Infrastructure security (e.g. services, applications, data security) may be an important issue in any computer network infrastructure (including all aspects of IT, such as physical machines, virtual machines, containers, network, private cloud, public cloud, hybrid cloud, other cloud infrastructures, applications, SaaS applications, and/or devices, etc.) as there may be external attacks and/or insider threats (e.g., services/applications in-availability effected by infrastructure outage or attack, data being stolen using privileges, etc.). Infrastructure security may consist of policies adopted to prevent and/or monitor unauthorized access, misuse, modification, or denial of the computer network infrastructure. Infrastructure security may involve the authorization of access to data, services, and/or applications in the computer network infrastructure, which may be controlled by the network administrator.
Users may choose and/or may be assigned an ID, password and/or other authenticating information that may allow them access to information and/or programs within their authority as determined by their access privileges. Infrastructure security may cover a variety of computer networks, both public and private, that may be used in everyday jobs for conducting transactions and/or communications among businesses, government agencies and/or individuals. Networks may be private, such as within a company, and/or public, being open to public access. Infrastructure security may be involved in organizations, enterprises, and/or other types of institutions, to secure the network, as well as protecting and/or overseeing operations being done.
In recent years, cloud-based computing may be increasing in popularity. Cloud computing, also on-demand computing, may be a kind of Internet-based computing that may provide shared processing resources and/or data to computers and/or other devices on demand. It may be a model for enabling ubiquitous, on-demand access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and/or services), which may be rapidly provisioned and/or released with minimal management effort. Cloud computing and/or storage solutions may provide users and/or enterprises with various capabilities to store and/or process their data in third-party data centers. It may rely on sharing of resources to achieve coherence and/or economy of scale, similar to a utility (like the electricity grid) over a network.
Cloud computing may allow companies to avoid upfront infrastructure costs, and/or focus on projects that differentiate their businesses instead of on infrastructure. Proponents may also claim that cloud computing may allow enterprises to get their applications up and running faster, with improved manageability and/or less maintenance, and/or may enable IT to more rapidly adjust resources to meet fluctuating and/or unpredictable business demand. Cloud providers may use a “pay as you go” model.
The present availability of high-capacity networks, low-cost computers and/or storage devices as well as the widespread adoption of hardware virtualization, service-oriented architecture, and/or autonomic and utility computing may led to a growth in cloud computing. Companies may scale up as computing needs increase and then scale down again as demands decrease.
Cloud computing may become a highly demanded service or utility due to the advantages of high computing power, cheap cost of services, high performance, scalability, accessibility as well as availability. Major public cloud infrastructures may include Amazon® Elastic Compute Cloud introduced in 2006, Microsoft® Azure introduced in 2008, OpenStack® introduced in 2010, IBM® SmartCloud introduced in 2011, Oracle® Cloud introduced in 2012, and NASA OpenNebula introduced in 2008.
Cloud computing may be the result of the evolution and/or adoption of existing technologies and/or paradigms. The goal of cloud computing may be to allow users to take benefit from all of these technologies, without the need for deep knowledge about or expertise with each one of them. The cloud may aim to cut costs, and/or help the users focus on their core business instead of being impeded by IT obstacles.
The main enabling technology for cloud computing may be virtualization. Virtualization software may separate a physical computing device into one or more “virtual” devices, each of which may be easily used and/or managed to perform computing tasks. With operating system-level virtualization essentially creating a scalable system of multiple independent computing devices, idle computing resources may be allocated and/or used more efficiently. Virtualization may provide the agility required to speed up IT operations, and/or reduce cost by increasing infrastructure utilization. Autonomic computing may automate the process through which the user may provision resources on-demand. By minimizing user involvement, automation may speed up the process, reduce labor costs and/or reduce the possibility of human errors.
Cloud computing may adopt concepts from Service-oriented Architecture (SOA) that may help the user break these problems into services that may be integrated to provide a solution. Cloud computing may provide all of its resources as services, and/or make use of the well-established standards and/or best practices gained in the domain of SOA to allow global and/or easy access to cloud services in a standardized way.
Though service-oriented architecture may advocate “everything as a service” (with the acronyms EaaS or XaaS or simply aas), cloud-computing providers may offer their “services” according to different models, which happen to form a stack: infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and/or software-as-a-service (SaaS).
In some basic cloud-service model—and according to the IETF (Internet Engineering Task Force)—providers of IaaS may offer computers—physical or (more often) virtual machines—and other resources. IaaS may refer to online services that abstract the user from the details of infrastructure like physical computing resources, location, data partitioning, scaling, security, backup etc. A hypervisor, such as Xen, Oracle® VirtualBox, KVM, VMware® ESX/ESXi, or Hyper-V may run the virtual machines as guests. Pools of hypervisors within the cloud operational system may support large numbers of virtual machines and/or the ability to scale services up and/or down according to customers' varying requirements. IaaS clouds may offer additional resources such as a virtual-machine disk-image library, raw block storage, file or object storage, firewalls, load balancers, IP addresses, virtual local area networks (VLANs), and/or software bundles. IaaS-cloud providers may supply these resources on-demand from their large pools of equipment installed in data centers. For wide-area connectivity, customers may use either the Internet or carrier clouds (dedicated virtual private networks). To deploy their applications, cloud users may install operating-system images and/or their application software on the cloud infrastructure. In this model, the cloud user may patch and/or maintain the operating systems and/or the application software. Cloud providers may bill IaaS services on a utility computing basis: cost may reflect the amount of resources allocated and/or consumed.
