42
CLOUD COMPUTING AND SECURITY CLOUD COMPUTING AND SECURITY By By V. Harshith V. Harshith

Cloud Computing.ppt

Embed Size (px)

DESCRIPTION

Cloud

Citation preview

Page 1: Cloud Computing.ppt

CLOUD COMPUTING AND SECURITYCLOUD COMPUTING AND SECURITYBy By

V. HarshithV. Harshith

CLOUD COMPUTING AND SECURITYCLOUD COMPUTING AND SECURITYBy By

V. HarshithV. Harshith

Page 2: Cloud Computing.ppt

• Location independent computing

• Shared servers resources, software, and data

• Elasticity (Use of computer resources Dynamically)

• Cost reduction

• Natural evolution of Cloud:– Virtualization

– Service-Oriented Architecture

– Utility computing

• Details are abstracted from consumers

Cloud ComputingCloud ComputingA Game Changing TechnologyA Game Changing Technology

Cloud ComputingCloud ComputingA Game Changing TechnologyA Game Changing Technology

Page 3: Cloud Computing.ppt

Computing ParadigmsComputing ParadigmsComputing ParadigmsComputing Paradigms• Distributed Computing

– Cluster Computing

– Grid Computing

• Parallel Computing

– Super Computing

• Ubiquitous Computing

• Pervasive Computing

• Mobile Computing

• Utility Computing

• Soft Computing

• Cloud Computing

Page 4: Cloud Computing.ppt

CLOUD COMPUTINGCLOUD COMPUTINGCLOUD COMPUTINGCLOUD COMPUTING

CLOUD COMPUTINGCLOUD COMPUTING CLOUD COMPUTINGCLOUD COMPUTING

Page 5: Cloud Computing.ppt

Cloud computing is a synonym for distributed computing

. Cloud computing is an Internet-based

computing, whereby shared resources,

software and information are provided to

computers and other devices on-demand.

Page 6: Cloud Computing.ppt

• Users simply rent or access the software.

• Paying only for what they use.

• Everything Old Becomes New Again

Page 7: Cloud Computing.ppt
Page 8: Cloud Computing.ppt
Page 9: Cloud Computing.ppt

CharacteristicsCharacteristics

Cloud computing has a variety of characteristics

ON DEMAND SELF SERVICES.

Shared Infrastructure:

Enabling the sharing of physical services,

storage, and networking capabilities.

Dynamic Provisioning:

Based on current demand requirements

levels of reliability and security

Page 10: Cloud Computing.ppt

• Network Access:

Access the internet from a broad range of

devices such as PCs, laptops, and mobile

devices, using standards-based APIs.

Managed Metering:

Managing and optimizing the service and to

provide reporting and billing information.

Page 11: Cloud Computing.ppt

CLOUD SERVICE MODELSCLOUD SERVICE MODELS

Page 12: Cloud Computing.ppt
Page 13: Cloud Computing.ppt

SaaS ExamplesSaaS ExamplesSaaS ExamplesSaaS Examples• Email , photo sharing , Calendars and contactso Google Apps, Flickro BitTorrent

• Document sharingAmazon EC2

• Elastic Cloud Computing • virtual servers for rent• called Amazon Machine Images (AMIs)• priced on per hour from $1 to $2

• Gov-Apps, Internet Services

• Blogging/Surveys/Twitter, Social Networking

• Information/Knowledge Sharing (Wiki)

• Communication (e-mail), Collaboration (e-meeting)

• Productivity Tools (office)

• Enterprise Resource Planning (ERP)

Page 14: Cloud Computing.ppt

PaaS PaaS PaaS PaaS •Application Development, Data, Workflow, etc.

•Security Services (Single Sign-On, Authentication, etc.)

