SlideShare uma empresa Scribd logo

Cloud Security

P
Pyingkodi Maran

Cloud Security

Engenharia
1 de 29
Baixar para ler offline
Dr.M.Pyingkodi Dept of Computer Applications Kongu Engineering College Erode, India pyingkodikongu@gmail.com
Cloud Security Consists of a set of policies, controls, procedures and technologies that work together to protect » Cloud-based systems » Data and » infrastructure Procedures and technology that secure cloud computing environments against both external and insider cybersecurity threats. Security measures are configured to protect cloud data, support regulatory compliance Protect customers privacy as well as setting authentication rules for individual users and devices. From authenticating access to filtering traffic, cloud security can be configured to the exact needs of the business
Cloud Security Challenges People can attack network hosts and web apps as fast as they can be protected. Cloud administrators should test their environments and have the latest security audits and reports. Take care when adopting new technologies, such as AI and machine learning, which use many data sources
Areas of cloud computing that they felt were uniquely troublesome • Auditing A cloud auditor can make an assessment of the security controls in the information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to the security requirements for the system • Data integrity • e-Discovery for legal compliance E-discovery is still reliable for organizing and preserving data for legal compliance, but e-discovery in the cloud and container-based storage complicate governance processes. • Privacy • Recovery • Regulatory compliance Cloud compliance is about complying with the laws and regulations
To evaluate your risks Need to perform the following analysis 1.Determine which resources (data, services, or applications) you are planning to move to the cloud. 2.Determine the sensitivity of the resource to risk. Risks that need to be evaluated are loss of privacy, unauthorized access by others, loss of data, and interruptions in availability 3.Determine the risk associated with the particular cloud type for a resource. 4.Take into account the particular cloud service model that you will be using. 5.If you have selected a particular cloud service provider, you need to evaluate its system to understand how data is transferred, where it is stored, and how to move data both in and out of the cloud.
Cloud Computing Categories 1. Public cloud services, operated by a public cloud provider software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and platform-as-a-service (PaaS). 2.Private cloud services, operated by a public cloud provider These services provide a computing environment dedicated to one customer, operated by a third party. 3.Private cloud services, operated by internal staff These services are an evolution of the traditional data center, where internal staff operates a virtual environment they control. 4.Hybrid cloud services Private and public cloud computing configurations can be combined, hosting workloads and data based on optimizing factors such as cost, security, operations and access. Operation will involve internal staff, and optionally the public cloud provider.
Cloud Security Alliance The security boundary The boundary between the responsibility of the service provider is separate from the responsibility of the customer. The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA’s comprehensive research program works in collaboration with industry, higher education and government on a global basis.
The CSA partitions its guidance into a set of operational domains • Governance and enterprise risk management • Legal and electronic discovery • Compliance and audit • Information lifecycle management • Portability and interoperability • Traditional security, business continuity, and disaster recovery • Datacenter operations • Incidence response, notification, and remediation • Application security • Encryption and key management • Identity and access management • Virtualization
Security service boundary
Security service boundary In the SaaS model, the vendor provides security as part of the Service Level Agreement, with the compliance, governance, and liability levels stipulated under the contract for the entire stack. For the PaaS model, the security boundary may be defined for the vendor to include the software framework and middleware layer. In the PaaS model, the customer would be responsible for the security of the application and UI at the top of the stack. The model with the least built-in security is IaaS, where everything that involves software of any kind is the customer’s problem.
Security Responsibilities by Services Models
