Upload
nithin-raj
View
89
Download
0
Embed Size (px)
Citation preview
CLOUD SECURITY
Nithin RajRahul N
Cloud Computing
• Internet-based computing that provides shared processing resources and data to computers and other devices on demand.• Provide users and enterprises with various capabilities to store and
process their data in third-party data-centers.• Availability of high-capacity networks, low-cost computers and
storage devices and hardware virtualization have led to a growth in cloud computing.• Advantages are high computing power, cheap cost of services, high
performance, scalability, accessibility and availability.
Service Models
• Infrastructure as a service (IaaS)• Platform as a service (PaaS)• Software as a service (SaaS)
Deployment models
• Private cloud• Public cloud• Hybrid cloud
Cloud Security
• It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing.• Security issues fall into two categories : security issues faced by cloud
providers and security issues faced by their customers
Cloud Computing Threats
• Loss of governance : In a public cloud deployment, customers cede control to the cloud provider over a number of issues that may affect security.• Responsibility ambiguity : Responsibility over aspects of security may
be split between the provider and the customer.• Authentication and Authorization : Accessing cloud resources from
anywhere heightens the need for better authentication.• Isolation failure : It covers the failure of mechanisms separating the
usage of storage, memory, routing and even reputation between tenants.
• Compliance and legal risks : The cloud customer’s interest may be lost if the cloud provider cannot provide evidence of their own compliance with the relevant requirements.• Handling of security incidents : If detection, reporting and subsequent
management of security breaches is not done, it may have impact on customer.• Data protection : Exposure or release of sensitive data as well as the
loss or unavailability of data.• Business failure of the provider : Lead to unavailability of data and
application of customer over an extended period.• Service unavailability : This could be caused by hardware, software or
communication network failures. • Insecure or incomplete data deletion : The termination of a contract
with a provider may not result in deletion of the customer’s data.
Cloud Computing Security • Ensure effective governance, risk and compliance processes exist • Verify that agreement between the customer and the provider, along with
associated documents, contain all their requirements(i.e, applications and data hosted are secured).• Cloud service providers should notify about the occurrence of any breach of
their system, regardless of the parties or data directly impacted.• Servers hosting customer data may be located in multiple data centers within
different jurisdictions. This influences the protection of personally identifiable information (PII) and legal and jurisdictional authority access to this data.
• Audit operational & business processes• Customers should expect to see a report of the cloud provider's operations by
independent auditors.• Auditors may be employed by the customer or by the provider - but the key
element is that they should be independent.• Audits should be carried out by appropriately skilled staff typically belonging
to an independent auditing organization.
• Manage people, roles and identities• Two sets of people : employees of the provider – access to the customer’s
data and applications, and employees of the customer - perform operations on the provider’s systems.• Cloud providers must allow the customer to assign and manage the roles and
associated levels of authorization for each of their users in accordance with their security policies.
• Ensure proper protection of data and information • Data Confidentiality : Outsourced data is stored in a cloud and out of the
owners' direct control. Only authorized users can access the sensitive data while others.• Data Access Controllability : Legal users can be authorized by the owner to
access the data, while others can not access it without permissions.• Data Integrity : Data should not be illegally tampered, improperly modified,
deliberately deleted, or maliciously fabricated. If so, the owner should be able to detect the corruption or loss.
• Ensure cloud networks and connections are secure • Provide tools to protect clients from one another, such as VPN, firewall,
hypervisor.• Monitor for intrusion attempts using activity auditing and logging.
• Understand the security requirements of the exit process • The provider must ensure that any copies of the data are permanently erased
from its environment, wherever they may have been stored.• The exit process must allow the customer to retrieve their data in a suitably
secure form, backups must be retained for agreed periods before being eliminated
Thank You