This document discusses mitigations for ensuring confidentiality, integrity and availability of data stored on cloud providers. It outlines issues such as data theft, privacy concerns and data loss that can impact both cloud providers and end users. Mitigation strategies for cloud providers include data encryption, access controls, backups and disaster recovery plans. For end users, mitigations involve access controls, regulatory compliance, data location policies and recovery options. The document provides examples of cloud services like Dropbox and Google Drive and analyzes security solutions and best practices for protecting data in the cloud.
2. Topic Name and details
Mitigations to ensure the confidentiality, integrity and
availability of the data stored on these providers? Discuss
mitigations for both the cloud providers and also the end
users.
Vaishal Shah(30129756)
Kawalpreet Kaur(30116373)
Vidit Darji(30309034)
Gagandeep Kaur(30129485)
2
3. Introduction of Cloud Providers
It is a firm which delivers cloud computing that relies
on services and solution to individuals and business. It
is also known as utility computing provider.
Based on the business model. There are many
solutions
Infrastructure as a Service(IAAS)
Software as service(SAAS)
Platform as service(PAAS)
3
4. What is Confidentiality, integrity,
availability
is also known as CIA triad
structure made to guide policies for information
security within an organization.
Are considered to be crucial elements components of
society.
4
5. Confidentiality, integrity,
availability
Confidentiality is a set of rules or procedures that
restricts the boundary to use or access to information.
Integrity is the assurance that the information
gathered is trustworthy and reliable.
Availability is a guarantee of accurate access to the
information by authorized people.
5
6. Dropbox, Google docs
Dropbox is a cloud storage service, sometimes
referred to as an online backup service, that is
frequently used for file sharing and collaboration. It is
increasingly being used in enterprises.
This service is as a warehouse used by government
organizations, banks, post offices, video stores and
libraries to allow people to drop items.
6
9. Problems or Issues related to ensure Confidentiality,
Availability, Integrity by cloud providers
Malicious behaviour of insiders.
Incomplete or insecure data completion.
Management interface vulnerability.
9
10. Issues contd.
Loss of Governance.
Isolation of failure.
Compliance and legal risks.
10
11. Mitigations to ensure confidentiality, integrity and
availability of cloud providers
The cloud is still new so
the push for effective
controls over the
protection of information
in the cloud is also
nascent. But every
problem comes with a
solution so there are
fewer security solutions
for the cloud providers
than there are for securing
physical devices in a
traditional infrastructure.
CIA Triad
11
12. Confidentiality
Data encryption
User IDs and passwords
Biometric verification and security tokens, key fobs
and soft tokens.
Data confidentiality may involve special training for
those privy to such documents
Storing Information only on air gapped computers,
disconnected storage devices or, for highly sensitive
information, in hard copy form only
12
13. Integrity
Maintaining consistency, accuracy and trustworthiness
Ensuring data from unauthorized access
EMP(electromagnetic pulse) or server crash.
Some data might include checksums,
even cryptographic checksums for verification of
integrity.
Back ups or redundancies must be available to restore
the affected data to its correct state.
13
14. Availability
Maintaining all hardware, performing hardware
repairs
Providing adequate communication bandwidth
Preventing occurrence of bottlenecks
Back up copy must be stored in a geographically
isolated location
Use of firewalls and proxy servers
Fast and adaptive disaster recovery
14
15. Mitigations Cont..
Cloud Access Security Brokers(CASBs) : Niche
market has been trying to reduce the severity of
information shared on cloud providers so this market
came up with Cloud Access Security
Brokers(CASBs) defined as a strategy to mitigate this
problem.
Context Awareness also allows the CASB providers to
employ heuristic analysis on Cloud bound traffic, to do
some form of anomaly detection to identify malicious
or erroneous traffic. This is an area that they are all
investing heavily in today.
15
16. Problems for cloud providers
Data integrity
Data theft
Privacy issue
Data loss
Data location
16
17. Data integrity
User can access the data from any where
Lack of data integrity in cloud
Data Theft
Cost affective and flexible for operation
High possibility of data stolen from other user
17
18. ssue
Make sure that customer’s private information secure
Keep watching who is access the data
Data Loss
Due to financial problem when vendor closes,
customer will loss data
Customer can not be able to access the data because
vendor shut down
18
19. Data location
Anyone don’t know the location of data
Vendor not reveal the location of data
19
20. Mitigation of cloud providers
Identify the assets
Analyze the risk
Apple security countermeasure
Conduct post-run
20
21. Problems faced by users of cloud
services
Privacy
Security
Data breaches
Data protection
21
22. Mitigations for users of cloud services
• Privileged user Access
• Regulatory Compliance
• Data Location
• Demonstrable customer care
22
CASBs are either on-premise, or cloud-based (or both) security policy enforcement points. Placed between your end users and the various cloud service providers, they can inspect traffic, manage and enforce policy, alert on anomalous behavior, and in most cases provide some level of DLP enforcement. These Cloud Access Security Brokers can identify individuals' access into Cloud Service Providers that are affiliated with the broker. Currently these number in the hundreds if not thousands. For “Sanctioned” Cloud Applications (those services for which your enterprise has procured directly) end user access can be strictly enforced by context:Who you are (Role based access)
Where you are coming from (corporate network, public Internet, Wi-Fi, geographic region)
What device you are using (Corporate laptop, Home PC, Tablet or phone)
What time of day you're working (Are you authorized to work during this time?)