PaaS vendors may offer a development environment to application developers. The provider may develop toolkit and/or standards for development and/or channels for distribution and/or payment. In the PaaS models, cloud providers may deliver a computing platform, typically including operating system, programming-language execution environment, database, and/or web server. Application developers may develop and/or run their software solutions on a cloud platform without the cost and/or complexity of buying and/or managing the underlying hardware and/or software layers. With some PaaS offers like Microsoft® Azure and/or Google® App Engine, the underlying computer and/or storage resources may scale automatically to match application demand so that the cloud user may not have to allocate resources manually. The latter may be proposed by an architecture aiming to facilitate real-time in cloud environments. Even more specific application types can be provided via PaaS, such as media encoding as provided by services like bitcodin.com or media.io. Platform as a Service (PaaS) consumers may not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but may have control over the deployed applications and/or possibly configuration settings for the application-hosting environment.
In the software as a service (SaaS) model, users may gain access to application software and/or databases. Cloud providers may manage the infrastructure and/or platforms that may run the applications. SaaS may sometimes be referred to as “on-demand software” and/or may be priced on a pay-per-use basis or using a subscription fee. In the SaaS model, cloud providers may install and/or operate application software in the cloud and/or cloud users may access the software from cloud clients. Cloud users may not manage the cloud infrastructure and/or platform where the application may run. This may eliminate the need to install and/or run the application on the cloud user's own computers, which may simplify maintenance and/or support. Cloud applications may differ from other applications in their scalability—which may be achieved by cloning tasks onto multiple virtual machines at run-time to meet changing work demand. Load balancers may distribute the work over the set of virtual machines. This process may be transparent to the cloud user, who may see only a single access-point. To accommodate a large number of cloud users, cloud applications may be multitenant, meaning that any machine may serve more than one cloud-user organization.
There may be a few major types of cloud infrastructure: private cloud, public cloud, hybrid cloud, etc.
Private cloud may be a cloud infrastructure operated solely for a single organization, whether managed internally or by a third-party, and/or hosted either internally or externally. Undertaking a private cloud project may require a significant level and/or degree of engagement to virtualize the business environment, and/or may require the organization to reevaluate decisions about existing resources. When done right, it may improve business, but every step in the project may raise security issues that must be addressed to prevent serious vulnerabilities. Self-run data centers may be generally capital intensive. They may have a significant physical footprint, requiring allocations of space, hardware, and/or environmental controls. These assets may have to be refreshed periodically, resulting in additional capital expenditures. They may have attracted criticism because users may still have to buy, build, and/or manage them and/or thus may not benefit from less hands-on management, essentially lacking the economic model that may make cloud computing such an intriguing concept.
A cloud may be a public cloud when the services may be rendered over a network that is open for public use. Public cloud services may be free. Technically there may be little or no difference between public and/or private cloud architecture, however, security consideration may be substantially different for services (applications, storage, and/or other resources) that may be made available by a service provider for a public audience and when communication may be effected over a non-trusted network. Generally, public cloud service providers like Amazon® Web Services (AWS), Microsoft® and/or Google® own and/or operate the infrastructure at their data center and/or access may generally be via the Internet. AWS and/or Microsoft® may also offer direct connect services called “AWS Direct Connect” and/or “Azure ExpressRoute” respectively. Such connections may require customers to purchase or lease a private connection to a peering point offered by the cloud provider.
Community cloud may share infrastructure between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party, and/or either hosted internally or externally. The costs may be spread over fewer users than a public cloud (but more than a private cloud), so only some of the cost savings potential of cloud computing may be realized.
Hybrid cloud may be a composition of two or more clouds (private, community or public) that remain distinct entities but are bound together, offering the benefits of multiple deployment models. Hybrid cloud may also mean the ability to connect collocation, managed and/or dedicated services with cloud resources.
Other cloud may include distributed cloud, inter-cloud, multi-cloud, etc. Distributed cloud may be a distributed set of machines in different locations, connected to a single network or hub service. There may be two types of distributed clouds: public-resource computing and/or volunteer cloud. Inter-cloud may be an interconnected global “cloud of clouds” and/or an extension of the Internet “network of networks” on which it may be based. The focus may be on direct interoperability between public cloud service providers, more so than between providers and/or consumers (as is the case for hybrid- and/or multi-cloud). Multi-cloud may be the use of multiple cloud computing services in a single heterogeneous architecture to reduce reliance on single vendors, increase flexibility through choice, mitigate against disasters, etc. It may differ from hybrid cloud in that it may refer to multiple cloud services, rather than multiple deployment modes (public, private, and legacy).
Cloud computing may pose privacy concerns because the service provider may access the data that may be in the cloud at any time. It may accidentally or deliberately alter or even delete information. Many cloud providers may share information with third parties if necessary for purposes of law and order even without a warrant. That may be permitted in their privacy policies, which users may have to agree to before they start using cloud services. Solutions to privacy may include policy and/or legislation as well as end users' choices for how data may be stored. Users may encrypt data that is processed or stored within the cloud to prevent unauthorized access.