Welcome!

@CloudExpo Authors: Liz McMillan, Pat Romanski, Mehdi Daoudi, Elizabeth White, Rene Buest

Related Topics: @CloudExpo, Containers Expo Blog

@CloudExpo: Article

Virtualization and the Cloud Computing Ecosystem

A look at the impact of virtualization on Cloud Computing

Last week at the 7th International Cloud Expo in Santa Clara, I sat on a panel discussing virtualization and the cloud. As a follow on to my contribution, it is my intention to expand on the position of virtualization and the cloud ecosystem.

It is generally accepted that the concept of cloud computing or, at least the amalgamation of services that infer the cloud ecosystem, lends to the premise of improvements in managing deployed services. This due to an assumed increase in efficiencies resulting from the sharing of hardware resources at one end of the spectrum.

According to NIST[1] There are five essential characteristics of Cloud Computing viz:

1) On-demand self-service 2) Broad network access 3) Resource pooling 4) Rapid elasticity 5) Measured Service

Of these cloud-computing attributes, virtualization can be said to possess all except the ability to implement services through the utilization of Internet Technologies[2]

It is a known fact that the dynamic consolidation of application workloads through virtualization will increase server utilization. This in turn will reduce demands on power and system resources, especially within large-scale server clusters deployment that can support cloud based application services.

As we know, with any system the surface area an attacker can target for attack increases with the introduction of a virtualization layer. This in turn will increase the vulnerability factor of the system for, in addition to the guest operating system being at risk, the hypervisor and VMM will also be prone to attack.

For clarification any virtualized system will include a new layer of software - the virtual machine monitor(VMM).Within the virtualized environment, current virtualization research assuming that the virtualized environment (VMM) has knowledge of the software being virtualized (the guest OS) however there is no verification of whether the memory layout of the running VM matches the symbol tables[3]

This can cause a problem especially with the increase of "intelligent malware systems" and the potential for false positives or worse yet no alarms or responses that will ensure cause for concern. In turn such a weakness can extend into the cloud ecosystem with the potential for malicious outcomes.

Worth mention at this juncture is research completed by Steinberg and Kauer [4] and their secure virtualization hardware: NOVA.

NOVA takes an extreme microkernel-like approach to virtualization by moving most functionality to user level. Because our entire system adheres to the principle of least privilege, we achieve a trusted computing base that is at least an order of magnitude smaller than that of other full virtualization environments.[4]

We all need to bear in mind that in today's rapidly evolving technology ecosystem, cost savings in any environment only goes so far to keep an enterprise competitive. Thus virtualization whilst important in any IT environment, is not the only path to cloud computing.

An argument to support a cloud computing ecosystem that minimises virtualized arguments can be drawn from a study conducted by Wang and Ng [5] which stated that "unstable network characteristics are caused by virtualization and processor sharing on server hosts."

In this climate, what virtualization can accomplish for any enterprise, after the realization of server virtualization cost savings is capped (savings from capital and power expenses, server sprawl reduction,utilization rates); will be to provide that most strategic path to a cloud computing build-out - be it a private or public cloud ecosystem for an enterprise.

So with the importance of virtualization within, as well as its impact on cloud computing, can we mitigate these security concerns as more enterprises move toward cloud adoption?

Cloud computing incorporates different dimensions of implementation as it can traverse a path beyond that driven solely by server virtualization. For instance some cloud services can be obtained at various levels within the IT stack, e.g. SaaS. So then, how do we ramp up and mitigate or manage risk that will arise in these settings?

This can lead one to consider the point that for cloud-computing, "security applies to two layers in the software stack." [3]

According to Yuecel Karabulut, [6] cloud security architectures,need to be designed on the premise that this ecosystem is dynamic, he stated that "as new threats emerge, code considered secure today may not be secure tomorrow."

Regardless of platform infrastructure, Karabulut went on to say that "the cloud still runs pieces of software;therefore a good start toward security within the cloud ecosystem, is to work on ensuring that software security is aligned to a defined SDLC process and that this process is adhered to from requirements analysis to testing."[6]

He further postulated that encryption within the cloud can improve trust and security parameters. A cloud vendor managing a customers encrypted data will only have access to metadata (data about data) and not the customers encrypted content.

