Cl

oudComput
ing–I
I

UNI
T–I
I–Ri
skofCl
oudComput
ingandRel
atedCost
:

Ri
skAssessment&Management
:-
Cloudcomput i
ngisr ecogni
zedasthemostpr omisi
ngcomput ingpar
adi
gm ofthelastseveralyear
s.
Actual
ly,alotofCl oudcomputingmodelshav eari
sen,eachoneof f
eri
ngdif
ferentchar
acteri
sti
csor
servi
ces,atdi
ff
erentdegreesoff
lexi
bil
i
tyandi
nvolvi
ngdist
inctr
isks.
Giv
ent hefactthatCloudcomputi
ngencompassesnewt echnologi
essuchasvir
tuali
zat
ion,t
hereareboth
newr i
skstobedet erminedandoldri
skstober e-eval
uated.Accordi
ngtother
iskmanagementst andard
oftheInsti
tut
eofRi skManagement(I
RM)ar i
skcanbedef i
nedas2t hecombi
nationoftheprobabi
li
tyof
anev entanditsconsequencesIngeneral,i
nal lty
pesofbusi nessesther
eareev ent
swhi chrepr
esent
opportuni
ti
esforbenef i
tort
hreat
stosuccess,i
.e.posi
tiv
eandnegat iv
easpect
sofr i
sks,r
especti
vel
y.
Thus,andi ncontrastt
otr
adi
ti
onalr
iskav
oidancest
rat
egi
es,accept
ingsomer
isksl
eadst
oobt
ain
remarkabl
ebenefi
ts.
TheRi
skManagementi
sthepr
ocesswher
ebyor
gani
zat
ionst
reat
,inamet
hodi
cal
way
,ri
sksr
elat
ed
wit
hthei
ract
ivi
ti
es.Themai
ngoali
stoobt
ainbenef
it
sandsust
ainabl
eval
ueswi
thi
neachact
ivi
tyand
acr
ossal
loft
hem.
Act uall
y ,i
tisaf undament alpartofanyorganizat
ion’
sstrat
egicmanagement .Enteri
ngindet ai
li
nitscore
subpr ocess,i .
e.ri
skassessment ,t
herearethreeprimarymet hodsaccordi
ngt o:quali
tati
ve,whi
chuses
simpl ecal culati
onsandt husitisnotneededt odeterminethenumer icalvalueofal lassetsatri
skand
threatf requencies;quant i
tati
ve,whichassignsnumer i
calval
uest obot himpactandl ikel
ihoodofri
sks;
semi -quant i
tati
ve(orhy brid)
,whichislessnumerical
lyi
ntensi
vet hanquanti
tat i
vemet hodsandclassif
ies
(pri
or i
tizes)risksaccordingt oconsequencesandf or
eseenprobabili
ti
es.
Ri
skmanagementi
ncl
oudi
nvol
vest
hef
oll
owi
ngt
asks
•r
iski
dent
if
icat
ion
•r
iskanal
ysi
sandev
aluat
ion
•sel
ect
ionofcount
ermeasur
es
•depl
oymentofsui
tabl
ecount
ermeasur
es
•cont
inuousmoni
tor
ingt
oassessef
fect
ivenessoft
hesol
uti
on

Whati
sVendor-Lock–I
n?
Vendorl ock-
inisasit
uationinwhi chacustomerusi ngapr oductorser
vicecannoteasil
y
tr
ansi
tiont o acompet i
tor’
spr oductorservice.Vendorl ock-i
nisusuallyther esul
tof
propr
ietarytechnol
ogi
est hatareincompati
blewi ththoseofcompet i
tor
s.Howev er,i
tcan
al
sobecausedbyi nef
fi
cientprocessesorcontractconstr
aint
s,amongotherthi
ngs.

Vendorl
ock-
inr
efer
stoasi
tuat
ionwher
ethecostofswi
tchi
ngt
oadi
ff
erentv
endori
ssohi
ght
hatt
he
cust
omeri
sessent
ial
l
yst
uckwi
tht
heor
igi
nalv
endor
.Becauseoff
inanci
alpr
essur
es,ani
nsuf
fi
cient
wor
kfor
ce,ort
heneedt
oav
oidi
nter
rupt
ionst
obusi
nessoper
ati
ons,t
hecust
omeri
s"l
ockedi
n"t
owhat
maybeani
nfer
iorpr
oductorser
vice.
I
magi
neanof
fi
cehascof
feebr
oughti
nbyacof
feev
endor
,andt
hisv
endorr
equi
resspeci
fi
ccof
fee
machi
nesi
ntheof
fi
cet
hatonl
ythev
endorsel
l
s.Nowi
magi
net
her
eisast
eepdecl
i
nei
nthequal
i
tyoft
he
cof
feet
hatt
hisv
endordel
i
ver
s.Swi
tchi
ngt
oanew cof
feev
endorwoul
dmeant
heol
dmachi
nest
hey
pur
chasedbecomeusel
ess,ast
heswi
tchl
i
kel
yrequi
rest
hepur
chaseofnewcof
fee-
maki
ngequi
pment
.
Gi
vent
hehassl
eandaddedexpenseofr
epl
aci
ngev
erycof
feemachi
ne,t
hewor
ker
sint
heof
fi
cewoul
d
beef
fect
ivel
ylockedi
ntot
hei
ragr
eementwi
tht
hei
rol
dvendorandf
orcedt
odr
inki
nfer
iorcof
fee.

