User:Ekellum66866/sandbox

Cloud Computing refers to the leveraging someone else’s hardware/software and services in order to complete a business task: is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). The name comes from the use of a cloud-shaped symbol as an abstraction for the complex infrastructure it contains in system diagrams. Cloud computing entrusts remote services with a user's data, software and computation. Cloud computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the data centers that provide those services. The type of services range from adaptations of familiar tools to address customers' various needs, ranging from scientific research to e-commerce. Commercial and individual cloud computing services are already available from Amazon, Yahoo, Salesforce, Desktop Two, Zimdesk, and Sun Secure Global Desktop, while Google's efforts in cloud computing have attracted a great deal of interest Delaney and Vara. Institutions can pay some Cloud Service Providers a usage fee and get the functionality of a system without having to own it; there is no need to buy hardware and software licenses and pay for maintenance.

==History==

The idea of an "intergalactic computer network" was introduced in the sixties, who were responsible for enabling the development of ARPANET (Advanced Research Projects Agency Network) in 1969. His vision was for everyone on the globe to be interconnected and accessing programs and data at any site, from anywhere, explained Margaret Lewis, product marketing director at AMD. "It is a vision that sounds a lot like what we are calling cloud computing." Other experts attribute the cloud concept to computer scientist John McCarthy who proposed the idea of computation being delivered as a public utility, similar to the service bureaus which date back to the sixties. Since the sixties, cloud computing has developed along a number of lines, with Web 2.0 being the most recent evolution. However, since the internet only started to offer significant bandwidth in the nineties, cloud computing for the masses has been something of a late developer. One of the first milestones for cloud computing was the arrival of Salesforce.com in 1999, which pioneered the concept of delivering enterprise applications via a simple website. The services firm paved the way for both specialist and mainstream software firms to deliver applications over the internet. The next development was Amazon Web Services in 2002, which provided a suite of cloud-based services including storage, computation and even human intelligence through the Amazon Mechanical Turk. Then in 2006, Amazon launched its Elastic Compute cloud (EC2) as a commercial web service that allows small companies and individuals to rent computers on which to run their own computer applications.

Types of Cloud computing
It is important to know the three different service models. An organization or consumer does not need to own servers, hardware, or network capacity to op500erate the necessary service. A client, such as a university or an individual consumer, would access the infrastructure and pay on a per-access basis. Examples are Amazon's EC2 and GoGrid.
 * IaaS (Infrastructure as a Service) in this model, the customer buys computing capacity and maintains responsibility for the operating system, application software and database.


 * PaaS (Platform as a Service) the organization or individual does not need to own the operating system or necessary supporting software to use the application. Rather, operating systems and associated services are delivered over the Internet without downloads or installation. Examples are Google App Engine and Heroku. In this arrangement, “platform as a service,” the customer no longer is responsible for updating and maintaining the operating system, but still provides the application software. This arrangement allows the customer to focus scarce IT resources on critical applications rather than on data center operations or network operating systems

In this software distribution model, applications are provided by the cloud service host and made accessible via the Internet. An example in higher education would be providing access to Gmail, instead of having a university email system for students.
 * SaaS (Software as a Service) the third model involves a turnkey solution. The service provider supplies everything except the data. The arrangement is referred to as “software as a service.” Software as a service is attractive to companies that wish to focus valuable resources on core business needs rather than on IT infrastructure. While this is the most expensive of the three, significant savings can be realized by eliminating the need for a large IT staff.

Advantages
Cloud computing, which is sometimes referred to as utility computing, has several advantages: a) Users tap into this utility, just as we tap into the electrical grid. b) There are cost savings. Information technology (IT) departments can meet user demands without worrying about capital expenses (servers), software licensing, and the labor involved in upgrading and maintaining software. c) Scalability allows for an IT department to provide users with access to services when they need them and use them. (Often IT departments get requests for expensive computational software products, with no way to predict actual usage; the licensing agreement and supporting staff may be under- or over utilized.) d) The metrics of pay as you grow provide valuable data to examine usage. e) A user can access services from multiple devices, anytime and anywhere. The cloud model offers a much cheaper way to acquire and use IT services; this is quite beneficial especially for educational institutions in these days of appalling economic crunch. Users pay only for what they use, as they do with electricity or water. This paradigm has also been referred to as "utility computing," in which computing capacity is treated like any other metered utility service - one pays only for what one uses. Users can reach into the cloud for resources as they need from anywhere at any time. For this reason, cloud computing has also been described as "on-demand computing."

Security
End User Security Issues End Users need to access resources within the cloud and may bear in mind of access agreements like acceptable use or conflict of interest. The client organization have some mechanism to find vulnerable code or protocols at entry points like servers, firewalls, or mobile devices and upload patches on the native systems as soon as they are found. The cloud should secure from any user with malicious intent that will conceive to gain access to information or pa3.