This can lead to a win-win situation for both vendors and customers as this will encourage scalability from no need for specialised software, there will be a reduction in processor load, and users will be freed from knowing the identities, and by extension the public keys, of individuals authorised for access.

As cloud computing incorporates aspects of web-services; another direction "can be to understand the attack surfaces of Cloud applications and systems and reduce" [6] or remove if possible vectors to known attack paths that will affect any one web-service and by extension a cloud-computing service.

In closing I wanted to touch on another study I recently reviewed. The researchers introduced "a new architecture for secure introspection the aim of which was to integrate discovery and integrity measurement of code and data starting from hardware state." [3] One purpose of this architecture was "to address both the semantic gap present in virtual -machine introspection and the information gap specific to cloud computing" [3]

Integrity Discovery System using Secure Introspection

 

Source :Cloud Security is Not (Just) Virtualization Security pg 99 [3]

This system in a nutshell proposed to integrate aspects of virtualization, secure introspection, known security metrics, known risks and flaws within the environment, as well as those that can potentially exist within the cloud-computing ecosystem.

In essense researchers Christodorescu, Sailer, Schales, Sgandurra and Zamboni has proposed an architecture which has the potential to mitigate and/or manage risk in a dynamic and responsive manner within the cloud-computing environment.... as one of its functions.

References

[1] csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc

[2] http://en.wikibooks.org/wiki/Internet_Technologies

[3] Cloud Security is Not (Just) Virtualization Security ACM 978-1-60558-784-4/09/11

[4]Steinberg, Kauer April '10: NOVA: A Micro-Hypervisor based Secure Virtualization Architecture

[5] Wang, Ng:The Impact of Virtualization on Network Performance of Amazon EC2 Data Center,5-10

[6] Yuecel Karabulut - Chief Security Advisor & Head of Security Strategy, SAP: 7th International Cloud Expo Santa Clara Ca. Nov 10

More Stories By Jon Shende

Jon RG Shende is an executive with over 18 years of industry experience. He commenced his career, in the medical arena, then moved into the Oil and Gas environment where he was introduced to SCADA and network technologies,also becoming certified in Industrial Pump and Valve repairs. Jon gained global experience over his career working within several verticals to include pharma, medical sales and marketing services as well as within the technology services environment, eventually becoming the youngest VP of an international enterprise. He is a graduate of the University of Oxford, holds a Masters certificate in Business Administration, as well as an MSc in IT Security, specializing in Computer Crime and Forensics with a thesis on security in the Cloud. Jon, well versed with the technology startup and mid sized venture ecosystems, has contributed at the C and Senior Director level for former clients. As an IT Security Executive, Jon has experience with Virtualization,Strategy, Governance,Risk Management, Continuity and Compliance. He was an early adopter of web-services, web-based tools and successfully beta tested a remote assistance and support software for a major telecom. Within the realm of sales, marketing and business development, Jon earned commendations for turnaround strategies within the services and pharma industry. For one pharma contract he was responsibe for bringing low performing districts up to number 1 rankings for consecutive quarters; as well as outperforming quotas from 125% up to 314%. Part of this was achieved by working closely with sales and marketing teams to ensure message and product placement were on point. Professionally he is a Fellow of the BCS Chartered Institute for IT, an HITRUST Certified CSF Practitioner and holds the CITP and CRISC certifications.Jon Shende currently works as a Senior Director for a CSP. A recognised thought Leader, Jon has been invited to speak for the SANs Institute, has spoken at Cloud Expo in New York as well as sat on a panel at Cloud Expo Santa Clara, and has been an Ernst and Young CPE conference speaker. His personal blog is located at http://jonshende.blogspot.com/view/magazine "We are what we repeatedly do. Excellence, therefore, is not an act, but a habit."

