Cloud Computing

Module 228

1
General Recommendations by NIST
Data Governance
• Data Access Standards:
Before developing the Cloud
based applications, the
consumers should make sure
that the application
interfaces provided in Cloud
are generic and/or data
adaptors could be developed
for portability and
interoperability of the Cloud
applications can happen
when required.
General Recommendations by NIST
• Data Separation: The
consumer should make sure
that proactive measures are
implemented at the
provider’s end for separation
of sensitive and non-sensitive
data.
• Data Integrity: Consumers
should use checksum and
replication technique to
ensure the integrity of the
data to detect any violations
of data integrity.
General Recommendations by NIST
• Data Regulations: The
consumer is responsible to
ensure that the provider is
complying with all the
regulations regarding data
which are applicable to
consumer regarding data
storage and processing.
General Recommendations by NIST
• Data Disposition: The
consumer should make sure
that the provider offer such
mechanisms which delete
the data of consumer
whenever the consumer
requests for it. Also make
sure that the evidence or
proof of data deletion is
generated.
General Recommendations by NIST
• Data Recovery: The
consumer should examine
the data backup, archiving
and recovery procedures of
the provider and make sure
they are satisfactory.

end
Cloud Computing
Module 229

7
General Recommendations by NIST
Security & Reliability
• Consumer-side
Vulnerabilities: Consumers
should ensure the
implementation of proper
security and hardening of
consumer platforms to avoid
browser or other client
devices based attacks.
• Encryption: Consumer
should require that a strong
encryption is applied for web
sessions, data transfer and
data storage.
General Recommendations by NIST
• Consumer-side
Vulnerabilities: Consumers
should ensure the
implementation of proper
security and hardening of
consumer platforms to avoid
browser or other client
devices based attacks.
• Encryption: Consumer
should require that a strong
encryption is applied for web
sessions, data transfer and
data storage.
General Recommendations by NIST
• Physical: Consumers should
consider the appropriateness
of the physical security
implementations and
procedures of the provider.
There should be a recovery
plan for physical attack on
provider’s site. The providers
having multiple installations
in different geographical
regions should be preferred.
General Recommendations by NIST
• Authentication: Consumers
should consider the use of
advanced procedures for
authentications provided by
some providers to avoid
account hijacking or identity
thefts.
 General Recommendations by NIST

• Identity & Access Management: Consumers should

have the visibility in the capabilities of provider for:
• Authentication and access management procedures
supported by the provider.
• The tools available for consumers to extract the
authentication information.
• The tools available to consumer for granting
authorization to consumer users and other
applications without the involvement of provider.
General Recommendations by NIST
• Performance Requirements:
Consumers should
benchmark the performance
scores of an application
before deploying it to Cloud
in terms of responsiveness
and performance regarding
the input/output of bulk
end
data.
• These scores should be used
to establish key performance
requirements after deploying
the application over the
Cloud.
Cloud Computing
Module 230

14
General Recommendations by NIST
VMs, Software &
Applications
• VM vulnerabilities: When the
provider is offering Cloud IT
resources in the form of
VMs, the consumer should
make sure that the provider
has implemented sufficient
mechanisms to avoid attacks
from other VMs, physical
host and network.
• Also make sure the existence
of IDS/IPS systems and
network segmentation
techniques such as VLANs.
General Recommendations by NIST
• VM Migration: The
consumers should plan for
VM migration across
different providers just in
case.
• Time-critical Software: Since
the public Clouds have
unreliable response time
therefore the consumers
should avoid using the Cloud
for the deployment of time-
critical software.
General Recommendations by NIST
• Safety-critical Software: Due
to the unconfirmed reliability
of Cloud subsystems, the use
of Cloud for deployment of
safety-critical software is
discouraged.
• Application development
Tools: When using the
application development
tools provided by the service
provider, preference should
be given to the tools which
support the application
development lifecycle with
security features integrated.
General Recommendations by NIST
• Application Runtime
Support: Before deploying
an application over Clouds,
the consumer should make
sure that the libraries calls
used in application work
correctly and all those
libraries are dependable in
terms of performance and
functionality.
General Recommendations by NIST
• Application Configuration:
The consumer should make
sure that the applications
being deployed over the
Cloud can be configured to
run in a secured environment
such as in a VLAN segment.
• Also make sure that various
security frameworks can be
integrated with the
applications according to
requirements of security
policies of the consumer.
General Recommendations by NIST
• Standard Programming
Languages: Whenever
possible, the consumers
should prefer those Clouds
which work in standardized
programming languages and
tools.
end
Cloud Computing
Module 231

