Difference between revisions of "User:Shawndouglas/sandbox/sublevel1"

From LIMSWiki
Jump to navigationJump to search
Line 1: Line 1:
Cloud computing is built on a wide array of technologies and utilities, including many built on the open source paradigm. According to the Open Source Initiative, open-source software, hardware, etc. is open-source not only because of its implied open access to how it's constructed (e.g., source code, schematics) but also for a number of other reasons<ref name="OSITheOpen07">{{cite web |url=https://opensource.org/osd |title=The Open Source Definition, Version 1.9 |publisher=Open Source Initiative |date=03 June 2007 |accessdate=21 August 2021}}</ref>:
[[File:NIST Cloud Computing Security Reference Architecture (9029002396).jpg|right|500px|thumb|'''Figure 3.''' The ''NIST Cloud Computing Security Reference Architecture'' provides a security overlay to the ''NIST Cloud Computing Reference Architecture'', published in 2011.]]In a 2010 Cloud Computing Adoption Survey by Mimecast, the leading response (46 percent of surveyed IT managers) to the question "Why did you decide against moving to the cloud?" was "security concerns."<ref name="MimecastCloud10">{{cite web |url=https://system.netsuite.com/core/media/media.nl?id=181214&c=601905&h=2ef3796f7c4d9c8a585e&_xt=.pdf |format=PDF |title=Cloud Computing Adoption Survey |author=Mimecast |date=2010 |accessdate=21 August 2021}}</ref> In a separate survey published around the same time by the IEEE and Cloud Security Alliance, "93 percent of respondents said the need for [[cloud computing]] security standards is important; 82 percent said the need is urgent."<ref name="CSASurvey10">{{cite web |url=https://cloudsecurityalliance.org/press-releases/2010/03/01/survey-by-ieee-and-cloud-security-alliance-details-importance-and-urgency-of-cloud-computing-security-standards/ |title=Survey by IEEE and Cloud Security Alliance Details Importance and Urgency of Cloud Computing Security Standards |author=IEEE; Cloud Security Alliance |publisher=Cloud Security Alliance |date=01 March 2010 |accessdate=21 August 2021}}</ref> Fast-forward 10 years and it's easy to see worries about cloud security have eased somewhat in comparison. A Cloud Threat Report by Oracle and KPMG in 2020 found that "40% of [[cybersecurity]] and IT professionals from private and public businesses perceive public clouds as more secure than on-premise environments ... 12% believe public clouds are no more secure or insecure than what they can deliver with on-premises environments, and 2% think public clouds are less secure."<ref name="Bizga40_20">{{cite web |url=https://securityboulevard.com/2020/05/40-of-it-professionals-believe-that-public-clouds-are-more-secure-than-on-premise-environments/ |title=40% of IT professionals believe that public clouds are more secure than on-premise environments |author=Bizga, A. |work=Security Boulevard |date=19 May 2020 |accessdate=21 August 2021}}</ref> A survey less than a year before found similar numbers, also noting, however, that while confidence in cloud security was strong, a strong majority of respondents (71 percent) still believe there are at least moderate concerns about "malicious activity in cloud systems."<ref name="CCCloud19">{{cite web |url=https://www.continuitycentral.com/index.php/news/technology/4384-cloud-is-safer-than-on-premise-say-that-majority-of-security-leaders |title=Cloud is safer than on-premise say that majority of security leaders |publisher=Continuity Central |date=04 September 2019 |accessdate=21 August 2021}}</ref>


* It should be without restriction in how it is "distributed" or used within an aggregate software distribution of many components.
To be sure, there are undoubtedly opportunities for malicious activity within the cloud, which has its own share of complexities. While cloud computing is internet-based (i.e., networked), a networking approach based on normal internet and network standards is not sufficient to address the complexities inherent to many cloud computing implementations.<ref name="MaurerCloud20">{{cite web |url=https://carnegieendowment.org/2020/08/31/cloud-security-primer-for-policymakers-pub-82597 |title=Cloud Security: A Primer for Policymakers |author=Maurer, T.; Hinck, G. |publisher=Carnegie Endowment for International Peace |date=31 August 2020 |accessdate=21 August 2021}}</ref> From integrating public and private clouds to meeting regulations mandating localized data storage, additional considerations must be made as to how best ensure standardized cloud services remain driven on solid security principles. With the transition to cloud, on-site data storage has moved online, with its own set of security nuances. Additionally, increased scalability, interfacing, and proximity to other networked data and systems adds more complexity to security.<ref name="KasperskyWhatIs">{{cite web |url=https://usa.kaspersky.com/resource-center/definitions/what-is-cloud-security |title=What is Cloud Security? |work=Resource Center |publisher=AO Kaspersky Lab |date=2021 |accessdate=21 August 2021}}</ref> As complexity is added, a more standardized approach is called for. Just as the Cloud Native Computing Foundation's (CNCF's) Certified Kubernetes Conformance Program attempts to ensure a standardized conformance of all Kubernetes instances to the Kubernetes [[application programming interface]]s (APIs) for consistency and interoperability across cloud platforms<ref name="SarrelWhyCloud20">{{cite web |url=https://www.hpe.com/us/en/insights/articles/why-cloud-native-open-source-kubernetes-matters-2002.html |title=Why cloud-native open source Kubernetes matters |author=Sarrel, M. |work=enterprise.nxt |publisher=Hewlett Packard Enterprise |date=04 February 2020 |accessdate=21 August 2021}}</ref>, standards organizations like the Institute of Electrical and Electronics Engineers (IEEE), [[International Organization for Standardization]] (ISO), and National Institute of Standards and Technology (NIST) develop standards and guidelines to ensure quality and security across all cloud computing platforms.<ref name="IEEE2301_20">{{cite web |url=https://standards.ieee.org/standard/2301-2020.html |title=IEEE 2301-2020 - IEEE Guide for Cloud Portability and Interoperability Profiles (CPIP) |publisher=IEEE Standards Association |date=30 January 2020 |accessdate=21 August 2021}}</ref><ref name="KirvanTop20">{{cite web |url=https://searchcompliance.techtarget.com/tip/Top-cloud-compliance-standards-and-how-to-use-them |archiveurl=https://web.archive.org/web/20201221150028/https://searchcompliance.techtarget.com/tip/Top-cloud-compliance-standards-and-how-to-use-them |title=Top cloud compliance standards and how to use them |author=Kirvan, P. |work=TechTarget SearchCompliance |date=17 December 2020 |archivedate=21 December 2020 |accessdate=21 August 2021}}</ref>
* It should allow derivatives and modifications under the same terms as the original license, and that license should be portable with the derived or modified item.
* It should permit distribution of software, hardware, etc. built from modified source code or schematics.
* It should be without restriction in what person, organization, business, etc. is permitted to use it.
* Its license should not place restrictions on other software or hardware schematics distributed with the original item.
* Its license should not place technology-specific restriction on how the item is implemented.


Licenses vary widely from product to product, but broadly speaking, this all means if a commercial venture wants to run a significant chunk of its cloud operations on open-source technologies, it should be able to do so, as long as all license requirements are met. This same principle can be seen in early pushes for "open cloud," which emphasizes the need for "interoperability and portability across different clouds" through principles similar to the Open Source Initiative.<ref name="OlavsrudWhyOpen12">{{cite web |url=https://www.cio.com/article/2397213/why-open-source-is-the-key-to-cloud-innovation.html |title=Why Open Source Is the Key to Cloud Innovation |author=Olavsrud, T. |work=CIO |date=13 April 2012 |accessdate=21 August 2021}}</ref>
The next few sections examine the various organizations, agencies, and industries developing and promoting standards, guidelines, and recommendations that shape the proper use of cloud computing platforms. Note that you won't see much about [[Laboratory|laboratories]] and cloud computing in this chapter, as we pan outward and look at cloud standards and security from up high. We'll focus on how all this information relates to laboratories in the coming chapters.
 
One need look no further than to Linux, a family of open-source operating systems, to discover how open-source solutions have gained prevalence in cloud computing and other enterprises. More than 95 percent of the top one million web domains are served up using Linux-based servers.<ref name="PriceTheTrue18">{{cite web |url=https://www.makeuseof.com/tag/linux-market-share/ |title=The True Market Shares of Windows vs. Linux Compared |author=Price, D. |work=MakeUseOf |date=27 March 2018 |accessdate=21 August 2021}}</ref> In 2019, 96.3 percent of the top one billion enterprise business servers were running on Linux.<ref name="FBILinux20">{{cite web |url=https://www.fortunebusinessinsights.com/linux-operating-system-market-103037 |title=Linux Operating System Market Size, Share & Covid-19 Impact Analysis, By Distribution (Virtual Machines, Servers and Desktops), By End-use (Commercial/Enterprise and Individual), and Regional Forecast, 2020-2027 |publisher=Fortune Business Insights |date=June 2020 |accessdate=21 August 2021}}</ref> And Canonical's open-source Ubuntu Linux distribution has garnered a growing reputation in cloud computing and other enterprise scenarios due to its focus on security.<ref name="BurtLocking20">{{cite web |url=https://www.nextplatform.com/2020/04/23/locking-down-linux-for-the-enterprise/ |title=Locking Down Linux for the Enterprise |author=Burt, J. |work=The Next Platform |date=23 April 2020 |accessdate=21 August 2021}}</ref>
 
In fact, Microsoft shifted its formerly anti-Linux stance in the mid-2010s to a stronger embrace of the open-source OS. In 2014, it began offering several Linux distributions in its Azure public cloud platform and infrastructure and announced it would make server-side .NET open-source, while also adding Linux support to its SQL Server and joining the Linux Foundation in 2016.<ref name="OlavsrudMicrosoft16">{{cite web |url=https://www.cio.com/article/3143653/microsoft-embraces-open-source-in-the-cloud-and-on-premises.html |title=Microsoft embraces open source in the cloud and on-premises |author=Olavsrud, T. |work=CIO |date=21 November 2016 |accessdate=21 August 2021}}</ref><ref name="IbanezMicro14">{{cite web |url=https://opensource.com/business/14/11/microsoft-dot-net-empower-open-source-communities |title=Microsoft gets on board with open source |author=Ibanez, L. |work=OpenSource.com |date=19 November 2014 |accessdate=21 August 2021}}</ref><ref name="BranscombeWhat20">{{cite web |url=https://www.techrepublic.com/article/what-is-microsoft-doing-with-linux-everything-you-need-to-know-about-its-plans-for-open-source/ |title=What is Microsoft doing with Linux? Everything you need to know about its plans for open source |author=Branscombe, M. |work=TechRepublic |date=02 December 2020 |accessdate=21 August 2021}}</ref> Why the philosophy change? As Microsoft's Database Systems Manager Rohan Kumar put it in 2016: "In the messy, real world of enterprise IT, hybrid shops are the norm and customers don't need or want vendors to force their hands when it comes to operating systems. Serving these customers means giving them flexibility."<ref name="OlavsrudMicrosoft16" /> That flexibility expanded to open sourcing SONiC, its network operating system, in 2017 and PowerShell, it's task automation and configuration tool, in 2018. Microsoft's Teams client was made available for Linux in 2019<ref name="BranscombeWhat20" />, and other elements of Microsoft Windows continue to see increased compatibility with Linux distributions such as Ubuntu.<ref name="BarnesNoMicro20">{{cite web |url=https://boxofcables.dev/no-microsoft-is-not-rebasing-windows-to-linux/ |title=No, Microsoft is not rebasing Windows to Linux |author=Barnes, H. |work=Box of Cables |date=11 October 2020 |accessdate=21 August 2021}}</ref>
 
Others in Big Tech have also made contributions to open-source cloud-based technologies. Take for example Kubernetes, originally a Google project that eventually was open-sourced in 2014.<ref name="MetzGoogle14">{{cite web |url=https://www.wired.com/2014/06/google-kubernetes/ |title=Google Open Sources Its Secret Weapon in Cloud Computing |author=Metz, C. |work=Wired |date=18 June 2014 |accessdate=21 August 2021}}</ref> The open-source container management tool soon after was donated to the Cloud Native Computing Foundation (CNCF) run by the Linux Foundation, "to help facilitate collaboration among developers and operators on common technologies for deploying cloud native applications and services."<ref name="LardinoisAsKub15">{{cite web |url=https://techcrunch.com/2015/07/21/as-kubernetes-hits-1-0-google-donates-technology-to-newly-formed-cloud-native-computing-foundation-with-ibm-intel-twitter-and-others/ |title=As Kubernetes Hits 1.0, Google Donates Technology To Newly Formed Cloud Native Computing Foundation |author=Lardinois, F. |work=Tech Crunch |date=21 July 2015 |accessdate=21 August 2021}}</ref> Since then, Kubernetes has become an integral part of many a cloud infrastructure due to its ability to provide lightweight, portable containerization—a complete runtime environment—to a bundle of applications run in the cloud. The software also manages resource scaling for applications, manages underlying infrastructure deployment, and allows for automatically mounting local and cloud storages.<ref name="TLFKubernetesAbout21">{{cite web |url=https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/ |title=What is Kubernetes? |author=The Linux Foundation |date=01 February 2021 |accessdate=21 August 2021}}</ref> The open-source nature of the code also allows an organization's developers to review Kubernetes’ code to ensure it's meeting security policies and regulations, as well as make their own tweaks as needed.<ref name="SarrelWhyCloud20">{{cite web |url=https://www.hpe.com/us/en/insights/articles/why-cloud-native-open-source-kubernetes-matters-2002.html |title=Why cloud-native open source Kubernetes matters |author=Sarrel, M. |work=enterprise.nxt |publisher=Hewlett Packard Enterprise |date=04 February 2020 |accessdate=21 August 2021}}</ref> Writing for Hewlett Packard in 2020, entrepreneur Matt Sarrel estimated that some 70 to 85 percent of containerized applications are doing it on top of some version of Kubernetes.<ref name="SarrelWhyCloud20" />
 
Finally, other open-source software tools complement cloud computing efforts. For example, applications like Apache CloudStack, Cloudify, ManageIQ, and OpenStack put open-source cloud management in the hands of a cloud-ops team.<ref name="LinthicumFour20">{{cite web |url=https://techbeacon.com/enterprise-it/4-essential-open-source-tools-cloud-management |title=4 essential open-source tools for cloud management |author=Linthicum, D. |work=TechBeacon |date=2020 |accessdate=21 August 2021}}</ref> Eucalyptus is "open-source software for building AWS-compatible private and hybrid clouds."<ref name="EucHome">{{cite web |url=https://www.eucalyptus.cloud/ |title=Eucalyptus |publisher=Appscale Systems |accessdate=21 August 2021}}</ref> Keylime is a security tool that allows users "to check for themselves that the cloud storing their data is as secure as the cloud computer owners say it is."<ref name="MillarLab19">{{cite web |url=https://www.ll.mit.edu/news/laboratory-staff-develop-new-cybersecurity-solutions-cloud-computing |title=Laboratory staff develop new cybersecurity solutions for cloud computing |author=Millar, M. |publisher=Lincoln Laboratory - MIT |date=27 August 2019 |accessdate=21 August 2021}}</ref> And the OpenStack project, with its collection of software components enabling cloud infrastructure, can't be forgotten.<ref name="OpenStack">{{cite web |url=https://www.openstack.org/ |title=OpenStack |publisher=Open Infrastructure Foundation |accessdate=21 August 2021}}</ref> These and other open-source tools continue to drive how cloud computing is implemented, managed, and monitored, while highlighting the importance of the open source paradigm to cloud computing.


==References==
==References==
{{Reflist|colwidth=30em}}
{{Reflist|colwidth=30em}}

Revision as of 22:49, 3 February 2022

Figure 3. The NIST Cloud Computing Security Reference Architecture provides a security overlay to the NIST Cloud Computing Reference Architecture, published in 2011.

In a 2010 Cloud Computing Adoption Survey by Mimecast, the leading response (46 percent of surveyed IT managers) to the question "Why did you decide against moving to the cloud?" was "security concerns."[1] In a separate survey published around the same time by the IEEE and Cloud Security Alliance, "93 percent of respondents said the need for cloud computing security standards is important; 82 percent said the need is urgent."[2] Fast-forward 10 years and it's easy to see worries about cloud security have eased somewhat in comparison. A Cloud Threat Report by Oracle and KPMG in 2020 found that "40% of cybersecurity and IT professionals from private and public businesses perceive public clouds as more secure than on-premise environments ... 12% believe public clouds are no more secure or insecure than what they can deliver with on-premises environments, and 2% think public clouds are less secure."[3] A survey less than a year before found similar numbers, also noting, however, that while confidence in cloud security was strong, a strong majority of respondents (71 percent) still believe there are at least moderate concerns about "malicious activity in cloud systems."[4]

