Securing the cloud : cloud computer security techniques and tactics
J R Winkler; Bill Meineقیمت نهایی
- تخفیف زماندار−۵٬۰۰۰ تومان
۵٬۰۰۰ تومان صرفهجویی نسبت به قیمت اصلی
نسخه اصلی و اورجینال
بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.
مشخصات کتاب
- نویسنده
- J R Winkler; Bill Meine
- سال انتشار
- ۲۰۱۱
- فرمت
- زبان
- انگلیسی
- حجم فایل
- ۳٫۱ مگابایت
دربارهٔ کتاب
Chapter One Introduction to Cloud Computing and Security
INFORMATION IN THIS CHAPTER
Understanding Cloud Computing
The IT Foundation for Cloud
The Bottom Line
An Historical View: Roots of Cloud Computing
A Brief Primer on Security: From 50,000 ft
A Brief Primer on Architecture
Security Architecture: A Brief Discussion
Cloud Is Driving Broad Changes
Cloud computing is an evolutionary outgrowth of prior computing approaches, which builds upon existing and new technologies. Even as cloud presents new opportunities around shared resources, the relative newness of the model makes it difficult to separate reasonable claims from hype. In part, excessive marketing claims have led to completely unrealistic perspectives of cloud security. Claims that cloud computing is inherently insecure are as absurd as are claims that cloud computing brings no new security concerns. Prospective cloud users can sense that there is value here, but their understanding of the issues is often incomplete.
UNDERSTANDING CLOUD COMPUTING
Just as the Internet revolutionized and democratized access to information, cloud computing is doing the same for Information Technology (IT). Cloud computing represents a paradigm shift for delivering resources and services; this results in important benefits for both cloud providers and cloud consumers. From how we build IT systems and how we use them to how we organize and structure IT resources, cloud is refactoring the IT landscape. Instead of uncrating computers and racking them in your server closet, the cloud allows for virtually downloading hardware and associated infrastructure. By abstracting IT infrastructure and services to be relatively transparent, the act of building a virtual data center is now possible in minutes, with minimal technical background and at a fraction of the cost of buying a single server.
How is this possible?
NOTE
Living up to its name, the term cloud conveys a nebulous quality. The term has historical roots in describing telephone networks as well as the Internet and has recently been applied to a seemingly endless range of products, services, technologies, and infrastructure. This makes for a difficult situation if we are to have a shared understanding of cloud computing.
This book uses the term cloud very broadly to include both cloud computing and cloud services. We will refine and build on this broad description in the course of this book, but initially we define these two terms:
Cloud Computing An IT model or computing environment composed of IT components (hardware, software, networking, and services) as well as the processes around the deployment of these elements that together enable us to develop and deliver cloud services via the Internet or a private network.
Cloud Services Services that are expressed by a cloud and delivered over the Internet or a private network. Services range from infrastructure-as-a-service (IaaS), to platform-as-a-service (PaaS), and software-as-a-service (SaaS), and include other services that are layered on these basic service models (more on these in Chapter 2).
Cloud Scale, Patterns, and Operational Efficiency
First, a detour: Upon entering a data center that hosts a cloud infrastructure, you will notice the immense size of the space and the overwhelming noise that comes from countless identically racked computers that are all neatly cabled and look the same. Massive scale, a disciplined appearance, and repeated patterns are three qualities of successful cloud implementations. These qualities are obviously not unique to the cloud, but they do contribute to the advantages of the cloud model. And it isn't simply the scale or the disciplined uniformity of a cloud infrastructure build: By developing appropriate repeated patterns and implementing them at a massive scale, you will gain cost advantages at all phases of the cloud life cycle: From procurement, build-out to operations, costs can be minimized through multiplied simplification. These same advantages benefit security as well.
NOTE
The following quotes about the noise of thousands of fans and disk drives in the Sun Public Cloud come from a friend and former manager Dan Butzer as he was interviewed on NPR: "This is the sound of lots of data being crunched and lots of data being stored" and "This amount of power has a certain sound to it, and it kind of sounds like a buzz. All around you, the other end of these machines, there may be tens of thousands or millions of people doing what they need to do. They have no idea that these things are here. This is the Internet. We're sitting in the Internet."
Our short detour through the server room can serve as an introduction to the cloud model, but before we exit the facility, let's take a look at a different collection of racked servers. This non-cloud server cage is being visited by a tired-looking engineer whom you can see standing alone in the din, rubbing the back of his head while clearly perplexed by a complete rat's nest of Ethernet and other cabling. You can almost hear him thinking: "Where is the other end of this cable ...?" By following regular patterns in infrastructure to the point of cabling, inefficiencies as these can largely be designed out, along with the errors in operation that are correlated with a less-disciplined implementation.
A Synergistic Trick
As we saw in our server room tour, at the IT infrastructure level, cloud computing involves assembling or pooling computing resources in huge aggregate quantities. Additional hardware can be added to the infrastructure as demand for resources approaches oversubscribed levels. Using virtualization, servers appear to multiply inside hardware per The Sorcerer's Apprentice. But traditional IT had the same tools, so what is different with cloud?
