Cloud computing is the delivery of capabilities—such as software or platforms that provide analytics, networking, and more—and infrastructure—such as storage, servers, or databases—over the internet by cloud service providers (CSPs) who manage those capabilities for the users that access them.
As organizations seek more business or mission agility, moving to the cloud is an IT strategy that provides higher flexibility, and, possibly, lower operating costs. The transition to the cloud, however, is not always easy.
CSPs deliver services in a pay-per-use cost model, so application architecture approaches that work well in a data center environment might not result in the lower operating costs that organizations seek when moving to the cloud. To achieve the benefits of cloud computing, organizations must make careful architecture tradeoffs to decide which CSP-provided services to use based on quality attributes such as portability, cost considerations, and time to field. Systems using cloud computing also need high automation of deployment, testing, and operational monitoring, which drives the architecture approach.
Security and resilience are significant concerns in cloud computing because CSPs and users share responsibility for cloud operating and system management. Organizations with special security needs, such as those connected to the Department of Defense (DoD), must work closely with their CSP to make sure their requirements are met. Doing so requires a good understanding of cloud technology, vetting a CSP’s policies, and negotiating an agreement that will ensure your organization’s security policies are met.
Cloud technology can also help first responders, disaster-relief workers, and soldiers run the resource-intensive computing they need to ensure mission success at the network edge. However, access to cloud computation and data in such environments is not always available. A challenge therefore becomes how to “carve out” a piece of the cloud to make it accessible to personnel operating at the network edge in a secure, reliable, and timely manner.
The level of change needed to establish appropriate operational and cybersecurity management for cloud and cloud-like environments is too great for individual programs to handle in an ad hoc manner.
Carol Woody SEI Principal Researcher
Secure and Reliable Cloud Computing
The SEI is working to help the DoD, as well as other organizations and government agencies, modernize their systems with cloud technology. To do so, we identify the threats and vulnerabilities involved in migrating to the cloud, and we develop practices to help organizations make the transition to the cloud as secure as possible.
Ensuring your organization’s security in the cloud involves managing a wide range of issues, from technical details, to commercial, financial, legal, and compliance risks. Organizations must establish meaningful service level agreements (SLAs) with their CSP, and they must their monitor the CSP’s security performance. Doing so is often difficult because CSPs are sometimes not completely transparent. Our work with cloud computing has resulted in process- and data-driven approaches that help organizations work through these significant challenges through attention to both architecture and processes, and establish more transparency between themselves and their CSPs.
The SEI has also worked on the problem of delivering cloud capabilities to users that have limited or intermittent connections to a wide-area network, such first responders to a natural disaster and soldiers at the tactical edge. To do so, we developed tactical cloudlets, which are forward-deployed, discoverable computing nodes that can be hosted on vehicles or other platforms to provide capabilities such as (1) infrastructure to offload computation, (2) forward-data-staging for missions, (3) filtering to remove unnecessary data from streams intended for mobile users, and (4) collection points for data heading to enterprise repositories, such as data collected by IoT devices. To ensure that only authorized personnel have access to cloudlets deployed in the field, the SEI has also developed and integrated fully-disconnected, secure credential generation and exchange into tactical cloudlets.
What We Offer
This webcast addressed a few of the causes for cloud transition issues, as well as identified some practices that will assist organizations as they plan to transition assets and capabilities to the cloud.
This webinar presents the tactical cloudlet concept and experimentation results for five different cloudlet provisioning mechanisms.
The Latest from the SEI Blog
March 03, 2019 • Blog Post
In December, a grand jury indicted members of the APT10 group for a tactical campaign known as Operation Cloud Hopper, a global series of sustained attacks against managed service providers and, subsequently, their...read
Our Vision for the Future of Cloud Computing
The growing deployment of IoT devices to support missions, ranging from enterprise to the tactical edge, is also pushing what is becoming known as the cloud-to-edge continuum. Computing capabilities are pushed from the cloud to edge devices to process data collected at the edge, instead of sending all data back to the cloud for processing, which is inefficient. Automating this process—from build in the cloud to secure deployment at the edge—is an area of SEI interest and research.
To stay up to date on the future of cloud computing, subscribe to our blog or contact us.