Future of Cloud Computing in the Military

noodleproudSoftware and s/w Development

Oct 29, 2013 (4 years and 15 days ago)

58 views

1


Jason Kaufman

Dr. Greg Jones

LTEC 4550

12
-
06
-
2010


Future of Cloud Computing in the Military

In

today’s modern information technology (IT)

society
it’s

all about being able to access
computing and storage on demand, and then break it down once the need is exhausted. The latest
advancement and possible f
uture of information technology is the all over the television

with

catchy
buzz
words and cleaver Micr
osoft commercials.
Today

organizations are evaluating how cloud computing can
help streamline their business, lower cost, and deliver services to the user through a flexible, easily
managed infrastructure. So what is cloud computing?
There are many defi
nitions of cloud c
omputing out
there but one of them that seem to represent the most commonly held view is from the National Institute
of Standards (NIST) and seems to be gaining in popularity, not only in the US, but also the rest of the
world as well. C
loud computing is a model for enabling convenient, on
-
demand network access to a
shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and released with minimal manage
ment effort or servi
ce
provider interaction. (Mell). The US government is

researching the potential benefits
of cloud computing
and the possibility of moving from a tradition local area network to a private cloud network or enterprise
network.

The recent

download of highly sensitive military document have made network security the top
priority for the agencies who oversee network security

The purpose of this paper
is to describe the
characteristics of cloud computing network model,
explain how

the cloud
’s scale and flexibility are both
a friend and a foe from a security point of view. This paper

will also allow an

informed assessment of the
security risks and benefits of using cloud
computing.

2


This cloud model is composed of five essential characteristic
s, three service models, and four
deployment models. The National Institute of Standards and Technology, Information Technology
Laboratory describes the essential characteristics as:

On
-
demand self
-
service. A consumer can unilaterally provision computing c
apabilities, such as
server time and network storage, as needed automatically without requiring human interaction with each
service’s provider.

Broad network access. Capabilities are available over the network and accessed through standard
mechanisms that

promote use by heterogeneous thin or thick client platforms (e.g., mobile phones,
laptops, and PDAs).

Resource pooling. The provider’s computing resources are pooled to serve multiple consumers
using a multi
-
tenant model, with different physical and virtu
al resources dynamically assigned and
reassigned according to consumer demand. There is a sense of location independence in that the customer
generally has no control or knowledge over the exact location of the provided resources but may be able
to specify

location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of
resources include storage, processing, memory, network bandwidth, and virtual machines.

Rapid elasticity. Capabilities can be rapidly and elastically provisioned,

in some cases
automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the
capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity
at any time.

Measured Service. Cloud

systems automatically control and optimize resource use by leveraging
a metering capability at some level of abstraction appropriate to the type of service (e.g., storage,
processing, bandwidth, and active user accounts). Resource usage can be monitored,
controlled, and
reported providing transparency for both the provider and consumer of the utilized service.

Service Models:

3


Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the
provider’s applications running on a cloud

infrastructure. The applications are accessible from various
client devices through a thin client interface such as a web browser (e.g., web
-
based email). The
consumer does not manage or control the underlying cloud infrastructure including network, serve
rs,
operating systems, storage, or even individual application capabilities, with the possible exception of
limited user
-
specific application configuration settings.

Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy o
nto the
cloud infrastructure consumer
-
created or acquired applications created using programming languages and
tools supported by the provider. The consumer does not manage or control the underlying cloud
infrastructure including network, servers, operatin
g systems, or storage, but has control over the deployed
applications and possibly application hosting environment configurations.

Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision
processing, storage, networ
ks, and other fundamental computing resources where the consumer is able to
deploy and run arbitrary software, which can include operating systems and applications. The consumer
does not manage or control the underlying cloud infrastructure but has control

over operating
systems;

storage, deployed applications, and possibly limited control of select networking components (e.g., host
firewalls).

Deployment Models:

Private cloud. The cloud infrastructure is operated solely for an organization. It may be manag
ed
by the organization or a third party and may exist on premise or off premise.

Community cloud. The cloud infrastructure is shared by several organizations and supports a
specific community that has shared concerns (e.g., mission, security requirements,
policy, and compliance
considerations). It may be managed by the organizations or a third party and may exist on premise or off
premise.

4


Public cloud. The cloud infrastructure is made available to the general public or a large industry
group and is owned b
y an organization selling cloud services.

Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or
public) that remain unique entities but are bound together by standardized or proprietary technology that
enable
s data and application portability.