The cloud model performs a synergistic trick with its constituent technology components. The cloud model benefits from a convergence between technologies, from their synergies, and from complimentary approaches for managing IT resources. This results in a critical mass of compelling value that we can operate and deliver at an acceptable cost. There are few facets of the cloud model that are entirely new. What makes cloud computing so compelling can be summed up in the saying from Aristotle: "The whole is more than the sum of the parts."
Elasticity, Shape Shifting, and Security
The need for elasticity in cloud computing has spawned new solutions for managing infrastructure. Providing elasticity in cloud computing goes beyond simply flexing resource allocation as a customer requires more servers or more storage. Cloud elasticity entails continual reconfiguration in network and related controls from the cloud Internet ingress through core switches and down to individual virtual machines (VMs) and storage. This amounts to infrastructure shape shifting.
There are profound security implications to performing such dynamic changes to security controls; each one must be orchestrated correctly and performed to successful completion. Internet Protocol (IP) addresses and VMs can come and go, only to reappear elsewhere in the infrastructure, traceability becomes ephemeral, and thus elasticity greatly complicates security monitoring.
This elastic and shape-shifting quality demands a sophisticated management infrastructure that continually reflects both the desired state and the actual state of infrastructure configuration controls along with all resource allocation. One approach to achieve this is to use a database as a continually current and authoritative information source that operates in conjunction with all cloud infrastructure management and control functions—security included. Specific solutions for managing infrastructure are sometimes called configuration management databases (CMDBs), a term that stems from the configuration management process in the Information Technology Infrastructure Library (ITIL). Notably, to support the automation in a cloud, the CMDB must span a far wider set of information than ITIL acknowledges.
THE IT FOUNDATION FOR CLOUD
In this section, we take a high level look at the underlying technology pieces from which cloud computing infrastructure is built. These can be broadly categorized as follows:
Infrastructure Cloud computing infrastructure is an assemblage of computer servers, storage, and network components that are organized to allow for incremental growth well beyond typical infrastructure scale levels. These components should be selected for their capability to support requirements for scalability, efficiency, robustness, and security. Commodity or typical enterprise servers may not offer appropriate network support, reliability, or other qualities to efficiently and securely deliver against service level agreements (SLAs). Also, cloud servers may prove less expensive to operate, and they may be more reliable without internal disks in each server.
IP-based Networks In cloud infrastructure, the network serves as the means to connect users to the cloud as well as to interconnect the internal cloud. An enterprise model of networking does meet the needs for efficient and secure cloud provisioning and operation. At cloud scale, network needs drive toward specifying carrier-grade networking along with optimized networking strategies. Multiple switches in datapaths become single points of failure (SPOF) and compound cost in various ways.
Although optimization may point to a single unified network, security requires that the network be partitioned or virtualized to effect separation between different classes of traffic. Although networking can become flatter, you should expect to see multiple parallel networks in order to support security. Some of these segregate platform management from public data and service traffic, and others may be necessary to enable patterns for scale. These additional networks entail additional cost, but for the price, you also get physical separation and superior security. Virtualization With deep roots in computing, virtualization is used to partition a single physical server into multiple VMs—or a single physical resource (such as storage or networking) into multiple virtual ones. Virtualization allows for server consolidation with great utilization flexibility. For cloud computing, virtualization has great value in rapid commissioning and decommissioning of servers. Cloud virtualization software also presents a dynamic perspective and unified view of resource utilization and efficiencies for cloud IT operations. Virtualization is the primary enabling technology for achieving cost-effective server utilization while supporting separation between multiple tenants on physical hardware. Virtualization is not the only way to achieve these benefits, but its advantages make it the approach of choice.
Software Enables all aspects of cloud infrastructure management, provisioning, service development, accounting, and security. It is critical that cloud infrastructure is able to dynamically enforce policies for separation, isolation, monitoring, and service composition. The regular patterns of cloud infrastructure enable software to automate the tasks providing elasticity and shape shifting in order to present services that are composed of servers, VMs, storage, services, and other IT components. With software, we can automate provisioning and deprovisioning. Service Interfaces The service interface between the provider and the consumer is a key differentiator for cloud. It represents a contract that enforces the value proposition with SLAs and price terms. It is largely this interface that makes clouds stand out as new. It makes for competitive value, and it enables competition between providers. With the addition of self-service interfaces, we gain further optimizations. Cloud customers can engage cloud resources in an automated manner without having IT act as an impediment. Storage and other resources are expressed through graphical interfaces that the user can manipulate to define and subsequently instantiate virtual IT infrastructure. A Web browser, a credit card, and it's off to build your own virtual data center.
Figure 1.1 represents the relationship between individual components and their aggregation into a set of pooled and virtualized resources that can be allocated to specific uses or users—in essence, cloud computing that supports cloud services.
(Continues...)
