Cloud ComputingHow secure is it?

Author:Marziyeh Arabnejad

Revised/Edited:James Childress

April 2014

Tandy School of Computer Science

Outline

• Introduction

• Cloud diagram

• Types of Clouds

• Benefits of Clouds

• Security Issues of the Cloud

• Cloud data center Security

• Cloud security control

• Can cloud computing be secure?

Introduction

• Cloud Computing is an extreme form of outsourcing delivering hosted services via the internet. • The Cloud acts as a virtual server that users can

access via the internet on an as needed basis.• Cloud Computing includes any subscription-based

or pay-per-use service extending IT capabilities and allowing users to access stored information remotely.

Cloud diagram

Types of Clouds

• Public cloudSells services to anyone on the internet

o Currently Amazon Web Services is the largest public cloud provider

• Private cloud A proprietary network or a data center that supplies

hosted services to a limited number of people

Public Cloud VS Private Cloud

Benefits of Cloud Computing

• Reduced costs

Provider saves money due to economies of scale

Resources are contracted and the cost is predictable, simplifies budgeting

• Safer data

High level of physical protection

Cloud providers use redundancy

Anytime/Anywhere data access

Give the customers contract access requirements

• Increased storage capacity

Easy to upgrade when needed

• Worry-free maintenance

Always have the latest and most security technology

Security Issues of Cloud Computing

• Location Where the data is actually stored

• Data segregationHow vendors keep a certain degree of separation

between one customers data and another's

• RecoverabilityHow quickly and effectively can information be

recovered after a large disaster

• HackingThis is the most daunting issue for most users, what if

someone hacks into my information and shares it with the world?

Security in Cloud Data Centers

• The data center you choose should offer some protection measures:

Physical Security

Logical Security

Physical Security

• Redundant power supplies Backup power supplies needed

• Redundant Internet connections Several internet connections should run in the same time

• Redundant hardware Multiple hard drives should be prepared

• Fire and flood Data should be replicated in multiple locations

• Theft Servers should not be easily accessible

Logical Security

• Logical Security covers the software side of the data centero Firewalls

Act as an electronic barrier between the data center & internet

o Anti-virus detection software Detect and remove any viruses

o Data encryption software Encrypts data as travels between firm and data center

o Administrative controls Govern access to application and data

o Security audits Conduct regular third party intrusion detection audit

Cloud security controls

• Deterrent controlsHoneypot/net used to attract and monitor hackers.Tracking users

• Preventative controlsImplement Best practices:

Install OS and Application updates regularlyPhysical security, CCTV, logging, automated alerts, etc

Firewalls, encryption, multi-level authentication

Cloud security controls

• Corrective controlsDisabling compromised open ports IP and MAC filtering

• Detective controlsSnortTripwireLogging and alert systems

Can cloud computing be secure?

Summary: ways to reduce risk and protect dataLogging all network and system activity

Automated alerts when baseline parameters are outside the accepted range

Deploy IDS tools like Tripwire & Snort

Implement and maintain an effective network firewall

Implement a sophisticated access control model like RBAC (Role Based Access Controls)

Implement best practices for updates to the OS and all other applications

Can cloud computing be secure?

Summary: ways to reduce risk and protect dataDisable/decommission outdated, unused software and

hardware

Security awareness Training for employees: helpdesk staff, SAs, management, support staff, contractors, consultants, etc.

Require an AUP for all system users before granting access

Provide an SLA to all customers describing security expectations.

Backup & Restore capability

Question?