To be sure, there are undoubtedly opportunities for malicious activity within the cloud, which has its own share of complexities. While cloud computing is internet-based (i.e., networked), a networking approach based on normal internet and network standards is not sufficient to address the complexities inherent to many cloud computing implementations.[5] From integrating public and private clouds to meeting regulations mandating localized data storage, additional considerations must be made as to how best ensure standardized cloud services remain driven on solid security principles. With the transition to cloud, on-site data storage has moved online, with its own set of security nuances. Additionally, increased scalability, interfacing, and proximity to other networked data and systems adds more complexity to security.[6] As complexity is added, a more standardized approach is called for. Just as the Cloud Native Computing Foundation's (CNCF's) Certified Kubernetes Conformance Program attempts to ensure a standardized conformance of all Kubernetes instances to the Kubernetes application programming interfaces (APIs) for consistency and interoperability across cloud platforms[7], standards organizations like the Institute of Electrical and Electronics Engineers (IEEE), International Organization for Standardization (ISO), and National Institute of Standards and Technology (NIST) develop standards and guidelines to ensure quality and security across all cloud computing platforms.[8][9]

The next few sections examine the various organizations, agencies, and industries developing and promoting standards, guidelines, and recommendations that shape the proper use of cloud computing platforms. Note that you won't see much about laboratories and cloud computing in this chapter, as we pan outward and look at cloud standards and security from up high. We'll focus on how all this information relates to laboratories in the coming chapters.

References

  1. Mimecast (2010). "Cloud Computing Adoption Survey" (PDF). https://system.netsuite.com/core/media/media.nl?id=181214&c=601905&h=2ef3796f7c4d9c8a585e&_xt=.pdf. Retrieved 21 August 2021. 
  2. IEEE; Cloud Security Alliance (1 March 2010). "Survey by IEEE and Cloud Security Alliance Details Importance and Urgency of Cloud Computing Security Standards". Cloud Security Alliance. https://cloudsecurityalliance.org/press-releases/2010/03/01/survey-by-ieee-and-cloud-security-alliance-details-importance-and-urgency-of-cloud-computing-security-standards/. Retrieved 21 August 2021. 
  3. Bizga, A. (19 May 2020). "40% of IT professionals believe that public clouds are more secure than on-premise environments". Security Boulevard. https://securityboulevard.com/2020/05/40-of-it-professionals-believe-that-public-clouds-are-more-secure-than-on-premise-environments/. Retrieved 21 August 2021. 
  4. "Cloud is safer than on-premise say that majority of security leaders". Continuity Central. 4 September 2019. https://www.continuitycentral.com/index.php/news/technology/4384-cloud-is-safer-than-on-premise-say-that-majority-of-security-leaders. Retrieved 21 August 2021. 
  5. Maurer, T.; Hinck, G. (31 August 2020). "Cloud Security: A Primer for Policymakers". Carnegie Endowment for International Peace. https://carnegieendowment.org/2020/08/31/cloud-security-primer-for-policymakers-pub-82597. Retrieved 21 August 2021. 
  6. "What is Cloud Security?". Resource Center. AO Kaspersky Lab. 2021. https://usa.kaspersky.com/resource-center/definitions/what-is-cloud-security. Retrieved 21 August 2021. 
  7. Sarrel, M. (4 February 2020). "Why cloud-native open source Kubernetes matters". enterprise.nxt. Hewlett Packard Enterprise. https://www.hpe.com/us/en/insights/articles/why-cloud-native-open-source-kubernetes-matters-2002.html. Retrieved 21 August 2021. 
  8. "IEEE 2301-2020 - IEEE Guide for Cloud Portability and Interoperability Profiles (CPIP)". IEEE Standards Association. 30 January 2020. https://standards.ieee.org/standard/2301-2020.html. Retrieved 21 August 2021. 
  9. Kirvan, P. (17 December 2020). "Top cloud compliance standards and how to use them". TechTarget SearchCompliance. Archived from the original on 21 December 2020. https://web.archive.org/web/20201221150028/https://searchcompliance.techtarget.com/tip/Top-cloud-compliance-standards-and-how-to-use-them. Retrieved 21 August 2021.