Abstract

The popularity of public cloud services continues to grow with Gartner predicting the total worldwide revenue to almost double from $145 billion in 2017 to $278 billion in 20211 . Many cloud service types are components of this growth including Software-as-a-Service (SAAS), Platform-as-a-Service (PAAS) and Infrastructure-as-a-Service (IAAS). The use of cloud services brings many possible benefits such as scalability, high performance and availability, flexibility, cost effectiveness and security 2 . However; each of these benefits comes with some responsibilities and requires a detailed knowledge of the specific cloud services used. For example, in Amazon Web Services (AWS) shared responsibility model for security, AWS is responsible for securing the facilities, physical security of hardware, network infrastructure, and the virtualization infrastructure. The cloud service customer is responsible for securing and managing the applications that run in the cloud, the operating systems, data-at-rest, data-in-transit, policies and other responsibilities. This paper works through several different use cases and provides the details for properly securing the services with which Army Research Laboratory (ARL) researchers interact. The use cases include sample configurations and descriptions required to fulfill the customer security responsibilities in a public cloud environment. Cloud services used include AWS Elastic Computer Cloud (EC2) Windows and Linux instances, Relational Database Services (RDS), Simple Cloud Storage Service (S3), Glacier S3 Storage, and DynamoDB. Challenges and approaches associated with delegating temporary security credentials, Identity and Access Management (IAM) service, and securing data-at-rest and data-in-transit will also be discussed.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call