•Database Management

•Directory Services

•Networks, Security, Mainframes, Servers, Storage

•Telecom Carrier Services

•IT Facilities/Hosting Services

Page 15: Cloud Computing.ppt
Page 16: Cloud Computing.ppt

Types of CloudsTypes of CloudsTypes of CloudsTypes of Clouds

•Public Cloud•Private Cloud•Hybrid Cloud

•Public Cloud•Private Cloud•Hybrid Cloud

Page 17: Cloud Computing.ppt

Why Do We Need The Cloud ?Why Do We Need The Cloud ?Why Do We Need The Cloud ?Why Do We Need The Cloud ?

• Increased accessibility

• Decreased operating expenses

• Elimination of upfront costs

• Immediate upgrades

• Lower outages

Page 18: Cloud Computing.ppt

Cloud Computing service providers predicts the

business will grow above 150 billion dollars by

end of 2013. Below is a partial list of companies

that provide cloud computing services.

• Cloud service providers can be considered

similar to silent business partners.

• Amazon • Citrix • cohensiveFT • Flexscale

• Google • IBM • Icloud • Joyent • Microsoft

• Mozyhome • Nivanix • Rackspace

• Salesforce.com • Sun • VMware • 3tera

Page 19: Cloud Computing.ppt

BenefitsBenefitsBenefitsBenefits• Cost Savings

• Scalability/Flexibility

• Reliability

• Maintenance

• Mobile Accessible

Page 20: Cloud Computing.ppt

What cloud gives us, generallyWhat cloud gives us, generallyWhat cloud gives us, generallyWhat cloud gives us, generally

• low initial capital investment

• shorter start-up time for new services

• lower maintenance and operation costs

• higher utilization through virtualization

• easier disaster recovery

Page 21: Cloud Computing.ppt

Companies are still afraid to use cloudsCompanies are still afraid to use cloudsCompanies are still afraid to use cloudsCompanies are still afraid to use clouds

The Major Issue is SecurityThe Major Issue is Security

Page 22: Cloud Computing.ppt

Cloud SecurityCloud SecurityCloud SecurityCloud Security

• Mobility is a basic need and essential for economic

development.

• To move critical applications and sensitive data to

public and shared cloud environments via Internet.

• Security is one of the most difficult task to

implement in cloud computing.

Page 23: Cloud Computing.ppt

Where is the Data ?Where is the Data ?Where is the Data ?Where is the Data ?

• Different countries have different requirements

and controls placed on access.

• As your data is in the cloud, you may not realize

that the data must reside in a physical location.

• Your cloud provider should agree in writing to

provide the level of security required for its

customers.

Page 24: Cloud Computing.ppt

Who has Access ?Who has Access ?Who has Access ?Who has Access ?

• Access control is a key concern as insider attacks

are a huge risk. Insider attacks are a huge concern

as a potential hacker is someone who has been

entrusted with approved access to the cloud.

• Anyone considering using the cloud needs to look

at who is managing their data and what types of

controls are applied to these individuals.

Page 25: Cloud Computing.ppt

What are the regulatory requirements ?What are the regulatory requirements ?What are the regulatory requirements ?What are the regulatory requirements ?

• Organizations operating in the US, Canada, or the

European Union have many regulatory

requirements that they must abide by (e.g., ISO

27002, Safe Harbor, ITIL, and COBIT).

• We must ensure that the cloud provider is able to

meet these requirements and is willing to undergo

certification, accreditation, and review.

Page 26: Cloud Computing.ppt

Do you have the right to audit?Do you have the right to audit?Do you have the right to audit?Do you have the right to audit?

• This particular item is no small matter in that the

cloud provider should agree in writing to the

terms of audit.

• With Cloud Computing maintaining compliance

will become more difficult to achieve and even

harder to demonstrate to auditors and assessors.

Page 27: Cloud Computing.ppt

What type of training does the provider offer their What type of training does the provider offer their employees?employees?

What type of training does the provider offer their What type of training does the provider offer their employees?employees?

• This is actually a rather important item in that

people will always be the weakest link in security.

Knowing how your provider trains their employees

is an important issue to review.

Page 28: Cloud Computing.ppt

What type of data classification doesWhat type of data classification doesthe provider use?the provider use?

