Security Challenges in Hybrid Cloud Infrastructures
Total Page:16
File Type:pdf, Size:1020Kb
Security Challenges in Hybrid Cloud Infrastructures Koushik Annapureddy Aalto University - School of Science and Technology [email protected] Abstract software, data center space or network equipment, customers can buy those resources as a fully outsourced service from Cloud computing has the potential to significantly change cloud provider. For delivering I.T infrastructure services, the way enterprises and their IT (Information Technology) cloud providers rely on virtualization mechanisms so that it systems run, but in order to achieve this the current cloud helps in delivering resources to customers in less time[9]. computing model needs to be changed according to the en- In spite of these significant advantages, migrating IT in- terprise requirements. These modifications lead to the evo- frastructure from enterprises to the public cloud involves lution of the hybrid cloud, which is a mix of both public and many challenges[12]. The complex nature of current enter- private clouds. Here, we consider hybrid cloud deployment prise applications pose problems such as performance issues, and Infrastructure as a Service (IaaS) consumption model in delay in response time and network latency when deployed detail since these provide the greatest flexibility for the enter- in the cloud. Apart from this, industry-specific regulations prise users. In order to succeed with hybrid cloud approach, and national privacy laws restrict on what type of data an there are a few challenges that must be addressed such as enterprise can migrate to the cloud [12]. Because of these application complexity and security. In this paper, we fo- issues, there has been a lot of interest among enterprises in cus on the challenges and security issues which may arise hybrid architectures where enterprise applications are partly in the enterprises due to migration of their IT infrastructure hosted on-premises and partly in the cloud. Public and pri- towards the hybrid model and finally analyze some of the so- vate cloud/Internal Network together provide resources to lutions which helps in providing secure connectivity between the enterprises. Hybrid architectures offer enterprises secu- the public cloud and the enterprise internal network. rity along with cost savings, flexibility, scalability, high per- formance while meeting business and technical needs. 1 Introduction Cloud computing is a solution in which computing resources such as hardware, software, network’s and storage are pro- vided to users on demand. The main principle behind de- signing this type of solution is to provide the users and en- terprises with the computation and storage resources they require, while allowing the customers to pay only for the amount they use. Figure 1: Hybrid Cloud[3] Enterprises, by deploying cloud solutions into their IT in- frastructure, are able to achieve efficiency, cost reduction, elasticity and agility. Choosing an appropriate cloud de- Even though by providing IaaS through the hybrid model, ployment model for their IT operations is one of the im- enables a flexible, on-demand approach for satisfying com- portant decisions for enterprises. Consider a recent survey puting requirements for enterprises, there are many issues of large enterprises worldwide conducted by Yankee Group to be addressed. The main barrier to enterprise adoption of [10]. Over 24% of the enterprises informed that they are IaaS is security. While migrating resources of an enterprise already using IaaS, and an additional 37% of them expect to the hybrid clouds the complexity of software and configu- to adopt IaaS during the next two years. In large enter- ration increases, due to separation of resources into multiple prises, the IT infrastructure [16] can be broadly divided into clouds. Apart from this complexity, there are many security three elements, namely Equipment (Enterprise servers, stor- issues such as managing the communication link between age, network and security devices), Facilities (Data centers, both sites during delivery of IT infrastructure from cloud to power cooling system)and Monitoring/Management systems enterprises, defining firewall with optimal rules to allow only and most of them spend a lot of time and money on evaluat- approved traffic from cloud, incompatible network policies. ing, buying, configuring and managing all software and hard- The rest of the paper is organized as follows. In Section ware required for their operations. All these issues can be 2, we provide an overview on the different service models solved by delivering IT infrastructure from the cloud model. being used and cloud architectures which can be deployed Cloud infrastructure services, or IaaS, delivers computer in- according to the enterprise requirements. Section 3 presents frastructure, typically a platform virtualization environment, the challenges involved while deploying hybrid cloud archi- as a service to the customers. Instead of purchasing servers, tecture for enterprise needs, Section 4 describes the solutions Aalto University, T-110.5290 Seminar on Network Security Fall 2010 which help in enterprises to operate efficiently and securely 2.1.3 Infrastructure as a Service (IaaS) in hybrid environment. Section 5 discusses on differences in In organizations, maintaining their internal IT related tasks the mentioned solutions. We conclude and give future work like installing, configuring servers, routers, firewalls and in Section 5 and Section 4 respectively. other devices is a cumbersome process and it requires ded- icated personnel for carrying out these tasks. Apart from this there are many challenges the enterprise has to tackle 2 Background while managing their infrastructure. IaaS [15] provides a so- lution by migrating the IT infrastructure to the cloud and it Due to emergence of virtualization as an efficient method is the responsibility of the cloud provider to tackle the issues for sharing the resources, cloud computing gained popularity of IT infrastructure management. Virtualization techniques over the last few years. Before migrating IT infrastructure are most commonly used in this model. VMWare, Ama- into the cloud, it is the responsibility of the enterprises to zon EC2, IBM BlueHouse, Microsoft Azure, Sun ParaScale analyze the different security threats possible in each cloud Cloud Storage,etc are some of the infrastructure services. and service models. In this section, we provide an overview study of all the models used in cloud. 2.1 Understanding Different Service Models The services offered by cloud computing models range from web based word processors and email clients to application development platforms such as WaveMaker, Engine Yard to Virtual Infrastructure providers which lease full virtual ma- chines. In this section, we present various types of delivery models used in cloud. 2.1.1 Software as a Service (SaaS) Figure 2: Cloud Resource Consumption Models[2] In this model, software is delivered or offered to customers as a service. SaaS [11] is a software application delivery model in which enterprises hosts and operates their application over 2.2 Cloud Models the internet so that customers can access it. Earlier, compa- nies have run software on their own internal infrastructures Irrespective of the service model delivered by cloud provider and computer networks, but now most of them have migrated there are four different deployment models used according to the SaaS model. One benefit of this model is customers to the enterprise requirements. Below we provide a detailed do not need to buy any software licences or any additional explanation about all the deployment models. equipment for hosting the application. Instead, they pay for Public cloud: In this model, a cloud service provider pro- using the software application. Users checking mail using vides cloud infrastructure, such as applications and storage, Gmail, Yahoo mail, managing appointments with google cal- available to the general public or large organization over endar are some of the SaaS applications users encounter in the internet. These services can be offered for free or on their daily life. a pay-per-usage model. Examples of public clouds include Amazon Elastic Compute Cloud (EC2), IBM’s Blue Cloud, Sun Cloud, Google AppEngine and Windows Azure Ser- 2.1.2 Platform as a Service (PaaS) vices Platform [8]. Private cloud: This model is similar to the public cloud This model provides a platform for building and running cus- on basis of operation except the fact that the resources (ap- tom applications. There is a lot of complexity and cost in- plications and storage) are operated for a single organiza- volved in building and running applications within the en- tion. The service provider can be the same organization or a terprise like support from hardware, a database, middleware, third party. This models suits better for private organizations an operating system and other software. Enterprises should where they provide hosted services to limited number of peo- have team of network, database and system experts for set- ple behind a firewall. Organization that needs or wants more ting up the configuration suitable for development. With control over their data than they can get by using a third- continuous evolving business requirements, the application party hosted service such as Amazon EC2 or Simple Storage needs to be changed every time thus causing long develop- Service (S3). ment cycles due to redeployment. With PaaS, enterprises can Community cloud: Some organizations has concerns build applications without