National Institute of Standards and Technology (NIST) Definition of Cloud Computing,
http://csrc.nist.gov


Networks are at the heart of the military's ability to operate quickly and
flexibly at the tactical

and
strategic levels. The nations and the series rival know that and consistently target Department of Defense
networks with a wide range of attacks. In an age of sire warfare, the steps to defend military networks are
often the sa
me as those needed to protect systems and other federal government agencies. Network
perimeter security has improved with better firewalls and encryption, but the trends toward cloud
computing poses potential problems that might ne
gate those advances. The
perimeter

is no longer clearly
defined and once that data is sent to the cl
oud where is that data going, and no clear oversight

make it
easier for the data to leave the network without security personnel knowing. As military and civilian and
DOD agency
increasingly embrace wireless devices, they face economic and operational pressure to put
more capabilities into the cloud question is; once the data is in the cloud
, who is

continuously monitoring
the data, and who is controlling access to this data. With

the recent download of sensitive military
documents about the war in Iraq and Afghanistan, one solution is to strengthen and data rights
management. Data rights management has been available for several years now but it's getting your users
to actually us
e it and institutionalize it. If a military service or DOD agency applies data rights
management,

it

is protecting this data once received by a coalition
partner.

This will allow allies to read
information, but it prevents them from copying, pasting or ot
herwise disseminating information without
permission. There are always going to be ways around data rights management, but for the most part, you
can assure data is going to the appropriate individuals.

With government agencies outsourcing services
5


other
risks present themselves. Sensitive data processed outside the enterprise brings with it inherent
level of risk, because outsourced services bypassed the physical, logical and personnel controls.


T
he potential loss of productivity among federal workers
due to outdated equipment
; the
government is in the midst of
structural reforms for IT acquisition and implementation. Among them is a
"cloud
-
first policy," which directs federal agencies to choose "cloud
-
computing" options when feasible.
T
hey hope the pol
icy will encourage a leap forward for federal agencies and give them a chance to finally
get their money's worth from the ever
-
expanding technology industry.

The promise of cloud is it's going
to enable
agencies to

implement technologies at a lower cost,
much faster, and where you don't have to
turn every single technology implementation into a multibillion
-
dollar custom project
. T
he potential cloud
computing benefits identified by the government is
;

dedicated security teams, greater infrastructure
securit
y, and reduction in certification and accreditation activities, simplifying compliance analysis, low
-
cost disaster recovery and rapid reconstitution of services. Proponents of cloud computing believe that
data is generally more secure in the cloud than in

traditional servers because of the centralization. Also

so
feel with a more centralized form of cloud computing would allow tighter security protocols and
oversight of the data being stored and transferred.

As the U.S. government readily embraces open sou
rce software and the feds increasingly adopt
cloud computing, many are questioning how these two trends are destined to intersect in government IT.

Federal CIO Vivek Kundra told the House Committee on Oversight and Government Reform that the
administratio
n is making it a point to take a "deliberate approach" to cloud computing, beginning over the
past year with working groups, summits, and establishment of a program management office and some
pilot efforts
.
(Hoover)


Government agencies are starting to thi
nk long and hard about the policies,
practices and preconceived notions surrounding these solutions. Although

government and industry
representatives still debate cloud
computing

risks, its potential user benefits are hard to ignore. These
include increa
sing a network’s speed and agility; lowering its ownership, operating and maintenance
costs; and simultaneously improving network security, privacy and confidentiality for people who use
that network. In terms of cost benefits alone, the U.S. government re
cently estimated that cloud
6


computing could save the federal enterprise billions of dollars each year. For its part, some in industry see
cloud computing as an opportunity to accelerate government transform
ation and transparency
if the risks
can be mitigat
ed.




















7


General Services Administration, Federal Cloud Computing Services, Cloud FAQ,
https://apps.gov/cloud/advantage/information/page.do



National Institute of Standards and Technology (NIST) Definition of Cloud Computing,
http://csrc.nist.gov/groups/SNS/cloud
-
computing/




Hoover, J. Nicholos. 01 July 2010. Web.

<http://www.information
week.com/news/government/cloud

saas/showArticle.jhtml?articleID=225702093>.



Spinola
, Maria. "The Five Characteristics of Cloud Computing." Cloud Computing Journal. 09 Sept.
2009. Web. 04 Dec. 2010. <http://cloudcomputing.sys
-
con.com/node/1087426>.