Tata AIG General Insurance Company - Insurer Innovation Award 2024
Cloud computing & security basics
1. RAHUL GURNANI
CDAC Certified Cyber Security Professional
MS Cyber Law & Information Security,
Indian Institute of Information Technology - Allahabad
2. agenda
• Virtualization - brief overview
• Essential Features of a cloud environment
• Cloud Service Models
• Cloud Deployment Models
• Benefits of Cloud
• Security Concerns in different Cloud
environments
• Mapping the traditional IT security
requirements to Cloud environment
• Two viewpoints on Cloud Security
3.
4. VIRTUALIZATION
• A cloud comprises of virtual machines hosted on a remote or local server
which are accessed and used on as and when needed basis.
• The virtual machines can be defined to have any configuration that a real
world machine would have, just the host machine should be able to support
it. Even servers can be hosted easily on a cloud.
• Just imagine if you are able to host your server in a virtual environment,
how much cost, space and business overheads would you save if your servers
are hosted on a cloud !
5. Essential Features of a cloud
1.On- Demand Self Service
2.Broad network access
3.Resource Pooling
4.Rapid Elasticity
5.Measured Service
6. On-demand self-service.
A customer using cloud services should be able to provision
computing capabilities such as server time and network
storage himself as and when required without requiring
human interaction with the service provider.
Broad network access.
The cloud services should be available over the network and
accessible thorugh standard devices such as laptops,
smartphones and tablet computers
Resource pooling. (& Location Independence)
The service provider’s computing resources are pooled to
serve multiple consumers using a multi-tenant model, with
different physical and virtual resources dynamically assigned
and reassigned according to consumer demand.
7. Rapid elasticity.
• Capabilities can be elastically provisioned and released, in
some cases automatically, to scale rapidly outward and
inward commensurate with demand.
• To the consumer, the capabilities available for provisioning
often appear to be unlimited and can be appropriated in
any quantity at any time.
Measured service.
• Cloud systems automatically control and optimize resource
use by leveraging a metering capability at some level of
abstraction appropriate to the type of service (e.g.,
storage, processing, bandwidth, and active user accounts).
• Resource usage can be monitored, controlled, and
reported, providing transparency for both the provider and
consumer of the utilized service.
8. Cloud Services
1.Software as a Service (SaaS).
2.Platform as a Service (PaaS).
3.Infrastructure as a Service (IaaS).
4.Business Process as a Service
(BPAAS)
9. Software as a Service (SaaS).
• The capability provided to the consumer is to use the
provider’s applications running on a cloud infrastructure.
• The applications are accessible from various client devices
through either a thin client interface, such as a web
browser (e.g., web-based email), or a program interface.
• The consumer does not manage or control the underlying
cloud infrastructure including network, servers, operating
systems, storage, or even individual application
capabilities, with the possible exception of limited user-
specific application configuration settings.
10. Platform as a Service (PaaS).
• The capability provided to the consumer is to deploy onto
the cloud infrastructure consumer-created or acquired
applications created using programming languages,
libraries, services, and tools supported by the provider.
• The consumer does not manage or control the underlying
cloud infrastructure including network, servers, operating
systems, or storage, but has control over the deployed
applications and possibly configuration settings for the
application-hosting environment.
11. Infrastructure as a Service (IaaS)
• The capability provided to the consumer is to
provision processing, storage, networks, and
other fundamental computing resources.
• The consumer is able to deploy and run arbitrary
software, which can include operating systems
and applications.
• The consumer does not manage or control the
underlying cloud infrastructure but has control
over operating systems, storage, and deployed
applications; and possibly limited control of
select networking components (e.g., host
firewalls).
12. Business Process as a Service (BPAAS).
• It is a form of business process outsourcing (BPO)
that employs a cloud computing service model.
• Whereas the aim of traditional BPO is to reduce
labor costs, BPaaS reduces labor count through
increased automation, thereby cutting costs in the
process.