Ar
eal
-wor
ldexampl
eofv
endorl
ock-
ini
sthewayAppl
elockedconsumer
sint
ousi
ngi
Tunesi
ntheear
ly
day
soft
heser
vice,becausemusi
cpur
chased v
iai
Tunescoul
d onl
ybepl
ayed wi
thi
nthei
Tunes
appl
i
cat
ionoronani
Pod.

Whati
svendorl
ock-
ini
ncl
oudcomput
ing?

I
ncl
oudcomput
ing,someamountofsof
twar
eorcomput
ingi
nfr
ast
ruct
urei
sout
sour
cedt
oacl
oud
v
endor
,whi
chof
fer
sitasaser
viceanddel
i
ver
sitov
ert
heI
nter
net
.Fori
nst
ance,cl
oud-
host
edser
ver
s
ar
eInf
rast
ruct
ure-
as-
a-Ser
vice(
IaaS)
,andcl
oud-
host
edappl
i
cat
ionsar
eSof
twar
e-as-
a-Ser
vice(
SaaS)
.

Somet
imes,acompanymayf
indt
hemsel
vesl
ockedi
ntoacer
tai
ncl
oudpr
ovi
der
.Vendorl
ock-
incan
becomeani
ssuei
ncl
oudcomput
ingbecausei
tisv
erydi
ff
icul
ttomov
edat
abasesoncet
heyar
esetup,
especi
all
yinacl
oudmi
grat
ion,whi
chi
nvol
vesmov
ingdat
atoat
otal
l
ydi
ff
erentt
ypeofenv
ironmentand
mayi
nvol
ver
efor
mat
ti
ngt
hedat
a.Al
so,onceat
hir
dpar
ty'
ssof
twar
eisi
ncor
por
atedi
ntoabusi
ness'
s
pr
ocesses,
thebusi
nessmaybecomedependentupont
hatsof
twar
e.

Whyi
svendorl
ock-
inaconcer
n?
Anumberofci
rcumst
ancescannegat
ivel
yimpactabusi
nessi
ftheyar
elockedi
nwi
thacer
tai
ncl
oud
v
endor
:

 I
fav
endor
'squal
i
tyofser
vicedecl
i
nes,ornev
ermeet
sadesi
redt
hreshol
dtobegi
nwi
th,t
he
cl
i
entwi
l
lbest
uckwi
thi
t

 Thev
endormayal
sodr
ast
ical
l
ychanget
hei
rpr
oductof
fer
ingsi
nsuchawayt
hatt
heyno
l
ongermeetabusi
ness'
sneeds

 Av
endormaygooutofbusi
nessal
toget
her
  Fi
nal
l
y,av
endormayi
mposemassi
vepr
icei
ncr
easesf
ort
heser
vice,knowi
ngt
hatt
hei
r
cl
i
ent
sar
elockedi
n

Ov
eral
l
,handi
ngof
ffoundat
ional
,busi
ness-
cri
ti
calt
echnol
ogyt
oanext
ernalv
endori
snoteasyf
orany
company
,andi
trequi
resal
argedegr
eeoft
rusti
nthev
endor
.

Howcancompani
esav
oidt
her
isksofv
endorl
ock-
i
n?
 Ev
aluat
ecl
oudser
vicescar
eful
ly
:Compani
esshoul
dthor
oughl
yresear
chacl
oudv
endor
bef
oret
heymakeacommi
tment
,ideal
l
ywi
thapr
oofofconceptdepl
oymentt
omakesur
e
t
hatt
hei
rlev
elofser
vicei
ssuf
fi
cient
.

 Ensur
edat
acanbemov
edeasi
ly
:Compani
esusi
ngcl
oudcomput
ingshoul
dmakeanef
for
t
t
okeept
hei
rdat
apor
tabl
e,oreasyt
omov
efr
om oneenv
ironmentt
oanot
her
.Theycan
par
ti
all
ydot
hisbycl
ear
lydef
ini
ngt
hei
rdat
amodel
sandkeepi
ngdat
ainf
ormat
sthatar
e
usabl
eacr
ossav
ari
etyofpl
atf
orms,
rat
hert
hanf
ormat
sthatar
especi
fi
ctoagi
venv
endor
.

 Backups:Keepi
ngi
nter
nalbackupsofal
ldat
ahel
psabusi
nessst
ayr
eadyt
ohostt
hedat
a
el
sewher
eifi
tist
oodi
ff
icul
tort
imeconsumi
ngt
oext
racti
tfr
om cl
oudser
vice(
aswel
las
pr
ovi
dingsomepr
otect
ionf
rom r
ansomwar
e).

 Mul
ti
-cl
oud orhy
bri
d cl
oud st
rat
egy
:Amul
ti
-cl
oudappr
oach i
ncor
por
ates mul
ti
ple cl
oud
pr
ovi
der
s,r
educi
ngdependenceonanysi
ngl
evendor
.Inahy
bri
dcl
oud,
somedat
awi
l
lremai
n
wi
thi
nanor
gani
zat
ion'
sdi
rectcont
rol
,ei
theri
napr
ivat
ecl
oudorst
oredon-
premi
se.

Ri
skofLossofCont
rolov
erI
TSer
vicesi
nCl
oudComput
ing

Her
ear
ethet
opcl
oudcomput
ingr
iskswei
dent
if
ied:
 #1.Unaut
hor
izedaccesst
ocust
omerandbusi
nessdat
a.
 #2.Secur
it
yri
sksatt
hev
endor
.
 #3.Compl
i
anceandl
egal
risks.
 #4.Ri
sksr
elat
edt
olackofcont
rol
.
 #5.Av
ail
abi
l
ityr
isks.

What
’sMul
ti
-t
enancySecur
it
y?
Mul
ti
-t
enancysecur
it
yref
erst
odat
asaf
etyorpr
ivacyoft
enant
s’dat
ainamul
ti
-
 t
enancyenv
ironment
.

Thebi
ggestdr
ivi
ngf
orceofmul
ti
-t
enancyhost
ingi
sef
fi
ciencyandl
owmai
ntenance
cost
,whi
l
ethef
ir
str
iskt
hatcomest
omi
ndwhensomeonebr
oachesupt
hei
deai
s
secur
it
y.

Of
fer
ingdozensorhundr
edsoft
enant
saccesst
othesameappl
i
cat
ionordat
abase
ot
hert
enant
sar
eusi
ngr
aisest
hepossi
bil
i
tyofoneoft
hem usi
ngsomeoneel
se’
s
dat
aei
therbymal
i
ceoracci
dent
.

Thi
smakessecur
it
yapr
imar
yconcer
ninmul
ti
-t
enancy
.Inr
ecentt
imes,t
her
ehas
beenaf
undament
alshi
fti
nhowSaaSv
endor
spr
otectt
hei
rtenant
s’dat
a.St
il
l,
many
cust
omer
sdon’
tunder
standort
rustsomeoft
hesechanges.

Asal
eadi
ngbusi
nessi
ntel
l
igencepl
atf
orm wi
thmanyy
ear
sofexper
iencei
nthe
i
ndust
ry,wecamet
oreal
i
zet
hatt
enant
soper
ati
ngi
nacl
oud-
basedmul
ti
-t
enant
env
ironment hav
e many secur
it
y concer
ns r
elat
ed t
o t
he pr
otect
ion and
conf
ident
ial
i
tyofsensi
ti
vedat
a.

Mul
ti
-t
enantPr
ivacyandSecur
it
yRi
sks
We’
ve out
li
ned sev
eralpr
ivacyand secur
it
yri
sks associ
ated wi
th mul
ti
-t
enant
host
ingt
hatneedst
obeadequat
elyaddr
essed:

 Ri
skGov
ernance:I
namul
ti
-t
enancycl
ouddepl
oyment
,tenant
scedecont
rolt
othe
SaaSv
endorov
eral
lthei
ssuest
heysuspectmayaf
fectt
hei
rpr
ivacyandsecur
it
y.
Butwhent
hev
endor
’sagr
eementf
ail
stoof
feracommi
tmentt
oresol
vesal
lthese
i
ssues,
thatcanbet
ransl
atedt
omeangapsi
nthei
rsecur
it
ydef
enses.
 Responsi
bil
it
yAmbi
gui
ty:Responsi
bil
i
tiesov
ercer
tai
naspect
sofpr
ivacymaybe
shar
edbet
weent
het
enantandSaaSv
endor
.Howev
er,
thatposest
her
iskofsome
v
italor
gansoft
hedef
ensesbei
ngl
eftunguar
ded,whi
chdr
awsmor
ehol
esi
nthei
r
secur
it
ydef
enses.
 I
sol
ati
onFai
lur
e:Mul
ti
-t
enancyi
snow t
hedef
ini
ngchar
act
eri
sti
cofpubl
i
c-cl
oud
depl
oyment
.It
’sal
soassoci
atedwi
tht
hef
ail
ureoft
hemechani
sm i
sol
ati
ngt
he
 usageofr
out
ing,
stor
age,
memor
y,andt
her
eput
ati
onbet
weent
enant
s.
 Secur
it
yInci
dent
s:Thedet
ect
ionandr
epor
ti
ngofsecur
it
ybr
eachesar
eof
ten
del
egat
edt
otheSaaSv
endor
.Buti
t’
sthet
enantt
hatf
eel
sthei
mpact
.It
’st
her
efor
e
cr
it
icalt
hatnot
if
icat
ionr
ulesbenegot
iat
edi
nthecont
ractt
opr
otectt
hecust
omer
f
rom bei
ngcaughtunawar
eincaseofunexpect
eddel
ays.
 Dat
aPr
otect
ion:Onemaj
orconcer
nassoci
atedwi
thmul
ti
-t
enanthost
ingi
sthe
r
eleaseorexposur
eofsensi
ti
veorper
sonaldat
a,t
heunav
ail
abi
l
ityorl
ossoft
he
dat
a,ort
heov
er-
ret
ent
ionoft
hedat
aincaseat
enantdeci
dest
oter
minat
ethe
ser
vice.Moni
tor
ingt
hedat
ahandl
i
ngpr
ocessesandpr
act
icesmaybedi
ff
icul
tfor
t
hev
endor
.
 Mal
ici
ous Behav
iorofOt
herTenant
s oran I
nsi
der
:The damagescaused by
anot
hert
enanti
ntheshar
edenv
ironmentorani
nsi
derwor
kingwi
tht
heSaaS
or
gani
zat
ionmaybesubst
ant
ial
,especi
all
ysobecauseoft
heaut
hor
izat
iont
hey
hol
d.

Ser
vicel
evel
agr
eement
sinCl
oudComput
ing
AServiceLevelAgreement(SLA)isthebondf ortheperf
ormanceoft henegotiat
ionbetweena
cl
oudser v
iceprovi
derandacl i
ent
.Earl
ier
,incloudcomputing,al
lservi
celev
elagreement swere
negoti
atedbetweenacust omerandaser vi
ceconsumer .Withtheintr
oducti
onofl argeuti
l
iti
es
suchascl oudcomput ingprovi
ders,mostser vi
celevelagreementsarestandar di
zeduntila
cust
omerbecomesal ar
geconsumerofcl oudservi
ces.Ser v
icelevelagreementsar ealso
defi
nedatdiff
erentlev
els,whi
charementionedbelow:

o Cust
omer
-basedSLA
o Ser
vice-
basedSLA
o Mul
ti
lev
elSLA

Someser vi
celevelagreementsareenf
orceableascont r
acts,butmostareagr
eement
sor
contract
st hataremor einlinewithanoper at
inglevelagr
eement(OLA)andmaynotbe
constrai
nedbyl aw.It'
sokayt ohavealawy errev
iew documentsbefor
emakinganymajor
sett
lementwi thacl oudservicepr
ovi
der.Servi
cel ev
elagreementsusual
l
yspecif
ycert
ain
parameters,whi
charement i
onedbel
ow:

o Av
ail
abi
l
ityoft
heSer
vice(
upt
ime)
o Lat
encyort
her
esponset
ime
o Ser
vicecomponent
srel
i
abi
l
ity
o Eachpar
tyaccount
abi
l
ity
 o War
rant
ies

I
facloudserv
iceproviderfai
lstomeetthespeci
fi
edtar
getsofthemini
mum,theprovi
derwill
hav
etopayapenal t
yt othecloudser
viceconsumeraspertheagreement
.So,serv
icelev
el
agr
eementsar
elikeinsurancepol
ici
esi
nwhichthecor
porat
ionhastopayaspert
heagreement
i
fanacci
dentoccurs.

Micr
osoftpubli
shes ser
v i
ce lev
elagreements associ
ated wit
h Windows Azure pl
atf
orm
component
s,demonstrat
ingindustr
ypract
iceforcl
oudser vi
cevendor
s.Eachcomponenthas
i
tsownservicel
evelcont
racts.Thetwomaj orSer
viceLevelAgr
eements(SLAs)ar
edescri
bed
bel
ow:

Wi
ndowsAzur
eSLA-
WindowsAzur ehassepar at
eSLAsf orcomputingandst orage.ForComput e,i
tisguarant
eed
thatwhenacl ientdepl oystwoormor er
olei
nst ancestodiff
erentf aul
tandupgradedomains,
theclient
'sInternet-faci
ngr ol
eswillhaveext
ernalconnectivi
tyatl east99.
95% oftheti
me.In
additi
on,allr
olei nstancesoft hecl
ientar
emoni tored,
and99. 9%oft hetimeiti
sguarant
eedto
detectwhent her oleinstance'
sprocessdoesnotr unandstart
spr operly
.

SQLAzur
eSLA-
TheSQLAzur ecli
entwi
l
lhaveconnecti
vi
t ybetweenthedatabaseofSQLAzur
eandtheInter
net
Gateway.SQLAzur ewi
l
lhandlea" monthlyavai
labi
li
ty"of99.9%wit
hinamonth.Themonthly
avai
labi
l
ityrat
ioforaparti
cul
artenantdat abaseisther ati
oofthet i
methedatabasewas
avai
labl
etocustomerst
othetotal
timeinamont h.

Timeismeasuredi
ninter
val
sofaf
ewminutesi
na30-daymonthl
ycycl
e.I
fSQLAzur
eGateway
rej
ectsattemptst
o connectt
othecust
omer'sdat
abase,partofthe t
ime i
sunav
ail
abl
e.
Avail
abi
l
ityisal
way
sremunerat
edf
oraf
ull
month.

