This article focuses on the definition of the cloud tailored from the unique perspective of IT networks and security professionals. A set of common and concise words for unified classification can be used to describe the impact of cloud architecture on security architecture. In this unified classification method, cloud services and architecture can be reconstructed, it can also be mapped to a compensation model with many elements, such as security, operational control, risk assessment, and management framework, to comply with compliance standards. Through cloud product classification, cloud services and cloud architecture can be reconstructed and mapped to a security and operation control model, risk assessment framework, management framework, and corresponding compliance standards.
What is cloud computing?
Cloud computing or cloud) is an evolutionary term that describes the development of many existing computing technologies and methods in different directions. The cloud separates applications and information resources from the underlying infrastructure and mechanisms used to deliver them. The cloud enhances collaboration, agility, scalability, availability, and the potential to reduce costs through optimized and more efficient computing.
More specifically, the cloud describes the use of services, applications, information, and infrastructure consisting of computing, networks, information, and storage based on "resource pools. These components can be quickly planned, configured, deployed, and retired, and can be quickly expanded or reduced to provide similar distribution and consumption modes of on-demand and utility computing.
This article focuses on the definition of the cloud tailored from the unique perspective of IT networks and security professionals. A set of common and concise words for unified classification can be used to describe the impact of cloud architecture on security architecture. In this unified classification method, cloud services and architecture can be reconstructed, it can also be mapped to a compensation model with many elements, such as security, operational control, risk assessment, and management framework, to comply with compliance standards.
2. What makes cloud computing?
NIST defines five key features, three service models, and four deployment models for cloud computing. As shown in 1, detailed descriptions will be provided later.
650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'alt =" NIST image model defined by cloud computing "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0923313537-0.png "/>
Figure 1 image model defined by NIST cloud computing
2.1 key features of cloud computing
The five key features presented by cloud services represent their relationships and differences with traditional computing methods:
? On-demand self-service: You can automatically configure computing capabilities as needed, such as server time and network storage, without interacting with service personnel of service providers.
? Broadband access: the service capability is provided through the network and supports various standard access methods, including various thin or fat client platforms such as mobile phones, laptops, and PDAs ), it also includes other traditional or cloud-based services.
? Virtualized resource "pool": the provider's computing resources are pooled into the resource pool. The multi-tenant model is used to meet user needs, dynamically allocate or distribute different physical and virtual resources to multiple consumers. Although location independence exists to some extent, that is to say, users cannot control or even know the exact physical location of the resources they are using, however, in principle, you can specify a location such as a country, state, province, or data center at a high abstraction level ). Resource examples include storage, processing, memory, network bandwidth, and virtual machines. Even Private clouds tend to virtualize resources to provide services for different departments of the Organization.
? Fast elastic architecture: service capabilities can be quickly and elastically supplied-automatically in some cases-to achieve rapid resizing and fast release. For users, the available service capabilities are almost unlimited and can be purchased as needed at any time.
? Measurable service: the cloud system can automatically control and optimize the resource usage of a service, it uses a certain degree of abstract measurement capabilities such as storage, processing, bandwidth, or active user accounts ). People can monitor, control resource usage, and generate reports. Reports can be transparent to both providers and users.
It must be recognized that, although cloud services are often used together with virtualization technology or cloud services are based on virtualization technology, they are not necessarily necessary. There is no need to bind resource abstraction and Virtualization Technologies together. Many cloud service products do not use hypervisor or operating system containers. Furthermore, it should be noted that multi-tenant has not become a key feature in the NIST cloud computing definition, but is often referred to as a key feature during the discussion. You can find more details in the "Multi-tenant" section after the cloud deployment model.
2.2 cloud service model
The delivery of cloud services can be divided into three modes and different derivative combinations. These three basic types are often referred to as "SPI" models, in which SPI represents software, platform, and infrastructure as services respectively ). They are defined as follows:
? Cloud software as a service (SaaS): The capability provided to users is the application of service providers running on cloud infrastructure. You can use various client devices to access applications, such as browser-based emails, through the "thin" customer interface, such as a browser ). Users do not manage or control underlying cloud infrastructure, such as networks, servers, operating systems, storage, or even individual application capabilities, unless they are special application configuration items of some limited users.
? Cloud Platform as a service (PaaS): The capability provided to users is to deploy applications created or purchased by users on the cloud infrastructure. These applications are developed using programming languages or tools supported by service providers, users do not manage or control underlying cloud infrastructure, including networks, servers, operating systems, or storage. However, they can control deployed applications and an environment configuration of application hosts.
