Network Security News

A term 'cloud computing' becomes popular nowadays, even though it's in most cases very clouded and too general. An idea to distribute resources of all kinds over many computers isn't new, yet cloud computing is a relatively new family of technologies, growing rapidly and promising many an improvement in terms of reliability and security. Rational Survivability has posted a large and detailed article on that, Cloud Computing Architectural Framework.

The story goes: Cloud Computing (“Cloud”) is a catch-all term that describes the evolutionary development of many existing technologies and approaches to computing that at its most basic, separates application and information resources from the underlying infrastructure and mechanisms used to deliver them with the addition of elastic scale and the utility model of allocation. Cloud computing enhances collaboration, agility, scale, availability and provides the potential for cost reduction through optimized and efficient computing.

More specifically, Cloud describes the use of a collection of distributed services, applications, information and infrastructure comprised of pools of compute, network, information and storage resources. These components can be rapidly orchestrated, provisioned, implemented and decommissioned using an on-demand utility-like model of allocation and consumption. Cloud services are most often, but not always, utilized in conjunction with and enabled by virtualization technologies to provide dynamic integration, provisioning, orchestration, mobility and scale.

While the very definition of Cloud suggests the decoupling of resources from the physical affinity to and location of the infrastructure that delivers them, many descriptions of Cloud go to one extreme or another by either exaggerating or artificially limiting the many attributes of Cloud. This is often purposely done in an attempt to inflate or marginalize its scope. Some examples include the suggestions that for a service to be Cloud-based, that the Internet must be used as a transport, a web browser must be used as an access modality or that the resources are always shared in a multi-tenant environment outside of the “perimeter.” What is missing in these definitions is context.

From an architectural perspective given this abstracted evolution of technology, there is much confusion surrounding how Cloud is both similar and differs from existing models and how these similarities and differences might impact the organizational, operational and technological approaches to Cloud adoption as it relates to traditional network and information security practices. There are those who say Cloud is a novel sea-change and technical revolution while others suggest it is a natural evolution and coalescence of technology, economy, and culture. The truth is somewhere in between.

There are many models available today which attempt to address Cloud from the perspective of academicians, architects, engineers, developers, managers and even consumers. We will focus on a model and methodology that is specifically tailored to the unique perspectives of IT network and security professionals.

The keys to understanding how Cloud architecture impacts security architecture are a common and concise lexicon coupled with a consistent taxonomy of offerings by which Cloud services and architecture can be deconstructed, mapped to a model of compensating security and operational controls, risk assessment and management frameworks and in turn, compliance standards. Monitoring network resources pools as a security measure can be a built-in feature, thus preventing resources exhaustion when a single process (application) requests too much resources.

The abstracted, democratized, service-oriented and elastic nature of Cloud combined with tight automation, orchestration, provisioning and self-service then allows for dynamic allocation of resources based on any number of governing input parameters. One of the primary consequences is the cloud model, if properly tuned, may significantly raises chances to survive DoS attacks that could lead, under 'usual' circumstances, to total service denial of all the services associated with given server. Dynamic nature of a cloud means attackers can't 'shoot' at a single aim, since there's none; with one of the servers unavailable, the whole cloud can still operate quite efficiently.

Depending on cloud subtype, security model can be described as a set of rules controlling what actions in return to access requests should be done. It makes providing clear security model a simpler task, since, in many cases, the underlying model of resource pooling etc. doesn't impact the overall security model.

This article was brought to you by the developers of IPHost Network Monitor, network and server monitoring software.