Page 1044 - Cloud computing: From paradigm to operation
P. 1044
7 Security
− the storage location including local and/or remote;
− the retention periods for backup data;
− the procedures to test the backup data.
Before choosing CSP, CSC should confirm whether that CSP could meet the security clause of the SLA
including the capability of backup. If CSP does not provide a backup capability, CSC should fully consider a
backup strategy and implementation. Otherwise, if CSP provides a backup capability, then CSC should
cooperate with CSP to carry out backup operations.
CSP should share the essential details of the backup mechanism with CSCs. When dealing with backup, CSPs
should address the specifications to meet each of the following CSC's requirements:
1) Backup strategy: Since each CSC has individual needs in backup, the related factors should be
primarily considered, which include:
− Reasonable recovery point objective (RPO) and recovery time objectives (RTO). RPO indicates
the time span between two consecutive backup activities, while RTO reflects how long it takes
to roll-back to a backup.
− Reasonable retention policy: The policy should specify the copy number of a backup.
− Reasonable combination of file-level backup and virtual machine level backup: The combination
should satisfy an optimal investment cost, which is based upon RPO and RTO.
− Reasonable combination of on-site backup and off-site backup: The on-site backup is stored in
the local site, which could meet the need of fast disaster recovery. The off-site backup is stored
in a remote site, which is needed to cope with a major disaster. The combination depends on
the requirement of the security clause of the SLA, and the investment cost.
− Regular test procedures of recovery: The recovery test is the ultimate method to verify the
validity of a backup.
2) Task arrangement: Once the backup strategy is determined, CSPs should make an appropriate task
arrangement of backup operations. To reduce the impact on the performance of the cloud
computing infrastructure, the backup task arrangement should depend on CSC's backup
requirements, the network traffic pattern and the backup capability of CSP.
3) Procedures to check the validation of backup: A complete and correct data copy means a successful
backup operation. Generally, the procedures should contain the following two main steps:
− Using a one-way hash function to verify that the backup is consistent with the original data. If
the backup is the same as the original, then go to the next step. Moreover, a digital signature
method could be used to verify the backup operator, which can introduce some benefit to the
management of backup operation.
− Taking a recovery test for the backup. As the continuous change in the cloud computing
environment, regular recovery test is critical.
4) Prudence about the snapshots of the virtual machine: In a cloud computing scenario, the snapshot
method provides a quick and easy means of rollback, which could act as a backup method to a
certain extent. However, the snapshot method should not be used frequently due to the following
reasons:
− Snapshots allow the same data to multiply and to be written in different snapshot files, which
could easily bring about serious performance degradation and rapid storage occupancy in the
cloud computing systems.
− In order to reduce storage occupancy, a chain of an original virtual machine snapshots is often
configured to merely contain the difference from the first snapshot. Once the first snapshot is
destroyed, the successive snapshots would end up being invalid. The security risk is magnified
as the rate of successive snapshots increases.
1036