? Cloud infrastructure as a service (IaaS): The capability provided to users is that the cloud provides processing, storage, networks, and other basic computing resources, allows users to deploy or run any software of their own, including operating systems or applications. Users do not manage or control underlying cloud infrastructure, but have control over operating systems, storage and deployed applications, and limited control over some network components, such as host firewalls ).
The NIST model and this document do not directly describe the service model definition of the proxy. The cloud service proxy provides arbitration, monitoring, change/porting, governance, supply, and integration services, negotiation between users and cloud service providers is also provided.
In short, because innovation will drive rapid solution development, cloud service users and suppliers will like various methods of interacting with cloud services, such as developing API interfaces, therefore, cloud service proxy will become an important part of the overall cloud ecosystem.
Before the launch of general, open, and standardized long-term solutions, cloud service agents abstract various incompatible capabilities and interfaces to provide users with proxy access methods. A long-term solution is a semantic capability that allows users to smoothly and flexibly make full use of models that best meet their specific needs.
It is very important that we must see various efforts around the development of public and private APIs, which are used for cloud management, security, and interoperability. Briefly list several such APIs, such as the Open Cloud Computing Interface Working Group), Amazon EC2 API, vCloud API submitted by VMware DMTF, and Sun's Open Cloud API, rackspace API and GoGrid's API. Open APIs, standard APIs, and common container formats, such as the open Virtualization Format OVFOpen Virtualization Format of DMTF, play a crucial role in cloud portability and interoperability.
Although there are many working groups, drafts, and released specification standards, there will certainly be an integration process, various market forces, user needs, and economic environments play with each other and refine the database. Finally, they reach a state that makes it easier for users to manage and interoperate.
2.3 cloud deployment model
No matter which service model SaaS, PaaS, or IaaS is used, there are four cloud service deployment models and the evolution and deformation on them to solve certain special needs.
? Public cloud. It is owned by an organization and its cloud infrastructure provides cloud services to the public or a large industry group.
? Private cloud. The cloud infrastructure is designed to run services for an organization. It can be managed by the organization or a third party, on-site service on-premises, or off-site service off-premises ).
? Community cloud. Cloud infrastructure is shared by several organizations to support a specific community. A Community refers to a group with a shared appeal and pursuit, such as mission, security requirements, policy or compliance considerations ). It can be managed by the organization or a third party, on-site service on-premises, or off-site service off-premises ).
? Hybrid cloud. The cloud infrastructure is composed of two or more private clouds, communities, or public clouds. It exists independently, but is bound together by standard or private technologies, these technologies facilitate the portability of data and applications, such as the cloud bursting technology used for load balancing between clouds ).
When the consumption demand of products in the market is becoming more and more mature, other derived cloud deployment models will emerge. It is very important to realize this. This is an example of virtual private cloud virtual private clouds-using public cloud infrastructure in private or semi-private form, resources in the public cloud are usually connected back to resources in the user data center through the Virtual Private Network VPN.
The Architecture concept during solution design has a great impact on the flexibility, security, mobility, and collaboration capabilities of future solutions. As a primary principle, the solution of "border-based perimeterized)" is not more effective than the solution of "de-border-based deperimeterized", which is used in the above four deployment models. By the same principle, private or open solutions also need to be carefully considered.
Multi-tenant Multi-Tenancy)
Although it is not an essential feature of cloud computing in the NIST model, CSA recognizes multiple tenants as an important element of the cloud. The "Multi-tenant" in the cloud service model means meeting the different needs of different customer scenarios for policy-driven security enhancement, segmentation, isolation, supervision, service level, and corresponding billing/refund models.. Users may use services provided by public cloud service providers or cloud services within the same organization, such as different business units (BUbusiness units). They are not completely different business organizations, infrastructure still needs to be shared between them.
650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'title = "2" style = "border-right: 0px; border-top: 0px; display: block; float: none; margin-left: auto; border-left: 0px; margin-right: auto; border-bottom: 0px "height =" 181 "alt =" 2 "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0923314F0-1.jpg "/>
From the provider's perspective, the multi-tenant requirement for architecture and design is to share infrastructure, data, metadata, services and applications among many different customers, to achieve scalability, availability, management, segmentation, isolation, and operational efficiency ".