Security mapping The cloud service model you choose determines where in the proposed deployment the variety of security features, compliance auditing, and other requirements must be placed. To determine the particular security mechanisms you need, you must perform a mapping of the particular cloud service model to the particular application you are deploying. These mechanisms must be supported by the various controls that are provided by your service provider, your organization, or a third party. A security control model includes the security that you normally use for your applications, data, management, network, and physical hardware
Securing Data Securing data sent to, received from, and stored in the cloud is the single largest security concern that most organizations should have with cloud computing These are the key mechanisms for protecting ❖Access control ❖Auditing ❖ Authentication ❖Authorization data mechanisms
Brokered Cloud Storage Access The problem with the data you store in the cloud is that it can be located anywhere in the cloud service provider’s system: In another datacenter, another state or province, and in many cases even in another country. Therefore, to protect your cloud storage assets, you want to find a way to isolate data from direct client access. Brokered Cloud Storage Access is an approach for isolating storage in the cloud. In this approach, two services are created: A broker with full access to storage but no access to client. A proxy with no access to storage but access to both client and broker.
Brokered Cloud Storage Access Isolated Access to Data Data stored in cloud can be retrieved from anywhere, hence it should have a mechanism to isolate data and protect it from clients direct access. To isolate storage in the cloud, Brokered Cloud Storage Access is an approach. Following two services are generated in this approach: • A broker with complete access to storage, but no access to client. • A proxy with no access to storage, but access to client and broker both. The broker does not need full access to the cloud storage, but it may be configured to grant READ and QUERY operations, while not allowing APPEND or DELETE. The proxy has a limited trust role, while the broker can run with higher privileges or even as native code.
Security mapping Two services are in the direct data path between the client and data stored in the cloud. A broker with complete access to storage, but no access to client. A proxy with no access to storage, but access to client and broker both. Under this system, when a client makes a request for data, here’s what happens: 1. The request goes to the external service interface (or endpoint) of the proxy, which has only a partial trust. 2. The proxy, using its internal interface, forwards the request to the broker. 3. The broker requests the data from the cloud storage system. 4. The storage system returns the results to the broker. 5. The broker returns the results to the proxy. 6. The proxy completes the response by sending the data requested to the client.
Working of Brokered Cloud Access System
Creation of Storage Zones with Associated Encryption Keys
Storage location and Tenancy data stored in the cloud is usually stored from multiple tenants, each vendor has its own unique method for segregating one customer’s data from another. Important to have some understanding of how your specific service provider maintains data segregation. Most cloud service providers store data in an encrypted form. Encryption does present its own set of problems. There is a problem with encrypted data, the result is that the data may not be recoverable
Encryption • Strong encryption technology is a core technology for protecting data in transit to and from the cloud as well as data stored in the cloud. • The goal of encrypted cloud storage is to create a virtual private storage system that maintains confidentiality and data integrity while maintaining the benefits of cloud storage: ubiquitous, reliable, shared data storage. • Encryption should separate stored data (data at rest) from data in transit. • Microsoft allows up to five security accounts per client, and you can use these different accounts to create different zones. • On Amazon Web Service, you can create multiple keys and rotate those keys during different sessions. • Keys should have a defined lifecycle. • Among the schemes used to protect keys are the creation of secure key stores that have restricted role-based access, automated key stores backup, and recovery techniques. • It’s a good idea to separate key management from the cloud provider
Auditing and compliance Logging is the recording of events into a repository; auditing is the ability to monitor the events to understand performance. Logging and auditing is an important function because it is not only necessary for evaluation performance. Logs should record system, application, and security events, at the very minimum. Cloud service providers often have proprietary log formats that you need to be aware of. Monitoring and analysis tools you use need to be aware of these logs and able to work with them. Cloud services are both multitenant and multisite operations, the logging activity and data for different clients may not only be co-located, they may also be moving across a landscape of different hosts and sites.
