January 23, 2012

2.1.7 Risks associated to Cloud Computing and Virtualization

Risks associated to Cloud Computing and Virtualization

If you ask two people a question about what cloud computing is, you are likely to get four different answers. That in itself should be considered a risk. For our purpose, we will consider cloud computing as the use of the Internet to host services and data instead of hosting it locally. Implementation of this include Google Mail, Amazon EC2, Salesforce.com, etc.

The Security+ certification exam considers the following three ways of implementing cloud computing:
  • The Platform as a Service (PaaS) model, vendors provide a platform for customers to build and run custom applications.
  • Software as a Service (SaaS) is a way of delivering Web-based, on-demand, or hosted applications.
  • Infrastructure as a Service The Infrastructure as a Service (IaaS) model closely resembles the traditional utility model used by electric, gas, and water providers. It delivers computer infrastructure – typically a platform virtualization environment – as a service, along with raw (block) storage and networking.
Risk-related issues associated with cloud computing include the following:
  • Regulatory Compliance such as Sarbanes-Oxley's act.
  • User Privileges such as preventing privilege escalation.
  • Data Segregation keeps customer’s data secure and private, particularly important in a multi-tenant cloud computing implementation.
Some of the security risks that are possible with virtualization include the following:
  • Breaking Out of the Virtual Machine.
  • Network and Security Controls Can Intermingle.
  • Lax patch/update policy.
References:
  • http://en.wikipedia.org/wiki/Cloud_computing
  • http://onekobo.com/Cloud/TagCloud.html
  • https://cloudsecurityalliance.org/
  • CompTIA Security+ Review Guide: Exam SY0-301, Second Edition by James M. Stewart

No comments:

Post a Comment