Protecting Information Assets and IT Infrastructure in the Cloud Protecting Information Assets and IT Infrastructure in the Cloud By Ravi Das and Preston de Guise CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2019 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original US government works Printed on acid-free paper International Standard Book Number-13: 978-1-138-39332-5 (Hardback) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged, please write and let us know so we may rectify in any future reprint. Except as permitted under US Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright. com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com BK-TandF-9781138393325_TEXT_DAS-190201-FM.indd 4 16/04/19 1:02 PM This book is dedicated lovingly to my Lord and Savior, Jesus Christ; my parents (Dr. Gopal Das and Mrs. Kunda Das), and my wife (Mrs. Anita Bhalla-Das). Dedicated to Peter, Lynne, and Daz. Contents Acknowledgments ........................................................................................xv About the Authors .......................................................................................xvii 1 Introduction to the Cloud Computing Environment .............................1 Evolution to the Cloud: The Mainframe ......................................................1 Evolution to the Cloud: The Personal Computer..........................................6 Chronological History of Key Milestones in Personal Computer Development ..........................................................................6 Other Key Milestones .............................................................................8 Evolution to the Cloud: The Wireless Network ............................................9 Major Changes from the 3G Network to the 4G Network....................11 4G Network Advances, Abilities, and Network Speeds .........................11 5G Networks and the Internet of Things (IoT) .....................................12 Technical Aspects of the Wireless Network ...........................................12 Wireless Links ..................................................................................13 Wireless Networks ............................................................................13 Cellular Networks ............................................................................14 The Properties ...................................................................................15 The Last Evolution to the Cloud: The Smartphone ....................................16 The 1G, 2G, 3G, and 4G Networks ......................................................16 The 1G Network (Analog Cellular) ..................................................17 The 2G Network (Digital Cellular)...................................................17 The 3G Network (Mobile Broadband) ..............................................17 The 4G Network (Native IP Networks) ............................................17 Chronological History of Key Milestones in Smartphone Technology .......................................................................18 Evolution of the Cloud ...............................................................................19 Evolution of Cloud Computing Infrastructure ..........................................20 The Basic Concepts and Terminology Surrounding Cloud Computing .....................................................................................23 The Cloud .............................................................................................24 Two Distinctions ...................................................................................24 vii viii ◾ Contents The IT Resource ....................................................................................25 On-Premise Components ......................................................................25 Scalability ..............................................................................................26 IT Asset Scaling ....................................................................................26 Horizontal Scaling ............................................................................26 Vertical Scaling .................................................................................27 Proportional Costs ................................................................................28 Scalability ..............................................................................................28 Availability and Reliability ....................................................................29 Service-Level Agreements ......................................................................30 The Challenges and Risks of Cloud Computing ........................................30 Security Risks and Challenges ...............................................................30 Reduced Operational Governance .........................................................31 Limited Portability ................................................................................32 Compliance and Legal Issues ................................................................33 The Functions and Characteristics of Cloud Computing ..........................34 On-Demand Usage ..............................................................................34 Ubiquitous Access .................................................................................35 Resource Pooling ...................................................................................35 Elasticity ...............................................................................................36 Measured Usage ....................................................................................36 Resilience ..............................................................................................36 Cloud Computing Delivery Models ...........................................................37 Infrastructure as a Service (IaaS) ...........................................................37 Platform as a Service (PaaS) ..................................................................38 Software as a Service (SaaS) ..................................................................39 Summary .............................................................................................40 Cloud Computing Deployment Models ....................................................40 The Public Cloud ..................................................................................41 The Community Cloud .........................................................................41 The Private Cloud..................................................................................41 The Hybrid Cloud ................................................................................42 Security Threats Posed to Cloud Computing .............................................43 Terms and Concepts Related to Cloud Security ................................43 Confidentiality ................................................................................44 Integrity ...........................................................................................44 Authenticity ......................................................................................45 Availability .......................................................................................45 Vulnerability .....................................................................................45 Security Risk ....................................................................................45 Security Controls .............................................................................46 Security Mechanisms .......................................................................46 Security Policies ...............................................................................46 Contents ◾ ix The Threat Agents and Entities ............................................................46 The Anonymous Attacker .................................................................47 The Malicious Service Agent .............................................................47 The Trusted Service Attacker ............................................................47 The Malicious Insider .......................................................................47 The Major Threats .................................................................................48 Traffic Eavesdropping .......................................................................48 The Malicious Intermediary ..............................................................48 Denial of Service ..............................................................................48 Insufficient Authorization .................................................................49 Virtualization Attack ........................................................................49 Overlapping Threat Boundaries ........................................................49 The Important Mechanisms of Cloud Computing .....................................49 The Load Balancer ............................................................................50 The Pay-per-Use Monitor ..................................................................51 The Audit Monitor............................................................................51 The Failover System ..........................................................................51 The Hypervisor .................................................................................52 The Server Cluster ............................................................................52 Cloud Computing Cost Metrics and Service Quality Mechanisms..................................................................................53 Network Usage ......................................................................................54 Server Usage ..........................................................................................54 Cloud Storage Device Usage .................................................................55 Service Availability ................................................................................56 Service Performance ..............................................................................57 Service Scalability .................................................................................58 Service Resilience ..................................................................................59 Sources ......................................................................................................60 2 Amazon Web Services...........................................................................61 Introduction—Chapter Overview .............................................................61 An Overview of the Evolution of Amazon Web Services ............................63 Major Components of Amazon Web Service .............................................65 AWS Compute Services ........................................................................66 Amazon Simple Storage Service (Amazon S3) .......................................67 AWS Database.......................................................................................67 AWS Migration .....................................................................................68 AWS Networking and Content Delivery ...............................................69 AWS Management Tools .......................................................................69 AWS Software Development Tools ........................................................71 AWS Security, Identity, and Compliance ..............................................72 AWS Analytics ......................................................................................73