Cloud and Security….

Just finished a talk on ‘cloud and security’ at the cloud computing workshop organised by CSI Chennai at IIT Chennai. I was planning to attend all three days of the programme; but due to heavy travel and other commitments, could not. I was quite uncomfortable with my preparation for the talk also. I was hoping to get much of the input from somewhere; that did not work out. So, it meant I had to do it myself. Had to read through a few papers, connect up a lot of dots, and try to build a presentation. There were far too many issues, concepts, and interdependencies, and it was making me nervous. Finally managed a reasonable version.

I noticed that getting a clear consolidated picture of cloud security is very difficult. The industry side looks at it to say, ‘yeah there are some problems; but we have solved them all’. The academic and the rest sees only very narrow view of the security elephant. Finally, managed to put together some picture, in my own way, and managed to complete the talk comfortably. Surprisingly, many people came up and told me it was very informative and well structured. I did put in some work; but was not confident enough. I know, I can do a lot better – may be for the next time.

My basic premise was that much of the issues being brought up in cloud is same as what we have in our life otherwise – privacy, denial of service, infected programs, stealing data, etc. In cloud, these have a slightly different legal direction – since the cloud providers are not legally liable to your customers, and hence it is your responsibility, though you have no control over the process (being in the cloud). And then there are a few additional dimensions that virtualisation and multi-tenancy brings up – like one VM on a machine attacking/stealing from another VM on the same machine. So resource isolation becomes a major challenge – perhaps the most important challenge for security.I sketched the overall security scenario with a different cloud shape. I said “in all presentations so far, the cloud is a smooth nice shape; I have used a starry shape with a lot of pointed edges – because cloud can also hurt if not careful”. (see picture).

I then covered the gains and losses in security thanks to cloud – web presence means quicker update, large user base means bigger investment in fixing security problems, etc. And then introduced a few specific problems from research papers – trust based cloud computing, attestation of services and systems, data protection, etc.

The feedback makes me a little happy — a little silverlining in an otherwise dark cloud for me! — and relieved that the talk did not end up becoming a disappointment.

Security Scenarios in Cloud


One Response to “Cloud and Security….”

  1. Prakash pimpale Says:

    Liked this one very much – cloud can also hurt if not careful! I mean no one could have imagined to paste this meaning to this image/picture and that too to make the topic like cloud & security understand 🙂

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: