Part V:
Security and Other Topics
We have described in the 14 preceding chapters how to use cloud services to store
data and perform computations. We have shown how to use platform services
for data analytics, streaming data and machine learning, and how you can build
your own services using the Globus platform. In the two remaining chapters, we
discuss one essential topic, namely security, and discuss historical perspectives,
contemporary critiques of cloud, and futures.
Throughout the preceding chapters we touched only lightly on security. Now
that you have a more complete view of cloud features and capabilities, it is time to
return to the subject of security in a more comprehensive manner. In chapter 15,
we first address the issue of security responsibility: which secu rity and privacy
issues are the job of the cloud provider and which belong to you. One way to
understand this bifurcation is that the cloud provider is responsible for the security
of the cloud, while you are responsible for what you do in the cloud.
We then address three central security topics: securing data that you move
to the cl oud , securing access to the virtual machines and containers that you
create in the cloud, and using cloud services in a secure manner. We discuss user
authentication and authorization: determining who someone is and what they are
allowed to do. We described Globus authentication and authorization mechanisms
in chapter 11; here, we discuss additional approaches, including Amazon’s and
Azure’s role-based access control mechanisms. We also cover virtual machine and
container security and how to secure the cloud software services that you create.
In chapter 16, we explore the history that led to the current cloud environment.
We also return to the pros and cons of public cloud computing, a topic that we
first ad dress ed in section 4.4 on page 68 but now revisit with a broader perspective.
We conclude with a lo o k at future trends in cloud data center architecture and
newly emerging approaches to cloud software.
313