• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Cloud   »   Defining the Cloud

Defining the Cloud

  • Posted on:September 13, 2009
  • Posted in:Cloud
  • Posted by:
    Dave Asprey
0

Cloud computing is the buzzword in the computing industry, but it can mean many things to many people.  Trend Micro is challenged to use a common vocabulary to describe the various facets of cloud computing.  This post articulates the various aspects of cloud computing so we can speak a similar language.  It is intended to be more pragmatic than doctrinaire and express what we see customers saying in their conversations around cloud computing and the different cloud formations.

Lots of smart people have started looking at cloud computing security and the ways in which we consume cloud computing.  The delivery models shown below, along with a working cloud definition, are elegantly described in a presentation (http://csrc.nist.gov/groups/SMA/ispab/documents/minutes/2008-12/cloud-computing-standards_ISPAB-Dec2008_P-Mell.pdf ) authored by Peter Mell and Tim Grance from the US National Institutes of Standards & Technology Information Technology Lab (www.nist.gov) .

public cloud computing delivery model

Software as a Service (SaaS) refers to internet-based access to applications (examples:  Salesforce.com, Trend Micro HouseCall).

Platform as a Service (PaaS) refers to services to deploy customer-created applications to the cloud (examples: Google AppEngine and Microsoft Azure).

Infrastructure as a Service (IaaS), sometimes called “utility computing,” refers to renting processing, storage, network and other resources (examples: Amazon’s EC2, Rackspace, and GoGrid). The consumer does not manage the underlying cloud infrastructure, but does control the operating systems, storage, networking, deployed applications and select network components (firewall).

There are others ways to gaze at clouds, and organizations such as the Jericho Forum (http://www.opengroup.org/jericho/ ) (associated with the Open Group, disclaimer: Trend Micro is a member of the Jericho Forum) have created a definition of cloud computing and the Jericho Cloud Cube model that define various cloud formations and their characteristics. 

CloudCubeModel.Jericho

The Jericho Forum is also an affiliate member of the  Cloud Security Alliance (CSA), which published “Security Guidance for Critical Areas of Focus in Cloud Computing” (http://www.cloudsecurityalliance.org/guidance/csaguide.pdf , disclaimer: Trend Micro is a member of the CSA). The CSA document might lack pretty pictures, but provides a nice overview and summary of 15 different security domains critical to operating in public cloud environments.

We did some customer surveys recently and found that what the cloud cognoscenti refer to as SaaS is called “hosted” by a plurality of IT professionals.  While the terminology is in flux and will evolve over time, having a mental framework and common vocabulary helps to better communicate cloud concepts.  It enables us to mentally map cloud-based or hosted security (can be SaaS offerings), cloud protection (protecting SaaS/PaaS/IaaS infrastructure), hosting (can be a form of SaaS/IaaS), and come to terms with things like cloud-client architectures (a hybrid with some SaaS/PaaS/IaaS services in the cloud combined with client software).  I’m a marketing guy who communicates ideas for a living, and sharing the above vocabulary with my colleagues allows us to have clear conversations with a minimum of puzzled looks.

Cloud computing implies a number of changes for how IT does IT as businesses consider moving sensitive applications into the cloud.  The threats will change and how the security industry responds to those threats will make for interesting times. Stay tuned for postings as I dig into some of the security impacts of public cloud computing.

Related posts:

  1. OpenPaas and CloudBees: Java in the Cloud
  2. What is really driving the massive growth of cloud computing?
  3. PaaS and The Dark Side
  4. Managing the Sensible Move to the Cloud

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • New Report: Top Three Ways to Drive Boardroom Engagement around Cybersecurity Strategy
  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.