Cloud Infrastructure: Definition, Advantages and Security – What Companies Need to Consider

The corona pandemic has digitized our everyday life. In response to the pandemic and to shape their digital future, companies are increasingly using the advantages of cloud infrastructures such as Amazon Web Service, Microsoft Azure, Google Cloud, Alibaba, IBM or Oracle. [1] Cloud computing follows the approach of making IT infrastructures available. Therefore, a user can access storage space, computing power, databases, platforms and / or software easily via a computer network such as the Internet without the need for a local installation or local infrastructure. [2],[3] But what is a “cloud”? What are the advantages for companies? And what do companies have to consider in the area of security and data protection? An analysis.

The term “cloud computing” can be defined differently depending on the point of view

From an operator’s point of view, the cloud is “more than just another person’s computer”

Depending on the point of view – either from the operator’s or the consumer’s point of view – the term “cloud computing” can be defined differently. Cloud operators tend to relate cloud infrastructure with the hardware and software components that are necessary to set up and operate a cloud service. Hardware includes servers, network components, storage systems or data centers. This hardware is then made available to users on a platform via the Internet. In addition, the providers need suitable software to operate and scale their devices efficiently and software such as billing systems to operate the cloud service.[4]

Figure 1: Cloud Infrastructure.

From the user’s point of view, a cloud infrastructure is comparable to a resource pool, from which the user can subscribe to various service and deployment models

For a user, a cloud infrastructure can be compared with a resource pool (server, data storage, software, etc.), from which one can make any use.[4] The resources can be managed and used more flexibly and efficiently than traditional, local IT infrastructure.

In this context, the cloud infrastructure can be characterized using service and deployment models.  Service models are described as “Infrastructure as a Service” (IaaS), “Platform as a Service” (PaaS) and “Software as a Service” (SaaS). With IaaS, users create their own virtual computer clusters through cloud-based access to virtual hardware such as computers, networks or storage. Therefore, the users are responsible for the selection, the installation and the operation of their applications and middleware. With PaaS, users access the cloud-based programming and runtime environments with flexible, dynamically adaptable computing and data capacities. Such environments are particularly interesting for developing your own software applications. SaaS or “Software on Demand” offers software collections and applications.

The deployment model describes how users access the cloud infrastructures – i.e. as exclusive users (private cloud) or with others (public cloud), in a small, defined group of users (community cloud) or as a hybrid cloud – a combination of private and public cloud.

The NIST published a general definition that combines the different approaches

Since the term “cloud computing” can be defined differently depending on the point of view, the National Institute of Standards and Technology (NIST) published a generally applicable definition for cloud computing in 2011, which met and unites the different definition approaches with widespread acceptance. [1] The NIST listed the following essential characteristics for cloud computing:

  1. Self-allocation of services from the cloud by the user(s), which should be available when required
  2. Services from the cloud can be accessed via standard mechanisms via the network
  3. Computing power, network, storage or other resources are shared between different parties
  4. Virtual resources scale quickly and (from the user’s point of view) indefinitely. They can also be automatically adapted to changes in the load.
  5. The use of resources can be measured and thus monitored, for example for billing or automatic scaling.

A Cloud infrastructure offers companies many advantages compared to the classic, local IT infrastructure

Cloud computing enables companies to outsource the operation of servers and IT environments

Cloud computing enables companies to outsource data storage, applications or IT infrastructures and, under certain circumstances, supersedes the operation of their own servers and IT environments. [5] This shifts the investments for software or server infrastructures, for example, to the cloud service provider for a performance-based fee. These cloud-based IT solutions allow companies to design their processes more efficiently and save costs, as they only pay after the duration of the use of the cloud service. Classic, local resources such as software and hardware can be saved in this way. [6][7]

Cloud services are scalable, more available, easier to maintain and improve the productivity of companies

For the user, cloud computing offers the following advantages over a purely local IT system: [8][9]

  • Scalability: i.e. IT infrastructure can be provided and enlarged / reduced in next to no time in the event of strongly fluctuating demand, as any number of servers can be offered by third parties (the cloud provider). [11]
  • Relocation of know-how: Less IT knowledge is required because the cloud providers set up and maintain the infrastructure.
  • Global access: Users have access to the systems using a web browser regardless of their location or the devices they are using. (For example, home office is possible)
  • Maintainability: The maintenance of cloud computing applications is easier as they do not have to be installed on each user’s computer.
  • Multitenancy: The resources and costs can be divided among a large user pool. This enables the centralization of the IT infrastructure at locations with low costs such as low real estate prices for server centers, electricity, etc.
  • Increased efficiency: The utilization and efficiency of systems, which are often only 10-20% loaded, can be improved. [12],[13]
  • Productivity Increase: Productivity can be increased if multiple users can work on the same data at the same time instead of waiting for it to be saved and emailed. Time can be saved by eliminating the need to re-enter information when fields match, and eliminating the need for users to install application software upgrades on their computers. [14]
  • Availability: Availability is improved by using multiple redundant locations, making well-designed cloud computing suitable for business continuity and disaster recovery. [15]