Depending on the service provider's cloud service model, "Multi-tenant" can also adopt different definitions, because it may be related to implementation details at different levels of infrastructure, data, or applications. The implementation difference between IaaS and SaaS is an example. "Multi-tenant" has different importance in different cloud deployment models. However, even in the private cloud, although there is only one organization, there are also multiple consultants and contractors from third parties, and there are expectations for high-level logical separation between different business units. Therefore, you also need to consider "Multi-tenant"
650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'title = "3" style = "border-right: 0px; border-top: 0px; display: block; float: none; margin-left: auto; border-left: 0px; margin-right: auto; border-bottom: 0px "height =" 476 "alt =" 3 "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0923313051-2.jpg "/>
2.4 cloud Reference Model
Understanding the relationships and dependencies between cloud computing models is critical to understanding the security risks of cloud computing. IaaS is the basis of all cloud services. PaaS is built on IaaS and SaaS is built on PaaS. For the relationships between them, see the cloud reference model diagram. Along this line of thinking, as cloud service capabilities are inherited, information security risks and problems are also inherited. One important point is that commercial cloud providers may not exactly match this model. However, cloud reference models are used to associate real services with a specific architecture framework, it is important to understand the resources and services that require security analysis.
IaaS covers all infrastructure resources, from equipment rooms to hardware platforms. It includes the ability to abstract or reverse resources and deliver physical or logical network connections to these resources. The ultimate state is that The IaaS provider provides a set of APIs, allows users to manage and interact with infrastructure in other forms.
PaaS is located on top of IaaS and adds a layer for integration with application development frameworks, middleware capabilities, and functions such as databases, messages, and queues. PaaS allows developers to develop applications on the platform. The developed programming languages and tools are supported by PaaS.
Similarly, SaaS is located on the underlying IaaS and PaaS. SaaS provides an independent operating environment for delivering a complete user experience, including content, presentation, application, and management capabilities. Therefore, it must be clear that in the three models, there will be some obvious compromise on the features, complexity, openness, and security of integration. The compromise between the three cloud deployment models includes:
? In general, SaaS will provide the most integrated functions and the least user extensibility in the product). Relatively high integrated security should be at least the provider's responsibility for security ).
? PaaS provides developers with the ability to develop their own applications on the platform. Therefore, it tends to provide more scalability than SaaS, at the cost of SaaS's unique features that are available to users. This compromise will also extend to security colors and capabilities. Although the built-in security capabilities are not complete, users have more flexibility to achieve additional security.
? IaaS provides almost no special features similar to the application, but has great "scalability ". This generally means that IaaS has fewer security protection capabilities and functions besides protecting the infrastructure itself. The IaaS model requires cloud users to manage and secure operating systems, applications, and content.
A key feature of the cloud security architecture is that the lower the level of the cloud service provider, the more security capabilities and management responsibilities cloud service users have to undertake. In SaaS, this means that the contract requires a clear requirement on the service level, security, control, compliance, and Accountability expectations of the service itself and the provider. In the case of PaaS or IaaS, the management responsibility of these content is the user's own system administrator. The provider protects the underlying platform and infrastructure components to ensure the availability and security of basic services, the specific requirements may involve some discrepancies. It is clear that the user can specify/transfer responsibility), but it is not necessary to specify/transfer accountability ).
If you narrow down the scope or specific capabilities/functions of each cloud delivery model or their cross-coupling functions, many derivative classifications will be generated. For example, Storage as a Service) is a specific sub-Service in The IaaS family.
Cloud computing Solutions are constantly evolving. Although the panorama we discuss is beyond the scope of this document, the following OpenCrowd Cloud Solutions classification chart provides a very good starting point, it shows various cloud solutions derived from the above deployment models.
It should be noted that CSA does not particularly support any listed solutions, but is only used to illustrate the diversity of cloud solutions provided on the current market.
650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'title = "4" style = "border-right: 0px; border-top: 0px; display: block; float: none; margin-left: auto; border-left: 0px; margin-right: auto; border-bottom: 0px "height =" 351 "alt =" 4 "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/09233131G-3.jpg "/>
To provide a comprehensive view of Cloud Computing Use cases, Cloud Computing Use Case Group develops a collaborative task to describe and define common cases and demonstrate the benefits of the Cloud. Their goal is: "... let Cloud users and providers define public cloud computing use cases... Emphasize the need for standardized capabilities and requirements in the cloud computing environment to ensure interoperability, easier integration, and portability ."
2.5 cloud Security Reference Model
The cloud security reference model solves these classification relationships and puts them and their related security control and concerns in a context. For organizations and individuals who first came into contact with cloud computing, it is important to note the following issues to avoid potential traps and confusions:
1. Confusion Arising from frequent mixing of the concepts "How cloud services are deployed" and "where cloud services are provided. For example, public or private clouds may be described as external or internal clouds, and such swaps are not always accurate.