21
Migrating to the Cloud
• Define System Goals and
Requirements: The migration
to Cloud should be well
planned. Th first step should
be to define the system goals
and requirements. The
following considerations are
important:
• Data security and privacy
requirements
• Site capacity plan: The
Cloud IT resources needed
initially for application to
operate
Migrating to the Cloud
• Scalability requirements at
runtime
• System uptime requirements
• Business continuity and
disaster requirements
• Budget requirements
• Operating system and
programming language
requirements
• Type of Cloud: public,
private or hybrid
• Single tenant or multitenant
solution requirements
 Migrating to the Cloud
• Data backup requirements
• Client device support
requirements such as for
desktop, tab or smartphone
• Training requirements
• Programming API
requirements
end • Data export requirements
• Reporting requirements
[Jamsa, K. (2012). Cloud
computing. Jones & Bartlett
Publishers]
Cloud Computing
Module 232

25
Migrating to the Cloud
• Protect existing data and
know your application
characteristics: It is highly
recommended that before
migrating to Cloud, the
consumer should backup the
data. This will help in restoring
the data to a certain time.
• The consumer should discuss
with provider and agree upon
a periodic backup plan.
• The data life cycle and
disposal terms and conditions
should be finalized at the
start.
Migrating to the Cloud
• Protect existing data and
know your application
characteristics:
• If the consumer is required to
fulfill any regulatory
requirements regarding data
privacy, storage and access
then this should be discussed
with the provider and be
included in the legal
document of the Cloud
agreement.
Migrating to the Cloud
• Protect existing data and
know your application
characteristics:
• The consumer should know
the IT resource requirements
of the application being
deployed over the Cloud.
• The following important
features should be known:
• High and low demand
periods in terms of time
• Average simultaneous users
• Disk storage requirements
 Migrating to the Cloud
• Protect existing data and
know your application
characteristics:
• Database and replication
requirements
• RAM usage
• Bandwidth consumption by
end the application
• Any requirement related to
data caching
Cloud Computing
Module 233

30
Migrating to the Cloud
• Establish a realistic
deployment schedule, Review
budget and Identify IT
governance issues:
• Many companies use a
planned schedule for Cloud
migration to provide enough
time for training and testing
the application after
deployment.
Migrating to the Cloud
• Establish a realistic
deployment schedule, Review
budget and Identify IT
governance issues:
• Some companies use a beta-
release to allow employees to
interact with the Cloud based
version to provide feedback
and to perform testing.
Migrating to the Cloud
• Establish a realistic
deployment schedule, Review
budget and Identify IT
governance issues:
• Many companies use key
budget factors such as
running cost of in-house
datacenter, payrolls of the IT
staff, software licensing costs
and hardware maintenance
costs.
Migrating to the Cloud
• Establish a realistic
deployment schedule, Review
budget and Identify IT
governance issues:
• This helps in calculation of
total cost of ownership (TCO)
of Cloud based solution in
comparison.
Migrating to the Cloud
• Establish a realistic
deployment schedule, Review
budget and Identify IT
governance issues:
• Many Cloud providers offer
solutions at lower price than
in-house deployments.
• Regarding the IT governance
requirements, the following
are important point:
• Identify how to align the
Cloud solution with
company’s business strategy
Migrating to the Cloud
• Establish a realistic
deployment schedule,
Review budget and
Identify IT governance
issues:
• Identify the controls
needed within and
outside the Cloud based
solution so that the
application can work
correctly.
 Migrating to the Cloud
• Establish a realistic
deployment schedule,
Review budget and Identify
IT governance issues:
• Describe the access control
policies for various users
• Describe how the Cloud
end provider logs the errors
and system events and
how to access the log and
performance monitoring
tools made available to the
consumer