TRU Cloud Computing Blog – Transitioning to the Cloud and Establishing Trust in Clouds

TRU Cloud Computing Blog – Transitioning to the Cloud and Establishing Trust in Clouds

Welcome to the sixth blog in the series of blogs on Cloud computing. This article will look at transitioning to the cloud and also discuss methods that can be deployed to establish trust in Cloud computing.

Legacy system migration means moving operational systems to new platforms – the Cloud – while retaining full functionality and creating minimum disruption to the organisation.

Defining what constitutes cloud computing has caused many debates amongst IT professionals. Peter Mell and Tim Grace in their 2011 book “The NIST Definition of Cloud Computing” describe Cloud computing as

“a cloud infrastructure is the collection of hardware and software that enables the five essential characteristics of cloud computing.”

Cloud computing is built on and extends established technologies – Service Oriented Architecture (SOA), distributed computing, and virtualisation.

As a result of using these technologies, any security issues and vulnerabilities in the existing technology is inherited by cloud computing.

Currently, there is no working security centric focus for migration from legacy systems to the cloud.

There is a five-stage process recommended for migration from the legacy system to a Cloud-based system.

  1. Extraction
  2. Analysis
  3. Design
  4. Deployment
  5. Evaluation

Before an organisation even considers moving to the cloud, a full assessment should be undertaken to ensure the organisation has established trust in the cloud provider and the service on offer.

To establish trust in the cloud, it is essential to understand the dynamics that deliver cloud computing.

All cloud resources start with a physical resource hosting a virtual resource, which, in turn, runs an application resource.

A specific virtual resource has 1:N relation with a physical resource, i.e., a virtual resource can run on different physical resources. A predefined policy restricts and controls the virtual resource hosting environment.

A specific application resource has 1:N relation with a virtual resource. Therefore an application resource can run on multiple virtual resources. Once again a predefined policy controls the behaviour of the application.

The points raised above show the relationship between an application and physical resource is 1:N.

Diagram courtesy of Dr Khaled Mahbub (Birmingham City University)

 

Two further entities impact upon the dynamics of trust relationships in cloud computing.

  • Trustor
  • Trustee

Trustor

An entity representing the Cloud user or a self-managed service.

Trustee

The service point at the Cloud’s virtual or application layer

The trustor establishes trust in the ability of the trustee to provide some services and to enforce the agreed policy. This relationship should be considered with the following cloud dynamics in mind.

  • Load balancing
  • Horizontal scaling
  • Redundancy
  • Clustering

Load Balancing

The trustee shares requests from service requestors (including the trustor), with other resources. These additional resources would be capable of handling similar services.

The service request from the trustor may be serviced by an alternative resource to the trustee. The opposite is also true; the trustee may have to service requests other than the trustor.

Although the trustor maintains a trust relationship initially established with the trustee the trustor is not necessarily serviced by the trustee.

This demonstrates the need for the trustor to update the trust relationship based on the entity dealing with (assigned) the request.

Horizontal Scaling

When the trustee is a three-tier application within an application domain, horizontal scaling of Tier 1 involves introducing more machines at the virtual domain that hosts the Tier 1 application component.

An increase in the requests coming into Tier 1 will almost certainly increase the requests going to Tier 2.

Horizontal scaling works in conjunction with load balancing.

With horizontal scaling trustor requests traverse various tiers, some of these tiers do not belong to the trustee. This invalidates the trust relationship that the trustor has in the trustee.

Redundancy

When the trustee fails, the system should transparently switch into failure mode with the redundant server continuing to service requests made by the trustor. To maintain an accurate trust relationship, the trustor has to invalidate the trust relationship with the trustee and create a new trust relationship with the resources now in use. This would be required every time the system transitions into failure mode.

Clustering

Clustering is one of the most critical concepts in Cloud computing. It is a concept that may cover the previous scenarios.

A cluster could consist of a group of replicated application resources within an application domain or a group of virtual resources within a virtual domain.

A trustor would establish trust in an entire cluster. The cluster would be seen as a single entity by the trustor.

Applications to server requests are determined with the use of algorithms.

These algorithms are used to ensure optimal utilisation of the resources within a cluster. The algorithm also provides transparency of failures to incoming requests.

Challenges to Trust

There are three significant challenges to trust in cloud computing.

  • Compositional chains of trust
  • Trust Re-evaluation
  • Transparency versus Evaluation

Compositional chains of trust

Some entities within cloud computing exist as a composition of multiple entities, application, virtual, and physical domains.

An entity established in this manner should see a single chain of trust that reports the trust within the grouping. This confirms the need for “Effective Chain of Trust Functions” (Abbadi, 2014) that can be used to determine the chain of trust from composite multiple entities.

Trust Re-evaluation

As the state of trusted entities alters all trust relationships with these entities requires re-evaluation and decisions updated based on the changes to the trust relationships.

“Dynamicity Aware Protocols” (Fisher, D.A., McCune, J.M., Andrews, A.D. 2011) are suggested to support re-evaluation with minimum impact on cloud desirability.

Transparency Versus Trust Evaluation

The various Cloud service models (IaaS, PaaS, and SaaS) all serve as forms of abstraction. This abstraction requires users not to have to attend to internal details of the operation, management or state of the underlying infrastructure.

The result is essential details for establishing trust to be unavailable to Cloud users.

A transparency strategy is required to optimise the right balance between information made available to users and trust evaluation.

References

  1. Cloud Security and Privacy An Enterprise Perspective on Risks and Compliance Mather, T. Kumaraswamy, S. Latif, S. 2014 O’Reilly Media
  2. Trust and Trusted Computing Platforms TECHNICAL NOTE 2011
  3. Cloud Management and Security Abbadi, I.M 2014 Wiley

 

Related Products

TRU Cloud

The right place in the cloud to run your Transportation Optimisation.

TMS made easy: the transportation management system combining cloud, mobile and social technologies for complete TMS capabilities.

TRU Cloud Brings Same-Day, Rapid-Deployment Transportation and Logistics Management.

View Product

TRU Connect

Integration is the key to clean seamless data movement between business systems.

In the past Transportation Platforms have often been implemented via a cumbersome combination of text file and manual operational processes, or complex inflexible API’s that can be expensive to build and maintain.

View Product

TRU Platform

Our transport management system "TRU Platform" is designed to help companies plan and manage transport operations that drive business growth. 

Optimise delivery schedules and track orders through to final delivery and Invoicing. TRU Platform also is a business analytics tool that transforms transportation data into meaningful views of order / fleet performance.

View Product

More from News