@CloudExpo Stories
"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Enterprise architects are increasingly adopting multi-cloud strategies as they seek to utilize existing data center assets, leverage the advantages of cloud computing and avoid cloud vendor lock-in. This requires a globally aware traffic management strategy that can monitor infrastructure health across data centers and end-user experience globally, while responding to control changes and system specification at the speed of today’s DevOps teams. In his session at 20th Cloud Expo, Josh Gray, Chie...
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. Jack Norris reviews best practices to show how companies develop, deploy, and dynamically update these applications and how this data-first...
Intelligent Automation is now one of the key business imperatives for CIOs and CISOs impacting all areas of business today. In his session at 21st Cloud Expo, Brian Boeggeman, VP Alliances & Partnerships at Ayehu, will talk about how business value is created and delivered through intelligent automation to today’s enterprises. The open ecosystem platform approach toward Intelligent Automation that Ayehu delivers to the market is core to enabling the creation of the self-driving enterprise.
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined with the world-class security that we put into the cloud," explained Lisa Guess, VP of Systems Engineering at Juniper Networks, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
As more and more companies are making the shift from on-premises to public cloud, the standard approach to DevOps is evolving. From encryption, compliance and regulations like GDPR, security in the cloud has become a hot topic. Many DevOps-focused companies have hired dedicated staff to fulfill these requirements, often creating further siloes, complexity and cost. This session aims to highlight existing DevOps cultural approaches, tooling and how security can be wrapped in every facet of the bu...
Historically, some banking activities such as trading have been relying heavily on analytics and cutting edge algorithmic tools. The coming of age of powerful data analytics solutions combined with the development of intelligent algorithms have created new opportunities for financial institutions. In his session at 20th Cloud Expo, Sebastien Meunier, Head of Digital for North America at Chappuis Halder & Co., discussed how these tools can be leveraged to develop a lasting competitive advantage ...
Connecting to major cloud service providers is becoming central to doing business. But your cloud provider’s performance is only as good as your connectivity solution. Massive Networks will place you in the driver's seat by exposing how you can extend your LAN from any location to include any cloud platform through an advanced high-performance connection that is secure and dedicated to your business-critical data. In his session at 21st Cloud Expo, Paul Mako, CEO & CIO of Massive Networks, wil...
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta Chakraborty, Chief Customer Officer at Ayasdi, will provide a tactical framework to become a truly intelligent enterprise, including how to identify the right applications for AI, how to build a Center of Excellence to ...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
SYS-CON Events announced today that CAST Software will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CAST was founded more than 25 years ago to make the invisible visible. Built around the idea that even the best analytics on the market still leave blind spots for technical teams looking to deliver better software and prevent outages, CAST provides the software intelligence that matter ...
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution and join Akvelon expert and IoT industry leader, Sergey Grebnov, in his session at @ThingsExpo, for an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
Because IoT devices are deployed in mission-critical environments more than ever before, it’s increasingly imperative they be truly smart. IoT sensors simply stockpiling data isn’t useful. IoT must be artificially and naturally intelligent in order to provide more value In his session at @ThingsExpo, John Crupi, Vice President and Engineering System Architect at Greenwave Systems, will discuss how IoT artificial intelligence (AI) can be carried out via edge analytics and machine learning techn...
As businesses adopt functionalities in cloud computing, it’s imperative that IT operations consistently ensure cloud systems work correctly – all of the time, and to their best capabilities. In his session at @BigDataExpo, Bernd Harzog, CEO and founder of OpsDataStore, presented an industry answer to the common question, “Are you running IT operations as efficiently and as cost effectively as you need to?” He then expounded on the industry issues he frequently came up against as an analyst, and ...
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
FinTechs use the cloud to operate at the speed and scale of digital financial activity, but are often hindered by the complexity of managing security and compliance in the cloud. In his session at 20th Cloud Expo, Sesh Murthy, co-founder and CTO of Cloud Raxak, showed how proactive and automated cloud security enables FinTechs to leverage the cloud to achieve their business goals. Through business-driven cloud security, FinTechs can speed time-to-market, diminish risk and costs, maintain continu...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
SYS-CON Events announced today that Pulzze Systems will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Pulzze Systems Inc, provides the software product "The Interactor" that uniquely simplifies building IoT, Web and Smart Enterprise Solutions. It is a Silicon Valley startup funded by US government agencies, NSF and DHS to bring innovative solutions to market.