Servi
celevelagreementsarebasedontheusagemodel .Oft
en,cl
oudprovider
schar
get
hei
rpay
-per
-useresourcesatapr emium andenf
orcestandar dserv
icelevelcontr
act
sforj
ustthat
purpose.Customerscanal sosubscri
betodif
fer
enttiersthatguarant
eeaccesstoaspecif
ic
amountofpur chasedresources.

Servi
celevelagreements(SLAs)associ
atedwi
thsubscr
ipti
onsof t
enofferdif
fer
entter
msand
condit
ions.Ift
hecl i
entrequi
resaccesstoapart
icul
arlevelofresour
ces,thecli
entneedsto
subscri
bet oaser v
ice.Ausagemodelmaynotpr ov
idethatlev
elofaccessunderpeakl oad
condit
ion

Cloudinf
rast
ruct
urecanspangeographi
es,net
works,andsyst
emsthatarebothphysicaland
vir
tual
.Whil
etheexactmet
ri
csofcloudSLAscanvarybyserv
icepr
ovi
der,
theareascoveredare
thesame:

o Vol
umeandqual
i
tyofwor
k(i
ncl
udi
ngpr
eci
sionandaccur
acy
);
o Speed;
 o Responsi
veness;
and
o Ef
fi
ciency
.

Thepur poseoft heSLA documenti stoestabli

shamut ualunderst
andi
ngoft heservi
ces,
priori
tyar eas,responsibil
i
ties,guarant
ees and warrant
ies.Itclearl
youtli
nes metr
ics and
responsibili
ti
esbetweent heparti
esinvolv
edincloudconfi
gurati
on,suchasthespeci
fi
camount
ofr esponsetimetor eportoraddresssystem f
ail
ures.

Thei
mpor
tanceofacl
oudSLA
Serv i
ce-levelagr
eement sar efundament alasmoreorganizat
ionsrelyonexter
nalprovi
der
sf or
cri
ticalsy stems,applicat
ionsanddat a.CloudSLAsensur ethatcloudprovi
dersmeetcertain
enter pr
ise-l
evelr
equirement sandpr ovi
decustomerswithaclearl
ydef i
nedsetofdeli
ver
abl
es.It
al
sodescr i
besfinancialpenal
ties,suchascr edi
tforserv
icetime,iftheprovi
derfai
lstomeet
guar anteedconditi
ons.

Whati
sCl
oudMal
war
e?
Cl
oudsecur
it
yiscompl
ex.Whi
lecl
oudpr
ovi
der
staker
esponsi
bil
it
yfor
secur
it
yoft
hei
nfr
ast
ruct
uret
heymanage,
clouduser
sar
eresponsi
ble
f
orconf
igur
ingcl
oudsecur
it
ycor
rect
ly,
andsecur
ingt
hei
rappl
icat
ions
andwor
kloads.
Mi
sconf
igur
ati
onandl
ackofsecur
it
yatt
heappl
icat
ionl
evelcanl
ead
t
omanysecur
it
yissues,
andoneoft
hemostsev
erei
smal
war
e
i
nfect
ioni
nyourcl
oudcomput
ingenv
ironment
.
Mal
war
eint
hecl
oudi
sar
elat
ivel
ynewphenomenon,
but
cy
ber
cri
minal
squi
ckl
yreal
izedt
hatcl
oudsy
stemsar
eani
dealmedi
a
f
orspr
eadi
ngmal
war
e.Cl
oud-
basedsy
stemsar
e:
 Ty
pical
lyopent
otheI
nter
net
.
 St
andar
dizedandeasyt
olear
nforanat
tacker
.
 Composedofal
argenumberofent
it
ies,
li
kev
irt
ualmachi
nes
(
VMs)
,cont
ainer
sorst
oragebucket
s,eachofwhi
chcanbea
weakl
inkf
orat
tacker
stoexpl
oit
.
TheRi
seofCl
oudMal
war
e
St
udi
esshowt
hatnear
ly90%ofor
gani
zat
ionsar
emor
eli
kel
yto
exper
iencedat
abr
eachesascl
oudusagei
ncr
eases.Justl
ikei
nthe
t
radi
ti
onaldat
acent
er,
manyoft
hesebr
eachesar
eper
for
medwi
tht
he
assi
stanceofmal
war
e.Cl
oudadopt
ionandt
her
isksassoci
atedwi
thi
t
ar
emor
ecommont
hanev
er,
andsocl
oudsecur
it
yisbecomi
ngcr
it
ical
f
oranyor
gani
zat
ion.
Accor
dingt
oasur
veybyNet
skope,
busi
nessesuseanav
erageof
1,
181cl
oudser
vices,
but92.
7%oft
hem ar
enotsecur
edornotr
eady
f
orent
erpr
iseneeds.Mal
war
eoncl
oudsy
stemscansur
viv
esy
stem
cl
eanups,
canspr
eadt
ocol
labor
ator
sonacl
oudsy
stem,
whet
hert
hey
ar
eempl
oyees,
par
tner
sorcont
ract
ors,
andcant
hreat
ensensi
ti
vedat
a
st
oresconnect
edt
othei
nfect
edsy
stem.