Compliance under the laws of the governing bodies • Which regulations apply to your use of a particular cloud computing service • Which regulations apply to the cloud service provider and where the demarcation line falls for responsibilities • How your cloud service provider will support your need for information associated with regulation • How to work with the regulator to provide the information necessary regardless of who had the responsibility to collect the data
SLAs that enforce for protections • You have contracts reviewed by your legal staff. • You have a right-to-audit clause in your SLA. • You review any third parties who are service providers and assess their impact on security and regulatory compliance. • You understand the scope of the regulations that apply to your cloud computing applications and services. • You consider what steps you must take to comply with the demands of regulations that apply. • You consider adjusting your procedures to comply with regulations. • You collect and maintain the evidence of your compliance with regulations. • You determine whether your cloud service provider can provide an audit statement that is SAS 70 Type II-compliant.
Establishing Identity • Managing personal identity information so that access to computer resources, applications, data, and services is controlled properly. • IDaaS is cloud-based authentication built and operated by a third-party provider. • The goal of an Identity Service is to ensure users are who they claim to be, and to give them the right kinds of access to software applications, files, or other resources at the right times • Identity management is a primary mechanism for controlling access to data in the cloud, prevent_x0002_ing unauthorized uses, maintaining user roles, and complying with regulations.
Presence • Its purpose is to signal availability for interaction over a network. • It is used on networks to indicate the status of available parties and their location • Presence is an enabling technology for peer-to-peer interaction. • it adds context that can modify services and service delivery • Among the cloud computing services that rely on • presence information are telephony systems such as VoIP, instant messaging services (IM), and geo-location-based systems such as GPS. • Presence is playing an important role in cell phones, particularly smart phones.
Identity protocol standards Identity Protocol Standards define how exchange identity information between parties. Many protocols that provide identity services form the basis to create interoperability among services. Commonly used Identity protocol standards: • OpenID • XACML and SAML • OAuth Cloud computing requires the following: • That you establish an identity • That the identity be authenticated • That the authentication be portable • That authentication provide access to cloud
OpenID ❖It is the standard associated with creating an identity and authenticate its use by a third-party service. ❖It is the key to creating Single Sign-On (SSO) systems. ❖OpenID doesn’t specify the means for authentication of an identity; a particular system should execute the authentication process. ❖Authentication can be by a Challenge and Response Protocol (CHAP), through smart card, or a biometric measurement. In OpenIDL, the authentication procedure has the following steps: • The end-user uses a program like a browser that is called a user agent to enter an OpenID identifier. • The OpenID is presented to a service that provides access to the resource that is desired. • An entity called a relaying party queries the OpenID identity provider to authenticate the accuracy of the OpenID credentials. • The authentication is sent back to the relaying party from the identity provider and access is either provided or denied.
OAuth • An open standard called OAuth provides a token service that can be used to present validated access to resources. • The use of OAuth tokens allows clients to present credentials that contain no account information (userID or password) to a cloud service. • The token comes with a defined period after which it can no longer be used.
Windows Azure Identity Standards The Windows Azure Platform uses a claims-based identity based on open authentication and access protocols. These standards may be used without modification on a system that is running in the cloud or on-premises. Windows Azure security draws on the following three services: • Active Directory Federation Services 2.0 It is a Security Token Service (STS) that allows users to authenticate their access to applications both locally and in the cloud with a claims- based identity. • Windows Azure AppFabric Access Control Service Claims-based identity system is built directly into the AppFabric Access Control authentication and claims-based authorization access. • Windows Identity Foundation (WIF) SOAP service (WCF-SOAP) into a unified object model. This allows WIF to have full access to the features of WS-Security and to work with tokens in the SAML format.

