Cloud Services Gateway: A Tool for Exposing Private Services to the Public Cloud with Fine-grained Control

By enabling users to allocate computing resources on demand, cheaply, and in an elastic manner, Cloud Computing has made large computation resources available to small and medium size organizations. However, using the Cloud requires users to place their computations, data, or both in a shared data center own by an outsider. This sharing has raised many security concerns. Such concerns are much apparent with use cases like health informatics, where the security of the information is critical and imposed by government regulations. We propose a hybrid approach to solve this problem, where only computations are moved to the public domains while keeping the data within the private network, and computations may access data through a set of services that expose data following the Principle of Least Privilege. Such architectures will, however, require computations in the cloud to connect to the local network that holds the data, and the obvious solution: that is opening up ports in the organizational firewall could potentially create security loopholes. As an alternative, we propose Cloud Services Gateway (CSG), which enable users to selectively expose their private services that reside inside a firewall to outside clients while maintaining fine grained control. This paper motivates hybrid Cloud architectures and presents the architecture and design decisions of Cloud Services Gateway.