Many measures such as data encryption or identity management increase the security of a cloud [5]

Many companies have concerns about possible cloud providers and therefore avoid migrating business-critical data to the cloud or using cloud-based software, mainly for fear of downtime, loss of control and data. .[16] The topic of security (for example against hacker attacks) and data protection is a central concern of many users. Important measures must be taken to ensure the security of a cloud:

  • Physically secure the data center (e.g. access control by authorized personnel, etc.)
  • Secure the server
  • Secure network structures and access
  • Secure platform and applications
  • Secure data through encryption
  • Secure identity management
  • The secure management of keys and access IDs
  • The protection of data during processing, which must then be available as clear text

Data protection in a public or hybrid cloud is the responsibility of the provider

Data protection is an important issue, especially in a public cloud or in a hybrid cloud, where the data is outside the control of the data owner. There is often a risk that insufficient or incomplete data will be deleted. Because the storage locations cannot be localized for the user, a user cannot fully understand the deletion. Even after termination of a cloud service, a user must trust that the provider will reliably delete data. [5]

The use of cloud services by different users harbors the risk that a lack of separation of customer data allows unauthorized persons to view or even manipulate the data of third parties, since the data is not physically but virtually separated. [5]

Many companies such as banks, health and insurance companies are subject to strict legal regulations and compliance requirements. Cloud services are sometimes very opaque about the storage location and the flow of data. There is therefore a high risk for companies and banks that these requirements cannot be complied with. If the cloud service provider hires subcontractors for certain services, the situation becomes even less transparent. The insolvency of the cloud service provider also entails incalculable risks for a user. [5],[17]

Measures for a secure cloud

Cloud security is very complex and includes both technical and procedural measures as well as contractual regulations. Technical measures include, for example: [5],[18] [19]

  1. The encryption of the communication connections by, for example, SSL / TLS encryption
  2. Protected and encrypted data storage, for example using homomorphic encryption1 [1] or the sealed cloud approach.[2].
  3. Securing the cloud components (physical access control)
  4. User and administrator authentication (e.g. through identity and access management and multi-factor authentication)
  5. Monitoring for the early detection of security-relevant incidents and malfunctions through intrusion detection systems
  6. Service level agreements (SLA) oblige the cloud service provider to comply with data protection regulations and the corresponding emergency and recovery processes by defining response times, recovery times and escalation levels in the event of disruptions.
  7. “Confidential Computing” in the “trusted execution environment” – a protected CPU enclave – enables data to be protected during processing, which is then available unencrypted as plain text.

[1] In the cloud, only encrypted data is calculated that can be decrypted in the private sector.

[2] An alternative approach is the concept of the sealed cloud. The key management separates the encryption from the decryption, each using its own key. An orderly backup and subsequent deletion of unencrypted data takes place before an administrator has access to the memory, for example for maintenance purposes.

Conclusion

Cloud computing opens up new possibilities for companies to develop new business models and more efficient design of work processes and the resulting cost savings. If a company decides to take the step to cloud-based services, risks such as downtime, loss of control and data as well as security against hacker attacks and data protection must be analyzed. There are many procedural, contractual and technical security measures that can be taken to make the infrastructure used as secure as possible.

References

[1] P. Mell; T. Grance (September 2011). The NIST Definition of Cloud Computing (Technical report). National Institute of Standards and Technology: U.S. Department of Commerce. doi:10.6028/NIST.SP.800-145. Special publication 800-145.

[2] N. F. Mendoza, “Top cloud trends for 2021: Forrester predicts spike in cloud-native tech, public cloud, and more.” 2020. https://www.techrepublic.com/article/top-cloud-trends-for-2021-forrester-predicts-spike-in-cloud-native-tech-public-cloud-and-more/, visited 22.02.2021

[3] M. Tremmel, “IT Sicherheit bleibt nach der Coronapandemie grossen Problem”, 2021. https://www.golem.de/news/amazon-technikchef-it-sicherheit-bleibt-nach-der-coronapandemie-grosses-problem-2102-154372.html, visited 22.02.2021

[4] D. Srocke, F. Karlstet, „Definition: IT-Infrastruktur für Cloud Computing – Was ist eine Cloud-Infrastruktur?”, 2018. https://www.cloudcomputing-insider.de/was-ist-eine-cloud-infrastruktur-a-732116/, visited 23.02.2021

[5] S. Luber, F. Karlstetter, „Definition: Cloud-Sicherheit – Was ist Cloud Security?”, 2017. https://www.cloudcomputing-insider.de/was-ist-cloud-security-a-637124/, visited 23.02.2021.