• It adheres to cloud computing's traditional
monthly pricing schedule.
• Types of outsourcing services offered via the
BPaaS model include HR functions such as payroll
and benefits administration, procurement,
advertising, marketing and industry operation
processes.
13. • Private cloud
• Public cloud
• Hybrid cloud
• Community cloud
Deployment Models
14. Private cloud
• The cloud infrastructure is set up for exclusive use by an individual
organization which may have multiple consumers.
• It may be owned, managed, and operated by the organization itself or a
third party.
• It may be set up in the organizations premises or a remote location.
Community cloud
• It is for exclusive use by a specific community of consumers from
organizations that have shared concerns (e.g., mission, security
requirements, policy, and compliance considerations).
• It may be owned, managed, and operated by one or more of the
organizations in the community, a third party, or some combination of
them, and it may exist on or off premises.
15. Public cloud
• It is set up for open use by the general public.
• It may be owned, managed, and operated by a
business, academic, or government organization, or
some combination of them. It exists on the premises of
the cloud provider.
Hybrid cloud
• The cloud infrastructure is a composition of two or
more distinct cloud infrastructures (private,
community, or public) that remain unique entities,
• but are bound together by standardized or proprietary
technology that enables data and application
portability (e.g., cloud bursting for load balancing
between clouds).
16.
17. • Reducing capital Expenditure on IT
• Having a predictable Operations Expenditure
• Letting the organization focus on its core
competency
18.
19. Security Concerns
TOP CONCERN IN
ADOPTION OF
CLOUD
Physical controls
get replaced by
virtual controls
In a cloud environment, access expands,
control shifts, and the speed of
provisioning resources and applications
increases - greatly affecting all aspects
of IT security.
Cloud computing tests the limits
of security operations and
infrastructure.
20. Integrated service
management, automation,
provisioning, self service
Key security focus:
Infrastructure and Identity
Manage datacenter
identities
Secure virtual machines
Patch default images
Monitor logs on all
resources
Network isolation
Cloud Enabled Data Center
Infrastructure as a Service
(IaaS): Cut IT expense and
complexity through cloud data
centers
Platform-as-a-Service (PaaS):
Accelerate time to market with
cloud platform services
Pre-built, pre-integrated IT
infrastructures tuned to
application-specific needs
Key security focus:
Applications and Data
Secure shared databases
Encrypt private information
Build secure applications
Keep an audit trail
Integrate existing security
Cloud Platform Services
21. Advanced platform for
creating, managing, and
monetizing cloud services
Key security focus:
Data and Compliance
Isolate cloud tenants
Policy and regulations
Manage security operations
Build compliant data
centers
Offer backup and resiliency
Cloud Service Provider
Innovate
business models by becoming a
cloud service provider
Software as a Service (SaaS):
Gain immediate
access with business solutions
on cloud
Capabilities provided to
consumers for using a
provider’s applications
Key security focus:
Compliance and
Governance
Harden exposed applications
Securely federate identity
Deploy access controls
Encrypt communications
Manage application policies
Business Solutions on Cloud
22. People and Identity
Application and Process
Network, Server and Endpoint
Data and Information
Physical Infrastructure
Governance, Risk and Compliance
Security and Privacy Domains
Multiple Logins, Onboarding Issues
Multi-tenancy, Data Separation
Audit Silos, Compliance Controls
Provider Controlled, Lack of Visibility
Virtualization, Network Isolation
External Facing, Quick Provisioning
CLOUD
Self-Service
Highly Virtualized
Location Independence
Workload Automation
Rapid Elasticity
Standardization
How security and privacy domains get related to cloud
environments ?
23. Two viewpoints for cloud security
Security from the cloud
...cloud is used to deliver security as-a-service - focusing
on services such as vulnerability scanning, web and email
security, etc.
Security for the cloud
..focus is on secure usage of Cloud applications – like by
ensuring Audit, Access and Secure Connectivity.
There are various business solutions
available from different vendors
supporting both the models.