5Ty
pesofCl
oudMal
war
eAt
tacks
Her
ear
esev
eralcommonat
tackst
hati
nvol
vet
heuseofcl
oud
mal
war
e.
DDoSAt
tacks

Lar
ge-
scal
ebot
net
s,composedofmi
ll
ionsofcompr
omi
seddev
ices,
ar
ebecomi
ngwi
del
yav
ail
abl
etoat
tacker
s.Thr
eatact
orsar
eof
fer
ing
bot
net
sasaser
vicef
orl
owpr
ices,
lower
ingt
hebar
ri
erofent
ryt
o
any
onewhowant
stowageaDDoSat
tack.
I
nthecl
oud,
aDDoSat
tackagai
nsty
ouror
gani
zat
ionoranyofy
our
“
nei
ghbour
s”i
nthepubl
iccl
oudcanaf
fectt
heent
ir
e“nei
ghbor
hood”
,
andt
heunder
lyi
ngcl
oudi
nfr
ast
ruct
ure.I
naddi
ti
on,
ther
eisaconst
ant
r
iskt
hatunat
tendedVMsorcont
ainer
swi
llbecompr
omi
sedby
at
tacker
s,andy
ourcl
oudcomput
ingr
esour
ceswi
llbeusedf
orcr
imi
nal
act
ivi
ty.
Hy
per
cal
lAt
tacks

I
nahy
per
cal
lat
tack,
anat
tackercompr
omi
sesanor
gani
zat
ion’
sVMs
usi
ngt
hehy
per
cal
lhandl
er.Thi
sispar
toft
hev
irt
ualmachi
nemanager
(
VMM)
,depl
oyedonev
erycl
oudmachi
nei
nser
vicesl
ikeAmazonEC2.
Theat
tackgr
ant
sat
tacker
saccesst
oVMM per
missi
ons,
andi
nsome
casesl
etst
hem execut
emal
ici
ouscodeont
heVM.
Hy
per
visorDoS

Ahy
per
visorat
tacki
sanat
tacki
nwhi
chanat
tackerexpl
oit
sthe
hy
per
visor
,whi
chcont
rol
smul
ti
pleVMsonav
irt
ualhost
.Whent
he
hy
per
visori
sinf
ect
ed,
mal
war
ecanaf
fectanyoft
heVMsr
unni
ngon
t
hehost
.
Onepossi
bleconsequenceofani
nfect
edhy
per
visori
sthatv
irt
ual
machi
ner
esour
ceusagei
ncr
eases,
resul
ti
ngi
ndeni
alofser
vicet
othe
ent
ir
ehostorev
enmul
ti
plehost
s.Becausehost
sar
ety
pical
ly
i
nter
connect
ed,
anddonotal
way
srequi
reaut
hent
icat
iont
o
connect
ionsf
rom anot
herhost
,theycaneasi
lyi
nfectot
herhost
s,
maki
ngt
hepr
obl
em muchmor
eser
ious.
Hy
per
jacki
ng

Ahy
per
jacki
ngat
tacki
sanat
temptbyanat
tackert
otakecont
rolof
t
hehy
per
visor
,usi
ngar
oot
kiti
nst
all
edonav
irt
ualmachi
ne.I
fthe
at
tackeri
ssuccessf
ul,
theygai
naccesst
otheent
ir
ehost
,andar
eabl
e
t
omodi
fyt
hebehav
iorofv
irt
ualmachi
nes,
causedamaget
orunni
ng
VMs,
andev
enr
unnewVMsf
ormal
ici
ousact
ivi
ty.
Expl
oit
ingLi
veMi
grat
ion

At
tacker
shav
elear
nedt
hatmi
grat
iont
othecl
oudorbet
weencl
ouds
r
epr
esent
samaj
oroppor
tuni
ty.Whent
heor
gani
zat
ionper
for
msan
aut
omat
edl
iv
emi
grat
ion,
att
acker
scancompr
omi
set
hecl
oud
managementsy
stem,
andmani
pul
atei
tinsev
eralway
s:
 Cr
eat
emul
ti
plef
akemi
grat
ions,
whi
chbecomesaDoSat
tack
 Mi
grat
eresour
cest
oav
irt
ualnet
wor
korcl
oudsubscr
ipt
ion
undert
heat
tacker
’scont
rol
 Makechangest
omi
grat
edsy
stemst
omaket
hem v
ulner
abl
eto
f
utur
eat
tacks

3Way
stoKeepsy
ourCl
oudMal
war
e-Fr
ee
Her
ear
esev
eralway
syoucanhel
pkeepcl
oudsy
stemscl
ean.
1)
Empl
oyeeEducat
ion