2. The usage of cloud services is often described as related to the Organization's management or security boundary location, which is usually defined on a firewall ). Although it is important to know where security boundaries are in cloud computing, the concept of "clear boundaries" is a mistake of the times.
3. re-perimeterization and erosion of trust boundaries are being staged in the enterprise, which is magnified and accelerated by cloud computing. Ubiquitous connections, various forms of information exchange, and traditional static security control that cannot solve the dynamic characteristics of cloud services all require new thinking about cloud computing. For the reorganization of the enterprise network boundaries,
Jericho Forum has developed a lot of materials, including many case studies. The deployment and consumption modes of the cloud cannot be discussed only in "internal" or "external", because they are only related to the physical location of assets, resources, and information, we also need to discuss who consumes, who is responsible for supervision, and compliance with security and policy standards.
It is not recommended that an asset, resource, or information be on-site on-premise or off-site offpremise has no impact on the security and risk status of the organization. However, here we would like to emphasize that risks are also related to these:
? Assets, resources, and information types to be managed
? Who manages? How to manage it?
? What controls are selected? How to integrate?
? Compliance issues
For example, the LAMP suites deployed in Amazon AWS EC2 should be classified as public, out-of-site, and third-party managed IaaS solutions, even if the instance, application, and data are managed by the consumer or a third party. A common application deployed in Eucalyptus serves several business units and is controlled, managed, and owned by a company. It can be classified as a private, on-site, and self-managed SaaS solution. Both examples use the elastic architecture and self-service capabilities of the cloud.
The following table summarizes these key points:
650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'title = "5" style = "border-right: 0px; border-top: 0px; display: block; float: none; margin-left: auto; border-left: 0px; margin-right: auto; border-bottom: 0px "height =" 161 "alt =" 5 "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0923315B6-4.jpg "/>
Another way to graphically display Cloud service models, deployment models, physical resource locations, management, and owner attributes is the Cloud Cube Model of Jericho Forum www.jerichoforum.org), as shown in:
650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'title = "6" style = "border-right: 0px; border-top: 0px; display: block; float: none; margin-left: auto; border-left: 0px; margin-right: auto; border-bottom: 0px "height =" 310 "alt =" 6 "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0923312245-5.jpg "/>
The cloud cube model vividly describes the arrangement and combination of existing cloud products on the market, and proposes to distinguish the cloud from a form of formation) transform to the four standards/Dimensions of another form, as well as various supply configuration methods to understand how cloud computing affects security routes.
The cloud cube model also highlights the challenges of understanding cloud models and ing them to control frameworks and standards, such as ISO/IEC27002, A series of guidelines and general principles are provided to start, deploy, maintain, and improve information security management within the Organization ".
In section 27002 of ISO/IEC 6.2, "External" External Parties) control goals include: "… The security of the Organization's information and information processing facilities should not be reduced by introducing external products or services ..."
Therefore, the security protection methods and responsibilities of the three cloud service models are different, which means that the cloud service consumers are facing very challenging tasks. Unless the cloud provider is willing to disclose its security control and the degree of deployment for the consumer, and the consumer also knows what control they need to maintain information security, there will certainly be a lot of misleading decisions and heavy losses.
This is critical. The first is to classify cloud services based on the cloud architecture model. The next step is to map its security architecture, as well as business, regulatory and other compliance requirements. It is a gap analysis exercise. The output results determine the general "security" Status of a cloud service and how it is associated with the protection requirements of an asset.
A good example is provided to illustrate how to map cloud service components and security control policy sets to determine which security control exists or is missing, provided by cloud service providers or third parties. This can also be compared with the compliance framework or mandatory requirements such as pci dss, as shown in.
650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'title = "7" style = "border-right: 0px; border-top: 0px; display: block; float: none; margin-left: auto; border-left: 0px; margin-right: auto; border-bottom: 0px "height =" 346 "alt =" 7 "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0923314910-6.jpg "/>
After the gap analysis is completed, it is much easier to determine what needs to be done according to regulatory and compliance requirements to fill in the risk assessment framework. Correspondingly, this can also help determine how to deal with these security "gaps" or ultimately risk-acceptance, transfer, or reduction.
