Cloud computing is one of the most emerging technologies. There are following different types of Cloud.
Types of Cloud
As per Services Offered :
IaaS or Infrastructure as a Service : If the cloud offers the service of infrastructure like storage disks or virtual servers, it is called Infrastructure as a Service or IaaS. Examples include Rackspace, Flexiscale.
PaaS or Platform as a Service : If the cloud offers a development platform and it includes an Operating System and a programming language execution environment, database and web server, it is called Platform as a Service or PaaS. Examples include Google App Engine, Salesforce.
SaaS or Software as a Service : If the cloud offers access to software applications on per user basis, it is called Software as a Service or SaaS. Examples include GMail, Google Docs.
As per Deployment Models :
On the other hand, as per deployment models there are mainly four types of clouds.
Private Cloud : Private clouds operate solely for a single organization. They can be managed internally or by a third party, hosted internally or externally.
Public Cloud : In a Public Cloud, services are rendered over a network that is open to public.
Community Cloud : Community Cloud shares infrastructure among several organizations from a specific community with similar concerns like security, compliance, jurisdiction etc. They can be managed internally or by third party, hosted internally or externally.
Hybrid Cloud : Hybrid cloud is a composition of two or more clouds, like private, public or community. It offers the benefits of multiple deployment models.
Security Concerns of Cloud
What are the security concerns that the cloud service providers and the clients need to take care of ?
If we look closely, we can see quite a number of security concerns, which we need to take care of while implementing or using the service of clouds.
Let's discuss a few of them.
- The first security issue that we can think of is data
breaches. In a multi-tenant cloud service, if the cloud service
database is not designed properly, a single flaw in a single client's
application can give an attacker access to data of one or multiple
client. Encrypting data can be a solution, but if you lose encryption
key, you lose data. Again, keeping offline backups of data increase
the possibility of data breaches.
- Secondly, we can think of
the issue of data loss that the cloud service providers need to take
care of. Data must be preserved from disasters like fire, flood or an
- The next issue we can think of is account
hijacking. If an attacker somehow hacks the account of the cloud
service provider, he can eavesdrop all the transactions and
manipulate data and redirect the clients to illegitimate sites and
prepare for more attacks.
- Fourthly, the threat of insecure
interfaces and APIs. Cloud service providers provide APIs and
interfaces for usage, management, orchestration and monitoring of
cloud services. Weak interfaces and APIs can expose the threats of
issues related to data confidentiality, integrity, availability and
- The next threat is Denial of Service attack.
Cloud service providers bill their client's based on computing cycles
and disk space consumed. An attacker, even if he may not be able to
stop the services completely, he may consume much process cycles to
affect the services to a significant extent.
- The cloud service
providers also have to keep safe from malicious insiders. They have
to monitor properly all its employees, contractors or business
partners who access the cloud, network, services and data. A
malicious insider or irresponsible access to data can lead to serious
- The seventh issue is the abuse of clouds. A malicious
user should not use the processing power of clouds for the purpose of
breaking encryption keys or hack a system. A cloud service provider
needs to take care of the abuse of their clouds.
- A cloud service providers provide resources like CPUs, GPUs and caches to multiple clients. A cloud must be designed to offer strong isolation properties. If an integral component gets compromised, it exposes the entire environment to a potential of compromise and breach.
So, if you are a cloud service provider or a user, it is better to keep these concerns in mind and design it properly.
So, stay safe, stay protected!