Recomendados

Cloud Security
Cloud SecurityCloud Security
Cloud SecurityPyingkodi Maran
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESHappiest Minds Technologies
 
Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfCiente
 
Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Intelligentia IT Systems Pvt. Ltd.
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 

Recomendados

Cloud Security
Cloud SecurityCloud Security
Cloud SecurityPyingkodi Maran
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESHappiest Minds Technologies
 
Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfCiente
 
Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Intelligentia IT Systems Pvt. Ltd.
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the CloudEpoch Universal, Inc.
 
UNIT -V.docx
UNIT -V.docxUNIT -V.docx
UNIT -V.docxRevathiparamanathan
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
 
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...IRJET Journal
 
1784 1788
1784 17881784 1788
1784 1788Editor IJARCET
 
1784 1788
1784 17881784 1788
1784 1788Editor IJARCET
 
Security issues in cloud database
Security issues in cloud database Security issues in cloud database
Security issues in cloud database أحلام انصارى
 
Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...eSAT Journals
 
Enhanced security framework to ensure data security
Enhanced security framework to ensure data securityEnhanced security framework to ensure data security
Enhanced security framework to ensure data securityeSAT Publishing House
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
Enhanced Data Partitioning Technique for Improving Cloud Data Storage Security
Enhanced Data Partitioning Technique for Improving Cloud Data Storage SecurityEnhanced Data Partitioning Technique for Improving Cloud Data Storage Security
Enhanced Data Partitioning Technique for Improving Cloud Data Storage SecurityEditor IJMTER
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
 
CLOUD COMPUTING AND STORAGE
CLOUD COMPUTING AND STORAGECLOUD COMPUTING AND STORAGE
CLOUD COMPUTING AND STORAGEShalini Toluchuri
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
Pillars Of Cloud Computing: Decoding The Fundamentals
Pillars Of Cloud Computing: Decoding The FundamentalsPillars Of Cloud Computing: Decoding The Fundamentals
Pillars Of Cloud Computing: Decoding The FundamentalsCiente
 
Secure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudSecure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudIJERA Editor
 
J017236366
J017236366J017236366
J017236366IOSR Journals
 
Health Monitoring System using IoT.doc
Health Monitoring System using IoT.docHealth Monitoring System using IoT.doc
Health Monitoring System using IoT.docPyingkodi Maran
 
IoT Industry Adaptation of AI.ppt
IoT Industry Adaptation of AI.pptIoT Industry Adaptation of AI.ppt
IoT Industry Adaptation of AI.pptPyingkodi Maran
 

Mais conteúdo relacionado

Semelhante a Cloud Security

A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
 
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...IRJET Journal
 
Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...eSAT Journals
 
Enhanced security framework to ensure data security
Enhanced security framework to ensure data securityEnhanced security framework to ensure data security
Enhanced security framework to ensure data securityeSAT Publishing House
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
Enhanced Data Partitioning Technique for Improving Cloud Data Storage Security
Enhanced Data Partitioning Technique for Improving Cloud Data Storage SecurityEnhanced Data Partitioning Technique for Improving Cloud Data Storage Security
Enhanced Data Partitioning Technique for Improving Cloud Data Storage SecurityEditor IJMTER
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
Pillars Of Cloud Computing: Decoding The Fundamentals
Pillars Of Cloud Computing: Decoding The FundamentalsPillars Of Cloud Computing: Decoding The Fundamentals
Pillars Of Cloud Computing: Decoding The FundamentalsCiente
 
Secure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudSecure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudIJERA Editor
 

Semelhante a Cloud Security (20)

Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the Cloud
 
UNIT -V.docx
UNIT -V.docxUNIT -V.docx
UNIT -V.docx
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
 
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
 
1784 1788
1784 17881784 1788
1784 1788
 
1784 1788
1784 17881784 1788
1784 1788
 
Security issues in cloud database
Security issues in cloud database Security issues in cloud database
Security issues in cloud database
 
Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...
 
Enhanced security framework to ensure data security
Enhanced security framework to ensure data securityEnhanced security framework to ensure data security
Enhanced security framework to ensure data security
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
Enhanced Data Partitioning Technique for Improving Cloud Data Storage Security
Enhanced Data Partitioning Technique for Improving Cloud Data Storage SecurityEnhanced Data Partitioning Technique for Improving Cloud Data Storage Security
Enhanced Data Partitioning Technique for Improving Cloud Data Storage Security
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocol
 
CLOUD COMPUTING AND STORAGE
CLOUD COMPUTING AND STORAGECLOUD COMPUTING AND STORAGE
CLOUD COMPUTING AND STORAGE
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
Pillars Of Cloud Computing: Decoding The Fundamentals
Pillars Of Cloud Computing: Decoding The FundamentalsPillars Of Cloud Computing: Decoding The Fundamentals
Pillars Of Cloud Computing: Decoding The Fundamentals
 
Secure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudSecure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted Cloud
 