[6] Computerwoche, 2020. https://www.computerwoche.de/a/wie-sie-eine-plattform-fuer-innovation-aufbauen,3549887, visited 22.02.2021

[7] C. Arthur: Government to set up own cloud computing system. In: The Guardian. 27. Januar 2010. https://www.theguardian.com/technology/2010/jan/27/cloud-computing-government-uk, visited 23.02.2021

[8] F. Gens,” Defining “Cloud Services” and “Cloud Computing”, 2008. https://web.archive.org/web/20100722074526/http://blogs.idc.com/ie/?p=190, visited 23.02.2021

[9] E. Witmer-Gossner, „Wie Banken die Hürden nehmen und Chancen nutzen”, 2021. https://www.cloudcomputing-insider.de/wie-banken-die-huerden-nehmen-und-chancen-nutzen-a-1000230/, visited 24.02.2021

[10] M. Hompel, M.-B. Meinhardt, T. Lippmann, „Cloud Computing für Logistik. Akzeptanz zur Nutzungsbereitschaft der Logistics Mall bei Anwendern und Anbietern“. Fraunhofer Verlag, Stuttgart 2011, ISBN 978-3-8396-0220-1, S. 125

[11] Bloomberg, “Jeff Bezos’ Risky Bet”, 2006. https://www.bloomberg.com/news/articles/2006-11-12/jeff-bezos-risky-bet, visited 23.02.2021.

[12] S. He,L. Guo, Y. Guo, M. Ghanem, 2012. „Improving Resource Utilisation in the Cloud Environment Using Multivariate Probabilistic Models.“ 2012 IEEE 5th International Conference on Cloud Computing (CLOUD). pp. 574–581. doi:10.1109/CLOUD.2012.66ISBN 978-1-4673-2892-0S2CID 15374752.

[13] H. Smith, 2013. „Xero For Dummies.“ John Wiley & Sons. pp. 37–. ISBN 978-1-118-57252-8.

[14] R. King, 2008. “Cloud Computing: Small Companies Take Flight”. Bloomberg BusinessWeek.

[15] E. Witmer-Goßner, 2020. „Drei Viertel deutscher Unternehmen sind in der Cloud.https://www.cloudcomputing-insider.de/drei-viertel-deutscher-unternehmen-sind-in-der-cloud-a-942169/, visited 22.02.2021

[16] Stiftung Warentest, 2019, https://www.test.de/Cloud-Dienste-im-Test-5463650-0/, visited 22.02.2021

[17] D. Smith, 2009. „Google plans to make PCs history.https://www.theguardian.com/technology/2009/jan/25/google-drive-gdrive-internet, visited 23.02.2021

[18] E. Witmer-Gosser, „Confidential Computing – lieber auf Nummer sicher gehen”, 2021. https://www.cloudcomputing-insider.de/confidential-computing-lieber-auf-nummer-sicher-gehen-a-998725/, visited 24.02.2021

OUR SERVICES

The increase in the use of technology in all areas of life has also led to a sharp increase in cyber crime. In Industry 4.0 you work in a network and is always available. The data will become part of the core business. In addition to new market opportunities, this change also entails new security risks. Targeted cyber attacks with the goal of getting money or company secrets are increasing rapidly. Akana supports companies and organizations in all industries in implementing a successful IT security strategy. Our experienced consultants also actively support the implementation of IT security measures so that your company is well protected.

INSIGHTS

Element, WhatsApp, Threema, Signal, Telegram, Vibr, Wickr Me and Wire are not rock bands or fashion labels, they are instant messengers that enable the immediate exchange of text, video or voice messages with one or more recipients over the Internet. Thanks to smartphones, these messengers became extremely popular in a private as well as business context, since they allow data sharing in no time. The announcement of WhatsApp at the beginning of this year that the terms of use will be updated, moved data protection and the security of messengers to the fore. But what does this mean for WhatsApp users? How secure are messengers in general? And how are the messages securely stored and transmitted? This article compares four popular messengers – WhatsApp, Threema, Signal, and Telegram – to answer these questions.[1]-[3]

Identity and access management (IAM) is the discipline to enable the right individuals to access the right IT resources, such as systems applications, files, and networks, at the right time for the right reasons. This often needs to be enabled across diverse technologies and the resulting processes must meet the security policies of the organization. The IAM system is a critical part of IT infrastructure of any larger organization.

VIDEO

Our IT security expert Michael Fedier talks about the 7 steps to take your IT security to the next level and how we do IT security consulting at Akana.

Our way of working has been turned upside down by the corona virus. Companies had to offer their employees the opportunity to work from home in the shortest possible time. It was not only a challenge to provide the necessary infrastructure. Not infrequently, the necessary safety precautions were also neglected. Thanks to the home office, productivity can be maintained as much as possible. But the new way of working is susceptible to hackers who want to profit from the current situation.

Two-factor authentication (2FA) –or multi-factor authentication (MFA) in general – has grown in importance in security in recent years. This is about how users (employees and customers) authenticate to systems. Authentication by username and password is called 1FA. However, in order to increase safety, 2FA or MFA has been increasingly used in recent years.

OUR SERVICES
Share with Others
Share on facebook
Share on twitter
Share on linkedin
Share on xing
Share on pinterest
Share on email
Share on print

ALWAYS UP TO DATE

AKANA NEWSLETTER