Welcome to the tenth blog in the series of blogs on Cloud computing. This article will look at transitioning to the cloud and also discuss methods that can be deployed to establish trust in Cloud computing.
Legacy system migration means moving operational systems to new platforms – the Cloud – while retaining full functionality and creating minimum disruption to the organisation.
Defining what constitutes cloud computing has caused many debates amongst IT professionals. Peter Mell and Tim Grace in their 2011 book “The NIST Definition of Cloud Computing” describe Cloud computing as
“a cloud infrastructure is the collection of hardware and software that enables the five essential characteristics of cloud computing.”
Cloud computing is built on and extends established technologies – Service Oriented Architecture (SOA), distributed computing, and virtualisation.
As a result of using these technologies, any security issues and vulnerabilities in the existing technology is inherited by cloud computing.
Currently, there is no working security centric focus for migration from legacy systems to the cloud.
There is a five-stage process recommended for migration from the legacy system to a Cloud-based system.
Before an organisation even considers moving to the cloud, a full assessment should be undertaken to ensure the organisation has established trust in the cloud provider and the service on offer.
To establish trust in the cloud, it is essential to understand the dynamics that deliver cloud computing.
All cloud resources start with a physical resource hosting a virtual resource, which, in turn, runs an application resource.
A specific virtual resource has 1:N relation with a physical resource, i.e., a virtual resource can run on different physical resources. A predefined policy restricts and controls the virtual resource hosting environment.
A specific application resource has 1:N relation with a virtual resource. Therefore an application resource can run on multiple virtual resources. Once again a predefined policy controls the behaviour of the application.
The points raised above show the relationship between an application and physical resource is 1:N.
Diagram courtesy of Dr Khaled Mahbub (Birmingham City University)
Two further entities impact upon the dynamics of trust relationships in cloud computing.
An entity representing the Cloud user or a self-managed service.
The service point at the Cloud’s virtual or application layer
The trustor establishes trust in the ability of the trustee to provide some services and to enforce the agreed policy. This relationship should be considered with the following cloud dynamics in mind.
- Load balancing
- Horizontal scaling
The trustee shares requests from service requestors (including the trustor), with other resources. These additional resources would be capable of handling similar services.
The service request from the trustor may be serviced by an alternative resource to the trustee. The opposite is also true; the trustee may have to service requests other than the trustor.
Although the trustor maintains a trust relationship initially established with the trustee the trustor is not necessarily serviced by the trustee.
This demonstrates the need for the trustor to update the trust relationship based on the entity dealing with (assigned) the request.
When the trustee is a three-tier application within an application domain, horizontal scaling of Tier 1 involves introducing more machines at the virtual domain that hosts the Tier 1 application component.
An increase in the requests coming into Tier 1 will almost certainly increase the requests going to Tier 2.
Horizontal scaling works in conjunction with load balancing.
With horizontal scaling trustor requests traverse various tiers, some of these tiers do not belong to the trustee. This invalidates the trust relationship that the trustor has in the trustee.
When the trustee fails, the system should transparently switch into failure mode with the redundant server continuing to service requests made by the trustor. To maintain an accurate trust relationship, the trustor has to invalidate the trust relationship with the trustee and create a new trust relationship with the resources now in use. This would be required every time the system transitions into failure mode.
Clustering is one of the most critical concepts in Cloud computing. It is a concept that may cover the previous scenarios.
A cluster could consist of a group of replicated application resources within an application domain or a group of virtual resources within a virtual domain.
A trustor would establish trust in an entire cluster. The cluster would be seen as a single entity by the trustor.
Applications to server requests are determined with the use of algorithms.
These algorithms are used to ensure optimal utilisation of the resources within a cluster. The algorithm also provides transparency of failures to incoming requests.
Challenges to Trust
There are three significant challenges to trust in cloud computing.
- Compositional chains of trust
- Trust Re-evaluation
- Transparency versus Evaluation
Compositional chains of trust
Some entities within cloud computing exist as a composition of multiple entities, application, virtual, and physical domains.
An entity established in this manner should see a single chain of trust that reports the trust within the grouping. This confirms the need for “Effective Chain of Trust Functions” (Abbadi, 2014) that can be used to determine the chain of trust from composite multiple entities.
As the state of trusted entities alters all trust relationships with these entities requires re-evaluation and decisions updated based on the changes to the trust relationships.
“Dynamicity Aware Protocols” (Fisher, D.A., McCune, J.M., Andrews, A.D. 2011) are suggested to support re-evaluation with minimum impact on cloud desirability.
Transparency Versus Trust Evaluation
The various Cloud service models (IaaS, PaaS, and SaaS) all serve as forms of abstraction. This abstraction requires users not to have to attend to internal details of the operation, management or state of the underlying infrastructure.
The result is essential details for establishing trust to be unavailable to Cloud users.
A transparency strategy is required to optimise the right balance between information made available to users and trust evaluation.
- Cloud Security and Privacy An Enterprise Perspective on Risks and Compliance Mather, T. Kumaraswamy, S. Latif, S. 2014 O’Reilly Media
- Trust and Trusted Computing Platforms TECHNICAL NOTE 2011
- Cloud Management and Security Abbadi, I.M 2014 Wiley