J017236366
J017236366J017236366
J017236366
 

Mais de Pyingkodi Maran

Health Monitoring System using IoT.doc
Health Monitoring System using IoT.docHealth Monitoring System using IoT.doc
Health Monitoring System using IoT.docPyingkodi Maran
 
IoT Industry Adaptation of AI.ppt
IoT Industry Adaptation of AI.pptIoT Industry Adaptation of AI.ppt
IoT Industry Adaptation of AI.pptPyingkodi Maran
 
Creation of Web Portal using DURPAL
Creation of Web Portal using DURPALCreation of Web Portal using DURPAL
Creation of Web Portal using DURPALPyingkodi Maran
 
AWS Relational Database Instance
AWS Relational Database InstanceAWS Relational Database Instance
AWS Relational Database InstancePyingkodi Maran
 
Creation of AWS Instance in Cloud Platform
Creation of AWS Instance in Cloud PlatformCreation of AWS Instance in Cloud Platform
Creation of AWS Instance in Cloud PlatformPyingkodi Maran
 
Cloud Computing Introduction
Cloud Computing IntroductionCloud Computing Introduction
Cloud Computing IntroductionPyingkodi Maran
 
Supervised Machine Learning Algorithm
Supervised Machine Learning AlgorithmSupervised Machine Learning Algorithm
Supervised Machine Learning AlgorithmPyingkodi Maran
 
Unsupervised Learning in Machine Learning
Unsupervised Learning in Machine LearningUnsupervised Learning in Machine Learning
Unsupervised Learning in Machine LearningPyingkodi Maran
 
Feature Engineering in Machine Learning
Feature Engineering in Machine LearningFeature Engineering in Machine Learning
Feature Engineering in Machine LearningPyingkodi Maran
 
Relational Database and Relational Algebra
Relational Database and Relational AlgebraRelational Database and Relational Algebra
Relational Database and Relational AlgebraPyingkodi Maran
 
IoT Real world Applications.pdf
IoT Real world Applications.pdfIoT Real world Applications.pdf
IoT Real world Applications.pdfPyingkodi Maran
 

Mais de Pyingkodi Maran (20)

Health Monitoring System using IoT.doc
Health Monitoring System using IoT.docHealth Monitoring System using IoT.doc
Health Monitoring System using IoT.doc
 
IoT Industry Adaptation of AI.ppt
IoT Industry Adaptation of AI.pptIoT Industry Adaptation of AI.ppt
IoT Industry Adaptation of AI.ppt
 
IoT_Testing.ppt
IoT_Testing.pptIoT_Testing.ppt
IoT_Testing.ppt
 
Azure Devops
Azure DevopsAzure Devops
Azure Devops
 
Creation of Web Portal using DURPAL
Creation of Web Portal using DURPALCreation of Web Portal using DURPAL
Creation of Web Portal using DURPAL
 
AWS Relational Database Instance
AWS Relational Database InstanceAWS Relational Database Instance
AWS Relational Database Instance
 
AWS S3 Buckets
AWS S3 BucketsAWS S3 Buckets
AWS S3 Buckets
 
Creation of AWS Instance in Cloud Platform
Creation of AWS Instance in Cloud PlatformCreation of AWS Instance in Cloud Platform
Creation of AWS Instance in Cloud Platform
 
Amazon Web Service.pdf
Amazon Web Service.pdfAmazon Web Service.pdf
Amazon Web Service.pdf
 
Cloud Computing Introduction
Cloud Computing IntroductionCloud Computing Introduction
Cloud Computing Introduction
 
Supervised Machine Learning Algorithm
Supervised Machine Learning AlgorithmSupervised Machine Learning Algorithm
Supervised Machine Learning Algorithm
 
Unsupervised Learning in Machine Learning
Unsupervised Learning in Machine LearningUnsupervised Learning in Machine Learning
Unsupervised Learning in Machine Learning
 
Feature Engineering in Machine Learning
Feature Engineering in Machine LearningFeature Engineering in Machine Learning
Feature Engineering in Machine Learning
 
Normalization in DBMS
Normalization in DBMSNormalization in DBMS
Normalization in DBMS
 
