Design and Implementation of Security Policy for Public Cloud

Abstract

Cloud computing has become a buzzword of today. Cloud computing is not a completely new concept; it has intricate connection to the established Grid Computing paradigm, and other relevant technologies such as utility computing, cluster computing and distributed systems in general. The term “cloud” is used as a metaphor for the Internet, based on how Internet is depicted in computer network diagrams. Cloud computing promises to cut operational and capital costs and, more importantly, let IT departments focus on strategic projects instead of keeping the datacenters running. Cloud computing is much more than the simple Internet. It is a construct that allows user to access applications that actually reside at a location other than user’s own computer or other Internet-connected devices, most often of a distant datacenter. There are numerous benefits of this construct. For instance, some other company hosts user application. This implies that they handle the cost of servers, they manage the software updates, and depending on contract, user pays less i.e. for the service only. People can simply log in and use their applications wherever they are, therefore cloud computing is convenient for telecommuters and travelling remote workers too. Cloud computing is becoming increasingly relevant, as it will enable companies involved in spreading this technology to open the doors to Web3.0. Cloud Computing has progressed a lot but still challenges like data security, data location, regulatory compliance, privileged user access etc need to be addressed. Amongst these, security and trust issues are major issues, since the user’s data has to be released to the Cloud and thus leaves the protection sphere of the data owner. In this thesis, security issues for Clouds have been analyzed. A user security policy has been designed. Further, a Cloud environment has been setup using Hadoop & the user authentication policy has been verified in this environment.