basics of Fitting Security to Situation
  16. Chapter 6 Defining the Cloud to Protect
  17. Chapter 7 Infrastructure as a Service
  18. Chapter 8 Platform as a Service (PaaS)
  19. Chapter 9 Software as a Service
  20. Chapter 10 Virtual Desktop Infrastructure
  21. Chapter 11 Understand Your Cloud Type
  22. Chapter 12 Public Cloud
  23. Chapter 13 Private Cloud
  24. Chapter 14 Hybrid Cloud
  25. Chapter 15 Working with Your Cloud Provider
  26. Chapter 16 Protecting the Perimeter
  27. Chapter 17 Protecting the Contents
  28. Chapter 18 Protecting the Infrastructure
  29. Chapter 19 Tie the Cloud Using an Internal Management Framework
  30. Chapter 20 Closing Comments
  31. Index