Manycl
oudmal
war
einci
dent
sar
ear
esul
tofi
nsuf
fi
cientawar
enessof
r
iskbyoper
ator
sandadmi
nist
rat
ors.Ext
ensi
vet
rai
ningcani
ncr
ease
awar
enessofcommonsecur
it
yri
sksandt
eachcor
rectbehav
ior
.
Ther
efor
e,empl
oyeesr
esponsi
blef
orcl
oudsy
stemsshoul
dpar
ti
cipat
e
i
nregul
art
rai
ningsessi
onsoncl
oudsecur
it
y,net
wor
ksecur
it
yand
ent
erpr
iseappl
icat
ionmanagement
.
Whensecur
it
ybecomespar
toft
hecor
por
atecul
tur
e,andempl
oyees
ar
einf
ormedoft
hel
atestcl
oudsecur
it
yri
sks,
ther
eisamuchl
ower
chancef
orcar
elessnessornegl
igence.
2)
Str
engt
henAccessCont
rol

Tr
adi
ti
onalsecur
it
ypr
act
icesar
enotenought
opr
eventcl
oud-
based
at
tacks.I
nthecl
oud,
secur
it
yshoul
dbebasedona“
zer
otr
ust
”model
.
Thi
smeanst
heor
gani
zat
ionassumesabr
eachandsecur
esal
laccess
t
ocl
oudsy
stems,
whet
herbyuser
sorf
rom ot
heri
ntegr
atedsy
stems.
 Mul
ti
-f
act
oraut
hent
icat
ion—hel
pspr
eventaccountt
akeov
er,
by
r
equi
ri
ngatl
eastt
woaut
hent
icat
ionmet
hods,
oneofwhi
chmust
bephy
sical
lypossessedbyt
heuser
.
 Leastpr
ivi
lege—bot
huser
sandi
ntegr
atedsy
stemsshoul
donl
y
hav
eaccesst
oresour
cest
heyr
eal
lyneed,
andshoul
dhav
ethe
exactl
evelofper
missi
ont
heyr
equi
ref
ort
hei
rrol
e.

3)
Cont
aint
heSpreadofVi
ruseswi
thUser
Segment
ati
on

Anef
fect
ivewayt
ocont
aint
hespr
eadofmal
war
eint
hecl
oudi
stouse
net
wor
ksegment
ati
on.Thi
sli
mit
smal
ici
oussof
twar
eort
hreatact
ors
t
oasmal
lsegmentoft
henet
wor
k.I
fnet
wor
ksegment
ati
oni
snot
i
mpl
ement
ed,
simpl
eact
ionsl
ikesy
nchr
oni
zingofcl
oudappl
icat
ion
f
older
swi
llupl
oadmal
war
etocl
oudst
orageandexposei
ttoal
luser
s
accessi
ngt
hesameappl
icat
ion.
Howev
er,
segment
ati
oni
snotper
fect
—at
tacker
scanbr
eaknet
wor
k
segment
ati
onusi
ngat
echni
quecal
led“
cloudhoppi
ng”
—lev
eragi
ng
t
hei
raccesst
oacl
oudappl
icat
iont
otakecont
rolofot
heruser
account
s,whomayhav
eaccesst
oot
hersegment
soft
henet
wor
k.
Ri
skWi
thAppl
icat
ionLi
cenci
ngi
nCl
oudComput
ing:

Mov i
ng y ourinfr
astruct
uret ot he Cloud has undeni
able busi
ness
adv antages;r
educti
oni nITcostandcompl exit
y,andtheabi
li
tytoadapt
tobusi nesschangeseaml essly,t
onamebutaf ew.Howev er
,theshif
tto
thecl oudhashi ghli
ghtedaneedt opayat t
enti
ont ohow wemeasur e
andmanageoursof twarelicenseassetsbefore,dur
ingandaf t
erthe
transit
ion.

Ther earenumer ouschall

engesfrom anenter
prisel
icenseperspect
ive
that should not be i gnored as many or gani
sations t
oday can
unintent
ionall
ycreat
ecompl i
anceproblemsthatmaynotbedi scover
ed
untilmuchf ur
therdownt heprojecttimel
i
ne– wor st-
casescenari
o,
duringav endoraudi
t.

I
tisimpor
tanttorememberthatli
censedeployment
s,t
erms,r
ules,and
pol
i
cieswil
lchangeforyouron-
premisesenter
pri
sesof
twarewheny ou
movetothecloud.Thi
spostoutli
nesjustsomeofthescenar
iostobe
onthel
ookoutfor
:

1.Hy
bri
dEnv
ironment
s

Ami xt
ur eofon- premi sesandpubl i
ccloudi nf
rastr
uct ur
ei sacommon
scenari
oandcanof tenoccurduringami grat
ionpr ocess( e.g.par
all
el
runni
ng),forDi sast erRecovery(DR)orbackupsand ar chi vi
ng.Itis
i
mpor t
antt or emembert hat,ifnotcar eful
lyplanned and managed,
i
ssuescanar isei nhy bridenvi
ronmentsthatcouldr esultinlicensenon-
complianceandpot entialv
endorfi
nes.