Excerpted from Securing the Cloud by Vic (J.R.) Winkler Copyright © 2011 by Elsevier Inc.. Excerpted by permission of SYNGRESS. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site. Table of Contents 3 Chapter 1. Introduction to Cloud Computing and Security 9 Understanding Cloud Computing 9 The IT Foundation for Cloud 12 The Bottom Line 16 An Historical View: Roots of Cloud Computing 18 A Brief Primer on Security: From 50,000 ft 21 A Brief Primer on Architecture 26 Security Architecture: A Brief Discussion 28 Cloud Is Driving Broad Changes 31 Summary 34 Endnotes 34 Chapter 2. Cloud Computing Architecture 36 Cloud Reference Architecture 36 Control over Security in the Cloud Model 44 Making Sense of Cloud Deployment 46 Making Sense of Services Models 50 How Clouds Are Formed and Key Examples 51 Real-world Cloud Usage Scenarios 56 Summary 59 Endnotes 59 Chapter 3. Security Concerns, Risk Issues, and Legal Aspects 61 Cloud Computing: Security Concerns 62 Assessing Your Risk Tolerance in Cloud Computing 73 Legal and Regulatory Issues 80 Summary 91 Endnotes 93 Chapter 4. Securing the Cloud: Architecture 95 Security Requirements for the Architecture 97 Security Patterns and Architectural Elements 108 Cloud Security Architecture 117 Planning Key Strategies for Secure Operation 127 Summary 129 Endnotes 129 Chapter 5. Securing the Cloud: Data Security 130 Overview of Data Security in Cloud Computing 130 Data Encryption: Applications and Limits 137 Cloud Data Security: Sensitive Data Categorization 142 Cloud Data Storage 150 Cloud Lock-in (the Roach Motel Syndrome) 151 Summary 155 Endnotes 156 Chapter 6. Securing the Cloud: Key Strategies and Best Practices 157 Overall Strategy: Effectively Managing Risk 158 Overview of Security Controls 160 The Limits of Security Controls 166 Best Practices 169 Security Monitoring 178 Summary 188 Endnotes 189 Chapter 7. Security Criteria: Building an Internal Cloud 190 Private Clouds: Motivation and Overview 190 Security Criteria for Ensuring a Private Cloud 198 Summary 212 Endnotes 213 Chapter 8. Security Criteria: Selecting an External Cloud Provider 214 Selecting a CSP: Overview of Assurance 214 Selecting a CSP: Overview of Risks 220 Selecting a CSP: Security Criteria 227 Summary 235 Endnotes 235 Chapter 9. Evaluating Cloud Security: An Information Security Framework 236 Evaluating Cloud Security 237 Checklists for Evaluating Cloud Security 240 Metrics for the Checklists 252 Summary 252 Endnotes 253 Chapter 10. Operating a Cloud 256 From Architecture to Efficient and Secure Operations 258 Security Operations Activities 265 Summary 278 Endnotes 280 Index 281
As companies turn to burgeoning cloud computing technology to streamline and save money, security is a fundamental concern. Loss of certain control and lack of trust make this transition difficult unless you know how to handle it. Securing the Cloud discusses making the move to the cloud while securing your piece of it! The cloud offers flexibility, adaptability, scalability, and in the case of security—resilience. This book details the strengths and weaknesses of securing your company's information with different cloud approaches. Attacks can focus on your infrastructure, communications network, data, or services. The author offers a clear and concise framework to secure your business' assets while making the most of this new technology.
- Named The 2011 Best Identity Management Book by InfoSec Reviews
- Provides a sturdy and stable framework to secure your piece of the cloud, considering alternate approaches such as private vs. public clouds, SaaS vs. IaaS, and loss of control and lack of trust
- Discusses the cloud's impact on security roles, highlighting security as a service, data backup, and disaster recovery
- Details the benefits of moving to the cloud-solving for limited availability of space, power, and storage
کتابهای مشابه
Securing the Cloud : Cloud Computer Security Techniques and Tactics
۴۹٬۰۰۰ تومان
Secure Cloud Computing
۴۹٬۰۰۰ تومان
Cloud Security: Techniques and Applications (Smart Computing Applications)
۴۹٬۰۰۰ تومان
Cloud security : techniques and applications
۴۹٬۰۰۰ تومان
Cloud security : techniques and applications
۴۹٬۰۰۰ تومان
Cloud Security : A Comprehensive Guide to Secure Cloud Computing
۴۹٬۰۰۰ تومان
Data security in cloud computing
۴۹٬۰۰۰ تومان
Social Engineering in IT Security: Tools, Tactics, and Techniques : Testing Tools, Tactics & Techniques
۴۹٬۰۰۰ تومان
Cloud Computing Security : Foundations and Challenges
۴۹٬۰۰۰ تومان
Cloud Computing Security : Foundations and Challenges
۴۹٬۰۰۰ تومان
Cloud Computing Security : Foundations and Challenges
۴۹٬۰۰۰ تومان
It Security Risk Management In The Context Of Cloud Computing Perceived It Security Risks In The Context Of Cloud Computing
۴۹٬۰۰۰ تومان
قیمت نهایی
۴۴٬۰۰۰ تومان