Relational Database and Relational Algebra
Relational Database and Relational AlgebraRelational Database and Relational Algebra
Relational Database and Relational Algebra
 
Transaction in DBMS
Transaction in DBMSTransaction in DBMS
Transaction in DBMS
 
IoT_Frameworks_.pdf
IoT_Frameworks_.pdfIoT_Frameworks_.pdf
IoT_Frameworks_.pdf
 
IoT Real world Applications.pdf
IoT Real world Applications.pdfIoT Real world Applications.pdf
IoT Real world Applications.pdf
 
IoT_Introduction.pdf
IoT_Introduction.pdfIoT_Introduction.pdf
IoT_Introduction.pdf
 
Keys in DBMS
Keys in DBMSKeys in DBMS
Keys in DBMS
 

Último

Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...ranjana rawat
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 

Último (20)

Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 

Cloud Security

  • 1. Dr.M.Pyingkodi Dept of Computer Applications Kongu Engineering College Erode, India pyingkodikongu@gmail.com
  • 2. Cloud Security Consists of a set of policies, controls, procedures and technologies that work together to protect » Cloud-based systems » Data and » infrastructure Procedures and technology that secure cloud computing environments against both external and insider cybersecurity threats. Security measures are configured to protect cloud data, support regulatory compliance Protect customers privacy as well as setting authentication rules for individual users and devices. From authenticating access to filtering traffic, cloud security can be configured to the exact needs of the business
  • 3. Cloud Security Challenges People can attack network hosts and web apps as fast as they can be protected. Cloud administrators should test their environments and have the latest security audits and reports. Take care when adopting new technologies, such as AI and machine learning, which use many data sources
  • 4. Areas of cloud computing that they felt were uniquely troublesome • Auditing A cloud auditor can make an assessment of the security controls in the information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to the security requirements for the system • Data integrity • e-Discovery for legal compliance E-discovery is still reliable for organizing and preserving data for legal compliance, but e-discovery in the cloud and container-based storage complicate governance processes. • Privacy • Recovery • Regulatory compliance Cloud compliance is about complying with the laws and regulations
  • 5. To evaluate your risks Need to perform the following analysis 1.Determine which resources (data, services, or applications) you are planning to move to the cloud. 2.Determine the sensitivity of the resource to risk. Risks that need to be evaluated are loss of privacy, unauthorized access by others, loss of data, and interruptions in availability 3.Determine the risk associated with the particular cloud type for a resource. 4.Take into account the particular cloud service model that you will be using. 5.If you have selected a particular cloud service provider, you need to evaluate its system to understand how data is transferred, where it is stored, and how to move data both in and out of the cloud.
  • 6. Cloud Computing Categories 1. Public cloud services, operated by a public cloud provider software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and platform-as-a-service (PaaS). 2.Private cloud services, operated by a public cloud provider These services provide a computing environment dedicated to one customer, operated by a third party. 3.Private cloud services, operated by internal staff These services are an evolution of the traditional data center, where internal staff operates a virtual environment they control. 4.Hybrid cloud services Private and public cloud computing configurations can be combined, hosting workloads and data based on optimizing factors such as cost, security, operations and access. Operation will involve internal staff, and optionally the public cloud provider.
  • 7. Cloud Security Alliance The security boundary The boundary between the responsibility of the service provider is separate from the responsibility of the customer. The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA’s comprehensive research program works in collaboration with industry, higher education and government on a global basis.
  • 8. The CSA partitions its guidance into a set of operational domains • Governance and enterprise risk management • Legal and electronic discovery • Compliance and audit • Information lifecycle management • Portability and interoperability • Traditional security, business continuity, and disaster recovery • Datacenter operations • Incidence response, notification, and remediation • Application security • Encryption and key management • Identity and access management • Virtualization
  • 10. Security service boundary In the SaaS model, the vendor provides security as part of the Service Level Agreement, with the compliance, governance, and liability levels stipulated under the contract for the entire stack. For the PaaS model, the security boundary may be defined for the vendor to include the software framework and middleware layer. In the PaaS model, the customer would be responsible for the security of the application and UI at the top of the stack. The model with the least built-in security is IaaS, where everything that involves software of any kind is the customer’s problem.