2.VendorBehav
iour

Dependingony ourenterpr
isev endorandt hecloudplatf
ormy ouar e
mov i
ng to,you maybe subj ectt o an appr
oach byy ourvendort o
underst
andfull
ywhaty ouaredoing,howandwhen.Thi st ypeofpr
oject
(l
ikeanychangetoy ourenvir
onment )canalsotr
iggeravendorauditat
anyti
me, sobepreparedandaudi tr
eady.

3.Scal
abi
li
ty
Oneoft hemaj orbenefi
tsofswi t
chingt othecl oudi sthatitisscal able
bynature.Thi
sal l
owsy out ofl
excloudr esourcest ofulfi
lani ncreasei n
demandorr eactswi f
tl
yt obusinessi nf
rastructur
echange–t her ecent
COVID-19 cri
sis would be an exampl e oft his.Wi th an increase i n
demand,y oumustconsi derthecloudr esour cesy oudepl oyandhow
theyaffectbot hyourbudgetand y ourlicensecompl ianceposi ti
on:
l
icensesaretypical
lynotscalabl
eint hesamewayasy ourinfrastructure
andcloudresources.

4.Gl
obalDi
str
ibut
ion

Anot hersel l
i
ngpoi ntofcloudinfrastructureist hatiti
sdi stri
but edby
nature.Cl oudpr oviderssuchasAWSorAzur eenabl eorganisationsto
easilylaunchr esourcesacrosst hegl obe.Thi sallowsbusi nessest o
deli
v erf astand r eli
abl
e servi
ce t ot hei
rcust omersr egardless of
geogr aphy .Compl ianceandr egulatorypr oblemscanar iseify ouar e
uncer t
ainofy ourlegalandcontractualobligationswhenitcomest othe
storageandt ransferofdat aandusi ngl icensedappl i
cati
onsacr oss
i
nternat i
onal borders.

5.ShadowI
T

Ast hecl oudhasbecomemor epersuasive,enduser shav eatt hei

r
di
sposablenumer ouscl oudser vi
cestoaddr essav ariet
yofbusi nes
acti
vit
ies.Easeofsetupmeanst hatenduser scannow i mplement
manycl oudser vi
ceswi t
houtsuppor tfrom theI Tfuncti
on.Thesenew
l
evelsofempower mentcr eatebothfi
nancialandsecurit
yr i
sks.Havi
nga
bl
endofaut omatedasseti ntel
l
igenceandf i
nancialdataanalysi
scan
miti
gater isks such as the eli
minati
on ofdupl i
cate ser
vices,waste
avoi
danceandpr otect
ingcompanydat a.

6.Pr
ofi
li
ng&Ri
ghtSi
zing

Adopt i
nga‘onesi zef
itsall
’subscr
ipt
ionmodelforSaaSorper for
minga
‘
lif
tandshift’forI
aaS,forexample,wi
llcr
eat
esignif
icantover
spend.Pre-
migration profi
li
ng of cloud requi
rements and f i
ne tuning these
requi
rement sonar ecurri
ngbasissetsthef
oundationforeffecti
vecost
control.Hav i
ng a bedding down per i
od bef
ore maki ng long ter
m
l
icensingcommi t
mentsshouldalsobeconsi
dered.
 7.Subscr
ipt
ionBuf
fer
s

Acquiri
ng cloud servi
cescan becompar ed to doing alargeweekl y
groceryshopwi t
houtal i
st.Therei
sar iskthatyoumi ghter
ront heside
ofcautiontomeetper ceiveddemandbyacqui r
ingsurpluscapacit
ythat
willbeulti
mat el
ywast ed.Havinghighqual i
tydatadr i
veninsi
ghtscan
enablerobustforecast
ingthatcanpreventsubscri
pti
onbuf f
erwastage.

8.Har
vest
ing

Iti
sasi mpl
econceptt hatyoumustgener al
ly‘usei torloseit’whenit
comest ocl
oudservices.Yetmanyor gani
sationsf ailt
ot r
ack,ident
ify
,
andrevi
ewinacti
veli
censes.Theconceptofhar vesti
ngcloudassetson
af r
equentbasis willeli
mi nat
e Zombi e online servi
ces consumi ng
fi
nanci
aland operat
ionalr esources.This can i ncl
ude the complete
removalofl
icensesandassoci atedmont hlybi l
l
ingorr edist
ri
buti
ont o
meetnewdemand.

Thei mpli
cati
onsf ormovingy oursoftwareli
censeestatetoacl oud
i
nfrastr
uctur
earelegit
imat
e, andwit
houtknowingityoucanexposeyour
organi
sati
on to unint
ended compliance consequences whi
ch duri
ng
theseuncert
aineconomictimescouldbef i
nanci
all
ydetri
mental
.

Cri
ti
caltot hesuccessofy ourcl
oudproj
ectisplanningyourmov e
suff
ici
ent
lyandconsider
ingthevari
ousi
mpli
cat
ionsony ourent
erpr
ise
l
icenses befor
e,duri
ng and af
teryourcl
oud migrat
ion i
n or
dert o
opti
misecostasfaraspossi
ble.

*
***
***