Cloud Computing:
Hi guys today we are going to understand about cloud computing and about the CIA triad for cloud computing.
What is Cloud Computing?
In layman's terms cloud computing is using the computing services delivered over the internet. The services are using servers (i.e. computers) and storing data in the internet storage instead off storing in the local hard drive or external storage. These can be used on a chargeable amount on usage. The services have benefited many of the people as these can be used anywhere in the world provided we have a computer or mobile with uninterrupted internet connection. It is also known as pay-as-you-go model as it will incur only the charges for that you use.
Why cloud computing?
In case you are running an organization or a startup rather be on a big scale or a smaller one your require a place for keeping the computers or servers with necessary network connections and space for storing the data and the operations performed that on a normal workplace computers which requires money for everything. So you must reach out separate vendors or retailers for buying these things. Cloud providers are the guys who are reliable and easy to reach out over the web that will save time and provide the necessary items you require for the operate your company let it be servers, storage etc. removing the middle man and creating a bridge between users and themselves.
Cloud models:
There are two types of models
· Service models (Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS)) and Server less computing.
· Deployment models (Private cloud, Public Cloud, Hybrid Cloud)
Some of the common services that the cloud provides are:
· Infrastructure
· Network
· Storage
· Compute
Service Models:
Infrastructure as a Service (IaaS)
As the name suggests we can rent IT infrastructure (servers and virtual machines (VMs), storage, networks, operating systems etc.) from a cloud provider on a pay-as-you-go basis i.e. what we use, we pay.
Platform as a service (PaaS)
This model provides the hardware and software tools predefined which can be used for application development. It provides cloud infrastructure components, such as operating systems, servers, databases, middleware, networking equipment and storage services which are already pre-installed over a remote location and accessed via the internet. Each of these functions is owned, operated, configured and maintained by the service provider.
Software as a Service (SaaS)
It is software model where the service provider hosts applications for customers and makes them available to these customers via the internet. Organizations typically pay for SaaS applications through a subscription fee, on a monthly or annual basis. We can use any software that is readily available and it is easily scalable.
Deployment models:
Private Cloud
As the name suggest this type of model is limited to the single person or a single organization with an internal network and only to select users instead of the general public. The main drawback people see with a private cloud is that all management, maintenance and updating of data centers is the responsibility of the company or the inidividual. This kind of the model will require separate staffing and maintenance to be done privately. Private cloud environment provides flexibility, guaranteed resource availability, strong security, and regulatory compliance, and in some cases, cost savings. For example a simple datacenter where everything is maintained by the private organization.
Public Cloud
This kind of model is open to the public anyone use the services provide by the cloud service provider and the data is managed by them. Your data is stored in the provider’s data center and the provider is responsible for the management and maintenance of the data center. This will avoid additional expenses on maintenance and management costs which are an added advantage. This type of service is easily scalable and convenient. For example the famous cloud giants like Microsoft Azure, Amazon Web Services.
Hybrid Cloud
This is a blend or mixture of the private and public cloud. This is a more complex cloud solution in that the organization must manage multiple platforms and determine where data is stored. As of today, more and more companies adopt hybrid cloud approach, since it gives them the opportunity to get all the benefits of public cloud -- scalability, on-demand availability and ease of use without giving up the predictability and security of private cloud environment. This model can be used many commercial sectors like finance, healthcare etc. For example these companies uses hybrid model HP, V cloud, Eucalyptus etc.
CIA Triad
A simple but widely-applicable security model is the CIA triad; standing for Confidentiality, Integrity and Availability; three key principles which should be guaranteed in any kind of secure system. This is a secure model that must be followed by all the cloud models.
Confidentiality
· Categorize data and assets being handled based on their privacy requirements.
· Require data encryption and two-factor authentication to be basic security.
· Ensure that access control lists, file permissions and white lists are monitored and updated regularly.
· Train employees about privacy considerations both at a generic org-wide level, and as per the nature of their role.
Integrity
· Review all data processing, transfer and storage mechanisms.
· Version control, data logs, granular access control, and checksums can be useful to enforce integrity. Hash functions can further prevent data corruption.
· Understand your organization’s compliance and regulatory requirements. For instance, GDPR permits data transfers to vendors in non-EU countries or other organizations, only if “adequate levels of protection” and “legal safeguards” are in place.
· Invest in a dependable backup and recovery solution; one that assures business continuity and quick data recovery in the event of a security or data breach.
Availability
· Build preventive measures such as redundancy, failover, and Redundant Array of Independent Disks (RAID) into system design. Make security audits routine. Auto-update or stay abreast of system, network, and application updates.
· Utilize detection tools such as network/server monitoring software and anti-virus solutions.
· Know that even highly-secure SaaS platforms and applications can experience downtime. Reliable cloud-based data backup ensures that all data can be accurately recovered in minutes.
· Develop a Data Recovery and Business Continuity plan with detailed corrective measures in the event of data loss, including timely communication with customers.
So hope this blog will help you to understand the introduction to cloud computing and its features If you enjoyed this post, I’d be very grateful if you’d help it spread by emailing it to a friend, or sharing it on Twitter or Facebook. Thank you!
Thanks and Regards,
Aditya Murali