  • 11. Security Responsibilities by Services Models
  • 12. Security mapping The cloud service model you choose determines where in the proposed deployment the variety of security features, compliance auditing, and other requirements must be placed. To determine the particular security mechanisms you need, you must perform a mapping of the particular cloud service model to the particular application you are deploying. These mechanisms must be supported by the various controls that are provided by your service provider, your organization, or a third party. A security control model includes the security that you normally use for your applications, data, management, network, and physical hardware
  • 13. Securing Data Securing data sent to, received from, and stored in the cloud is the single largest security concern that most organizations should have with cloud computing These are the key mechanisms for protecting ❖Access control ❖Auditing ❖ Authentication ❖Authorization data mechanisms
  • 14. Brokered Cloud Storage Access The problem with the data you store in the cloud is that it can be located anywhere in the cloud service provider’s system: In another datacenter, another state or province, and in many cases even in another country. Therefore, to protect your cloud storage assets, you want to find a way to isolate data from direct client access. Brokered Cloud Storage Access is an approach for isolating storage in the cloud. In this approach, two services are created: A broker with full access to storage but no access to client. A proxy with no access to storage but access to both client and broker.
  • 15. Brokered Cloud Storage Access Isolated Access to Data Data stored in cloud can be retrieved from anywhere, hence it should have a mechanism to isolate data and protect it from clients direct access. To isolate storage in the cloud, Brokered Cloud Storage Access is an approach. Following two services are generated in this approach: • A broker with complete access to storage, but no access to client. • A proxy with no access to storage, but access to client and broker both. The broker does not need full access to the cloud storage, but it may be configured to grant READ and QUERY operations, while not allowing APPEND or DELETE. The proxy has a limited trust role, while the broker can run with higher privileges or even as native code.
  • 16. Security mapping Two services are in the direct data path between the client and data stored in the cloud. A broker with complete access to storage, but no access to client. A proxy with no access to storage, but access to client and broker both. Under this system, when a client makes a request for data, here’s what happens: 1. The request goes to the external service interface (or endpoint) of the proxy, which has only a partial trust. 2. The proxy, using its internal interface, forwards the request to the broker. 3. The broker requests the data from the cloud storage system. 4. The storage system returns the results to the broker. 5. The broker returns the results to the proxy. 6. The proxy completes the response by sending the data requested to the client.
  • 17. Working of Brokered Cloud Access System
  • 18. Creation of Storage Zones with Associated Encryption Keys
  • 19. Storage location and Tenancy data stored in the cloud is usually stored from multiple tenants, each vendor has its own unique method for segregating one customer’s data from another. Important to have some understanding of how your specific service provider maintains data segregation. Most cloud service providers store data in an encrypted form. Encryption does present its own set of problems. There is a problem with encrypted data, the result is that the data may not be recoverable
  • 20. Encryption • Strong encryption technology is a core technology for protecting data in transit to and from the cloud as well as data stored in the cloud. • The goal of encrypted cloud storage is to create a virtual private storage system that maintains confidentiality and data integrity while maintaining the benefits of cloud storage: ubiquitous, reliable, shared data storage. • Encryption should separate stored data (data at rest) from data in transit. • Microsoft allows up to five security accounts per client, and you can use these different accounts to create different zones. • On Amazon Web Service, you can create multiple keys and rotate those keys during different sessions. • Keys should have a defined lifecycle. • Among the schemes used to protect keys are the creation of secure key stores that have restricted role-based access, automated key stores backup, and recovery techniques. • It’s a good idea to separate key management from the cloud provider
  • 21. Auditing and compliance Logging is the recording of events into a repository; auditing is the ability to monitor the events to understand performance. Logging and auditing is an important function because it is not only necessary for evaluation performance. Logs should record system, application, and security events, at the very minimum. Cloud service providers often have proprietary log formats that you need to be aware of. Monitoring and analysis tools you use need to be aware of these logs and able to work with them. Cloud services are both multitenant and multisite operations, the logging activity and data for different clients may not only be co-located, they may also be moving across a landscape of different hosts and sites.