What type of data classification doesWhat type of data classification doesthe provider use?the provider use?

• How is your data separated from other users?

• Encryption should also be discussed. Is it being

used while the data is at rest and in transit?

• You will also want to know what type of encryption

is being used.

• As an example, there is a big difference between

WEP and WPA2. (WiFi Protected Access-II)

Page 29: Cloud Computing.ppt

What is in the SLA?What is in the SLA?What is in the SLA?What is in the SLA?

• The SLA (Service Level Agreement) serves as a

contracted level of guaranteed service between

the cloud provider and the customer that

specifies what level of services will be provided.

Page 30: Cloud Computing.ppt

What is the long term viability of the provider?What is the long term viability of the provider?What is the long term viability of the provider?What is the long term viability of the provider?

• How long has the cloud provider been in business

and what is their track record. If they go out of

business, what , happens to your data? Will your

data be returned, and if so, what format?

Page 31: Cloud Computing.ppt

What happens if there is a security breach?What happens if there is a security breach?What happens if there is a security breach?What happens if there is a security breach?

• If a security incident occurs, what support the

customer receive from the cloud provider?

• While many providers promote their services as

being un-hackable, cloud based services are an

attractive target to hackers.

Page 32: Cloud Computing.ppt

Critical Threats of Cloud Security Critical Threats of Cloud Security Critical Threats of Cloud Security Critical Threats of Cloud Security

• Account Hijacking

• Denial of Service (DoS)

• Data Loss

• Insecure APIs

• Data Breaches

• Malicious Insiders

• Abuse of Cloud Services

• Shared Technology Issues

Page 33: Cloud Computing.ppt

Security AttributesSecurity AttributesSecurity AttributesSecurity Attributes

• Confidentiality

• Integrity

• Authentication

• Non-Repudiation

• Availability

Page 34: Cloud Computing.ppt

Cloud Computing AttacksCloud Computing AttacksCloud Computing AttacksCloud Computing Attacks

Page 35: Cloud Computing.ppt

Account HijackingAccount HijackingAccount HijackingAccount Hijacking

• Authentication Attacks

• Authentication plays a critical role in the security of

web applications.

• When a user provides his login name and password

to authenticate and prove his identity, the application

assigns the user specific privileges to the system,

based on the identity established by the supplied

credentials.

Page 36: Cloud Computing.ppt

Denial of Service (DoS)Denial of Service (DoS)Denial of Service (DoS)Denial of Service (DoS)

• Main aim to stop the victim’s machine from doing

it’s required job

• Server unable to provide service to legitimate

clients

Damage done varies from minor inconvenience to

major financial losses

Page 37: Cloud Computing.ppt

Man in the Middle Attack (MitM)Man in the Middle Attack (MitM)Man in the Middle Attack (MitM)Man in the Middle Attack (MitM)

• A man in the middle attack is one in which the attacker

intercepts messages in a public key exchange and

then retransmits them, substituting his own public key

for the requested one, so that the two original parties

still appear to be communicating with each other.

Page 38: Cloud Computing.ppt

Side Channel AttackSide Channel AttackSide Channel AttackSide Channel Attack

• Information leakage from implementation

• Attacker Try to Scan Channel loops.

Page 39: Cloud Computing.ppt

• Everything must have a beginning, to speak in

Sanchean phrase; and that beginning must be

linked to something that went before. Hindus

gives the world an elephant to support it, but they

make the elephant stand upon a tortoise.

• Invention , it must be humbly admitted, does not

consist in creating out of void, but of chaos; the

material must, in the first place, be afforded …

Page 40: Cloud Computing.ppt

Common cloud names and ShapesCommon cloud names and ShapesCommon cloud names and ShapesCommon cloud names and Shapes

Page 41: Cloud Computing.ppt

Cloud typesCloud typesCloud typesCloud types

Page 42: Cloud Computing.ppt

Thank You Thank You Thank You Thank You