Securing Business IT on the Cloud
In this chapter, the author examines the various approaches taken by the popular cloud providers Amazon Web Services (AWS), Google App Engine (GAE), and Windows Azure (Azure) to secure the cloud. AWS offers Infrastructure as a Service model, GAE is representative of the Software as a Service, and Azure represents the Platform as a Service model. Irrespective of the model, a cloud provider offers a variety of services from a simple large-scale storage service to a complete infrastructure for supporting the operations of a modern business. The author discusses some of the security aspects that a cloud customer must be aware of in selecting a cloud service provider for their needs. This discussion includes the major threats posed by multi-tenancy in the cloud. Another important aspect to consider in the security context is machine virtualization. Securing these services involves a whole range of measures from access-point protection at the client end to securing virtual co-tenants on the same physical machine hosted by a cloud. In this chapter, the author highlights the major offerings of the three cloud service providers mentioned above. She discusses the details of some important security challenges and solutions and illustrates them using screen shots of representative security configurations.