Steven's Blog

Cloud as a Product

2010-01-27T17:24:00.000-08:00

Everybody want to run Cloud Services and create their Cloud infrastructure from scratch which caused a lot of waste efforts and cause the problem in interoperability.

In this situation, how to provide a Cloud as a product solution become a good question to ask and can be good approach to do.

Infrastructure Security: The Network Level - 1

2009-12-01T19:09:00.000-08:00

When looking at the network level of infrastructure security, it is important to distinguish between public clouds and private clouds.

* With private clouds, there are no new attacks, vulnerabilities, or changes in risk specific to this topology that information security personnel need to consider.

Although your organization’s IT architecture may change with the implementation of a private cloud, your current network topology will probably not change significantly. If you have a private extranet in place (e.g., for premium customers or strategic partners), for practical purposes you probably have the network topology for a private cloud in place already. The security considerations you have today apply to a private cloud infrastructure, too. And the security tools you have in place (or should have in place) are also necessary for a private cloud and operate in the same way.

* However, if you choose to use public cloud services, changing security requirements will require changes to your network topology. You must address how your existing network topology interacts with your cloud provider’s network topology. There are four significant risk factors in this use case:

Ensuring the confidentiality and integrity of your organization’s data-in-transit to and from your public cloud provider;
Ensuring proper access control (authentication, authorization, and auditing) to whatever resources you are using at your public cloud provider;
Ensuring the availability of the Internet-facing resources in a public cloud that are being used by your organization, or have been assigned to your organization by your public cloud providers;
Replacing the established model of network zones and tiers with domains We will discuss each of these risk factors in the sections that follow.

Cloud Security - Infrastructure Security 1

2009-12-01T19:00:00.000-08:00

For the Infrastructure Security, there are following 3 levels:

* The Network Level
* The Host Level
* The Application Level

And should put the infrastructure security in the context of SPI service delivery models (SaaS, PaaS, and IaaS) to discuss.

Another dimension is the cloud business model (public, private, and hybrid clouds), which is orthogonal to the SPI service delivery model; what I want to highlight is the relevance of discussion points as they apply to public and private clouds.

* When discussing public clouds the scope of infrastructure security is limited to the layers of infrastructure that move beyond the organization’s control and into the hands of service providers (i.e., when responsibility to a secure infrastructure is transferred to the cloud service provider or CSP, based on the SPI delivery model).
* Information about Infrastructure Security is critical for customers in gaining an understanding of what security a CSP provides and what security you, the customer, are responsible for providing.

Cloud Computing Series I: What is Cloud Computing?

2009-10-19T19:07:00.000-07:00

From now, I plan to put a series of post about Cloud Computing and I will start from the question: What is Cloud Computing?

1. Cloud Definition:
The definition of Cloud Computing is based on five attributes:
- Multitenancy (shared resources)
- Massive scalability
- Elasticity
- Pay as you go
- Self-provisioning of resources

2. The Cloud Services Delivery Models
- SaaS
- PaaS
- IaaS

3. Cloud Deployment Models
- Public
- Private
- Hybrid