  • 22. Compliance under the laws of the governing bodies • Which regulations apply to your use of a particular cloud computing service • Which regulations apply to the cloud service provider and where the demarcation line falls for responsibilities • How your cloud service provider will support your need for information associated with regulation • How to work with the regulator to provide the information necessary regardless of who had the responsibility to collect the data
  • 23. SLAs that enforce for protections • You have contracts reviewed by your legal staff. • You have a right-to-audit clause in your SLA. • You review any third parties who are service providers and assess their impact on security and regulatory compliance. • You understand the scope of the regulations that apply to your cloud computing applications and services. • You consider what steps you must take to comply with the demands of regulations that apply. • You consider adjusting your procedures to comply with regulations. • You collect and maintain the evidence of your compliance with regulations. • You determine whether your cloud service provider can provide an audit statement that is SAS 70 Type II-compliant.
  • 24. Establishing Identity • Managing personal identity information so that access to computer resources, applications, data, and services is controlled properly. • IDaaS is cloud-based authentication built and operated by a third-party provider. • The goal of an Identity Service is to ensure users are who they claim to be, and to give them the right kinds of access to software applications, files, or other resources at the right times • Identity management is a primary mechanism for controlling access to data in the cloud, prevent_x0002_ing unauthorized uses, maintaining user roles, and complying with regulations.
  • 25. Presence • Its purpose is to signal availability for interaction over a network. • It is used on networks to indicate the status of available parties and their location • Presence is an enabling technology for peer-to-peer interaction. • it adds context that can modify services and service delivery • Among the cloud computing services that rely on • presence information are telephony systems such as VoIP, instant messaging services (IM), and geo-location-based systems such as GPS. • Presence is playing an important role in cell phones, particularly smart phones.
  • 26. Identity protocol standards Identity Protocol Standards define how exchange identity information between parties. Many protocols that provide identity services form the basis to create interoperability among services. Commonly used Identity protocol standards: • OpenID • XACML and SAML • OAuth Cloud computing requires the following: • That you establish an identity • That the identity be authenticated • That the authentication be portable • That authentication provide access to cloud
  • 27. OpenID ❖It is the standard associated with creating an identity and authenticate its use by a third-party service. ❖It is the key to creating Single Sign-On (SSO) systems. ❖OpenID doesn’t specify the means for authentication of an identity; a particular system should execute the authentication process. ❖Authentication can be by a Challenge and Response Protocol (CHAP), through smart card, or a biometric measurement. In OpenIDL, the authentication procedure has the following steps: • The end-user uses a program like a browser that is called a user agent to enter an OpenID identifier. • The OpenID is presented to a service that provides access to the resource that is desired. • An entity called a relaying party queries the OpenID identity provider to authenticate the accuracy of the OpenID credentials. • The authentication is sent back to the relaying party from the identity provider and access is either provided or denied.
  • 28. OAuth • An open standard called OAuth provides a token service that can be used to present validated access to resources. • The use of OAuth tokens allows clients to present credentials that contain no account information (userID or password) to a cloud service. • The token comes with a defined period after which it can no longer be used.
  • 29. Windows Azure Identity Standards The Windows Azure Platform uses a claims-based identity based on open authentication and access protocols. These standards may be used without modification on a system that is running in the cloud or on-premises. Windows Azure security draws on the following three services: • Active Directory Federation Services 2.0 It is a Security Token Service (STS) that allows users to authenticate their access to applications both locally and in the cloud with a claims- based identity. • Windows Azure AppFabric Access Control Service Claims-based identity system is built directly into the AppFabric Access Control authentication and claims-based authorization access. • Windows Identity Foundation (WIF) SOAP service (WCF-SOAP) into a unified object model. This allows WIF to have full access to the features of WS-Security and to work with tokens in the SAML format.