It is important to be aware that using cloud computing as a running model does not naturally provide or impede compliance. Compliance with any requirements is the direct result of services, deployment models used, and the design, deployment, and management of resources within the scope. The following is a comprehensive summary of the control framework. They provide brilliant explanations of the general control framework mentioned above, including the Security Architecture model document of the Open Security Architecture Group, the recently updated NIST 800-53 revision 3-Recommended Security Controls for Federal Information Systems and Organizations.
3. What is cloud computing security?
Security Control in cloud computing is not different from security control in other IT environments. However, based on the cloud service model, operating mode, and cloud service technology, compared with traditional IT solutions, cloud computing may face different risks.
Even if some operational responsibilities fall on one or some third-party partners, a unique feature of cloud computing is the ability to maintain the auditable accountability while being moderately out of control ).
The characteristics of an organization's security situation depend on maturity, effectiveness, and the completeness of risk-based security control, which can be achieved at one or more layers, including physical security of devices) network Infrastructure Network Security), IT system security), to information and application security), more control includes personnel and process level, separation of duties and Management of changes.
As mentioned above, the security responsibilities of providers and users vary greatly in different cloud service models. For example, Amazon's AWS EC2 architecture, as a service, includes the security responsibilities of the vendors that have passed to hypervisor security. That is to say, they can only address the security controls of physical security, environmental security, and virtualization security, users are responsible for security control related to IT system events, including operating systems, applications, and data.
Salesforce.com's Customer Resource Management CRM SaaS provides the opposite, because the entire "stack" is provided by Salesforce.com, providers are not only responsible for physical and environmental security, but also must address security control related to infrastructure, applications and data, which reduces many operational responsibilities of users.
One of the attractiveness of cloud computing lies in the cost efficiency provided by economic scalability, reuse, and standardization. To support this cost efficiency, the services provided by cloud providers must be flexible enough, unfortunately, integrating security into these service solutions is often seen as making the solution rigid by maximizing the number of users and the market.
Compared with traditional IT systems, this rigidity is often manifested in the inability to deploy the same security control in the cloud environment, this is mainly because of the abstraction of infrastructure, lack of visualization, lack of the ability to integrate a variety of familiar security control measures, especially at the network layer.
It indicates that security control and its scope are negotiated in the service contract in the SaaS environment, and the service level, privacy and compliance are also related to the contract. In IaaS, security protection at the low-layer infrastructure and abstraction layer is the responsibility of the provider, and other responsibilities belong to the customer. PaaS is between the two. providers provide security protection for the platform itself. It is the responsibility of the customer to ensure the security of the applications on the platform and how to securely develop these applications.
650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'title = "8" style = "border-right: 0px; border-top: 0px; display: block; float: none; margin-left: auto; border-left: 0px; margin-right: auto; border-bottom: 0px "height =" 438 "alt =" 8 "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0923312a9-7.jpg "/>
Above architecture: key areas of interest
The other 12 domains that constitute cloud security highlight the areas of interest in cloud computing security, and specifically try to solve the hidden risks of strategic and tactical security in the cloud computing environment, this can be applied to the combination of various cloud services and deployment modes.
These domains are divided into two categories: governance) and running. The governance domain has a wide range of strategies and strategies to address the cloud computing environment, while the runtime domain focuses on more tactical security considerations and implementation within the architecture.
650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'title = "9" style = "border-right: 0px; border-top: 0px; display: block; float: none; margin-left: auto; border-left: 0px; margin-right: auto; border-bottom: 0px "height =" 341 "alt =" 9 "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/092331JQ-8.jpg "/>
650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'title = "10" style = "border-right: 0px; border-top: 0px; display: block; float: none; margin-left: auto; border-left: 0px; margin-right: auto; border-bottom: 0px "height =" 480 "alt =" 10 "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0923312222-9.jpg "/>
4. Summary
When deploying cloud computing models, it is critical to understand how the architecture, technology, processes, and human capital are changing or remain unchanged. If you do not have a clear understanding of the impact on a higher level of architecture, it is impossible to rationally solve those details. Together with the other 12 key domains, this architecture will give readers a solid foundation to evaluate, operate, manage, and manage the security in the cloud computing environment.
Author: Fu haijun
Source: http://fuhj02.blog.51cto.com
Copyright: The copyright of this article is owned by the author and 51cto.
Reprinted: you are welcome to reprinted. Please Reprinted as required to save the author's Creative Enthusiasm.] Thank you.
Requirement: This statement must be retained without the consent of the author; the original text connection must be provided in the article; otherwise, the legal liability must be investigated.
Personal Website: http://txj.shell.tor.hu