Security-as-a- service In Cloud environment the security provided by customers using cloud services and the cloud service providers (CSPs).Security-as-a-service is a security provided as cloud services and it can provided in two methods: In first method anyone can changing their delivery methods to include cloud services comprises established information security vendors. The second method Cloud Service Providers are providing security only as a cloud service with information security companies. Browser Security In a Cloud environment, remote servers are used for computation. The client nodes are used for input/output operations only, and for authorization and authentication of information to the Cloud. A standard Web browser is platform in-dependent client software useful for all users throughout the world. This can be categorized into different types: Software-as-a-Service (SaaS), Web applications, or Web 2.0. TLS is used for data encryption and host authentication The Legacy Same Origin Policy is the insertion of scripting languages into Web pages for access rights for scripts. In is to allow access read or write operations the same origin on content, to disallow but from the different origin any access on content. Origin means a “the same application”, it can be defined with domain name, protocol, port in a web. But some problems with the SOP, but it could be solved with “origin” definition. In the case of WWW it’s not working properly. Security requirements for to protect both data during transport, And to authenticate the server’s domain name in Web applications is TLS. Attacks on Browser-based Cloud Authentication are one of the security problems with browser-based protocols in Cloud Computing and it is not capable to generate cryptographically valid XML tokens. So, it can possible with a trusted third party. Login is not possible at a server due to the fewer credentials in browser, So HTTP forward it to the Passport login server. After entering username and password from user, then the Passport server convert this authentication into a Kerberos token, it can redirected to the requesting server from other HTTP redirect. Kerberos tokens are not clear to the browser is the security problem with Passport, and it protected by the SOP. But any attacker can access those tokens then he accesses all services of the victim. Secure Browser-based Authentication is the situation is not suggested, but we can perform for better results by combined SOP and TLS for secure FIM protocols. In Cloud Computing by using TLS Browser Enhancements are very limited in an authentication center. It is not possible for XML Signature, the browser can be added many Web Service functionalities by simply loading an appropriate JavaScript library during runtime. So, the browser security API can be adding the enhancements XML Encryption and XML Signature. Authentication In the cloud environment, the primary basis for access control is user authentication and access control are more important than ever since the cloud and all of its data are accessible to all over the Internet. Trusted Platform Module (TPM) is a widely available and stronger authentication than username and passwords. Trusted Computing Groups (TCG’s) is IF-MAP standard about authorized users and other security issue in real-time communication between the cloud provider and the customer. When a user is reassigned or fired, the customer’s uniqueness management system can report the cloud provider in real-time so that the user’s cloud access can be revoked or modified within seconds. In cloud any fired user is logged, they can be immediately disconnected. Trusted Computing enables authentication of client nodes and other devices for improving the security in cloud computing. The frequently targeted attack is authentication in hosted and virtual services. The secure mechanisms are used to the authentication process for frequency up a service. But where does security fit into all this? Security analysts and practitioners generally say proceed, but proceed with caution. All the risks to sensitive corporate data associated with outsourcing apply to cloud computing, and then some. Enforcing security policy and meeting compliance requirements are tough enough when you deal with third parties and their known or unknown subcontractors, especially on a global scale. Add the blurry characteristics of the cloud and the entry of non-traditional vendors into the technology market, and some red flags go up.

Privacy
Privacy is the one of the Security issue in cloud computing. Personal information regulations vary across the world and number of restrictions placed by number of countries whether it stored outside of the country. For a cloud service provider, in every jurisdiction a single level of service that is acceptable. Based on contractual commitments data can store within specific countries for privacy regulations, but this is difficult to verify. In Private and confidential customer data fast rising for the consequences and potential costs of mistakes for companies that handle. But professionals develop the security services and the cloud service privacy practices. An effective assessment strategy must cover data protection, compliance, privacy, identity management, secure operations, and other related security and legal issues.

Top 10 Obstacles
Availabiltiy/Business Continuity Data lock-In Data Confidentiality and Auditability Data Transfer Botttlenecks Performance Unpredictability Scalable Storage Bugs in Large Distributed Systems Scaling Quickly Reputation Fate Sharing Software Licensing

Companies
Amazon Yahoo Salesforce Desktop Two Zimdesk Sun Secure Global Desktop Google

Resources and References
[1] Meiko Jensen, Jörg Schwenk, Nils Gruschka, Luigi Lo Iacono, “On Technical Security Issues in Cloud Computing”, 2009 IEEE International Conference on Cloud Computing [2] Michael Gregg, “10 Security Concerns for Cloud Computing”, Expert Reference Series of White Papers, Global Knowledge, 2010 [3] “IBM Point of View: Security and Cloud Computing”, Cloud computing White paper November, 2009. [4] Stephen C. Hawald, Cloud Computing with Software as a Service (SaaS): How It Is Changing the Business and Organization Today, IT Today [5] “Security and high availability in cloud computing environments”, IBM Global Technology Services Technical White Paper, IBM, June 2011 [6] Dan Sullivan, “The Definitive Guide to Cloud Computing”, Realtime Publishers [7] “Cloud Computing and Security –.A Natural Match”, Trusted Computing Group, April 2010. [8] Ronald L. Krutz, Russell Dean Vines “Cloud Security a Comprehensive Guide to Secure Cloud Computing”, Wiley Publishing, Inc., 2010 [9] Tim Mather, Subra Kumaraswamy, Shahed Latif “Cloud Security and Privacy”, O’Reilly Media, 2009 [10] John W. Rittinghouse, James F. Ransome “Cloud Computing: Implementation, Management, and Security”, CRC Press, 2009. [11] K. Thirupathi Rao et al., “High Level Architecture to Provide Cloud Services Using Green Datacenter”, in Advances in Wireless and Mobile Communications (AWMC) Volume 3 Number 2, pp 109-119, Research India Publication ISSN 0973-6972 (2010). [12] V. Krishna Reddy, B. Thirumal Rao, Dr. L.S.S. Reddy, P.Sai Kiran “Research Issues in Cloud Computing “ Global Journal of Computer Science and Technology, Volume 11, Issue 11, July 2011. [13] Bellevue University Library [14] Sans Institute.org [15] Microsoft.com [16] Technet.com [17] Safenet-Inc.com [18] Oracle.com [19] Microsoft.com [20] infoworld.com [21] Cisco.com