PDF | The cloud computing exhibits, remarkable potential to provide cost effective , easy to manage, elastic, and powerful resources on the fly, over the Internet. PDF | Cloud computing has become one of the most interesting topics in the IT Security issues is one of the biggest concerns that has been. Security Analysis of Cloud Computing Enterprise. LAN. Cloud Computing Model. Internet. Cloud. Provider. Remote User NY Times available in pdf over the.
|Language:||English, Spanish, Japanese|
|Distribution:||Free* [*Register to download]|
problems of information policy, including issues of privacy, security, reliability, Key words: cloud computing, security risks, IT security, cloud models, services. and their colleagues to delay their move to cloud: Is cloud computing secure? cloud security, we hope this book will help to ensure your cloud computing. Research Paper for Telecommunications Management. Cloud Computing Security. David Munyaka. Burman Noviansyah. Vibhor Goel. Andrew Yenchik.
In order to conserve resources, cut costs, and maintain efficiency, cloud service providers often store more than one customer's data on the same server. As a result, there is a chance that one user's private data can be viewed by other users possibly even competitors. To handle such sensitive situations, cloud service providers should ensure proper data isolation and logical storage segregation. This introduces an additional layer — virtualization — that itself must be properly configured, managed and secured.
While these concerns are largely theoretical, they do exist.
Cloud security controls[ edit ] Cloud security architecture is effective only if the correct defensive implementations are in place.
An efficient cloud security architecture should recognize the issues that will arise with security management. These controls are put in place to safeguard any weaknesses in the system and reduce the effect of an attack. While there are many types of controls behind a cloud security architecture, they can usually be found in one of the following categories:  Deterrent controls These controls are intended to reduce attacks on a cloud system.
Much like a warning sign on a fence or a property, deterrent controls typically reduce the threat level by informing potential attackers that there will be adverse consequences for them if they proceed.
Some consider them a subset of preventive controls. Preventive controls Preventive controls strengthen the system against incidents, generally by reducing if not actually eliminating vulnerabilities. Strong authentication of cloud users, for instance, makes it less likely that unauthorized users can access cloud systems, and more likely that cloud users are positively identified. Detective controls Detective controls are intended to detect and react appropriately to any incidents that occur.
In the event of an attack, a detective control will signal the preventative or corrective controls to address the issue. Corrective controls Corrective controls reduce the consequences of an incident, normally by limiting the damage. They come into effect during or after an incident. Restoring system backups in order to rebuild a compromised system is an example of a corrective control. Dimensions of cloud security[ edit ] It is generally recommended that information security controls be selected and implemented according and in proportion to the risks, typically by assessing the threats, vulnerabilities and impacts.
Cloud security concerns can be grouped in various ways; Gartner named seven  while the Cloud Security Alliance identified twelve areas of concern.
Cloud providers either integrate the customer's identity management system into their own infrastructure, using federation or SSO technology, or a biometric-based identification system,  or provide an identity management system of their own.
It links the confidential information of the users to their biometrics and stores it in an encrypted fashion.
Making use of a searchable encryption technique, biometric identification is performed in encrypted domain to make sure that the cloud provider or potential attackers do not gain access to any sensitive data or even the contents of the individual queries.
This is normally achieved by serving cloud applications from 'world-class' i. Personnel security Various information security concerns relating to the IT and other professionals associated with cloud services are typically handled through pre-, para- and post-employment activities such as security screening potential recruits, security awareness and training programs, proactive.
Privacy Providers ensure that all critical data credit card numbers, for example are masked or encrypted and that only authorized users have access to data in its entirety. Moreover, digital identities and credentials must be protected as should any data that the provider collects or produces about customer activity in the cloud.
Cloud Vulnerability and Penetration Testing[ edit ] Scanning could from outside and inside using free or commercial products is very important because without a hardened environment your service is considered as a soft target. Virtual servers should be hardened like a physical server against data leakage , malware, and exploited vulnerabilities.
Since the cloud is a shared environment with other tenants following penetration testing rules of engagement step-by-step is a mandatory requirement. Violation of acceptable use policy which can lead to termination of the service. Data security[ edit ] A number of security threats are associated with cloud data services: not only traditional security threats, such as network eavesdropping, illegal invasion, and denial of service attacks, but also specific cloud computing threats, such as side channel attacks, virtualization vulnerabilities, and abuse of cloud services.
The following security requirements limit the threats. Outsourced data is stored in a cloud and out of the owners' direct control. Does the Service Level Agreement SLA guarantee that the vendor will provide adequate system availability and quality of service, using their robust system architecture and business processes?
Availability may be affected by technical issues such as computer and network performance and latency, hardware failures and faulty vendor software. Availability may also be affected by deliberate attacks such as denial of service attacks against me or other customers of the vendor that still affects me.
Finally, availability may also be affected by configuration mistakes made by the vendor including those resulting from poor software version control and poor change management processes. Impact of outages. Can I tolerate the maximum possible downtime of the SLA? Are the scheduled outage windows acceptable both in duration and time of day, or will scheduled outages interfere with my critical business processes? Typical SLAs that guarantee SLA inclusion of scheduled outages. Does the SLA guaranteed availability percentage include scheduled outages?
If not, the vendor may have numerous long scheduled outages, including emergency scheduled outages with little or no notice to customers, that do not result in a breach of the SLA. Vendors with distributed and redundant computing and network infrastructure enable scheduled maintenance to be applied in batches while customers are seamlessly transitioned to computing and network infrastructure that is still available and not part of the outage.
SLA compensation. Does the SLA adequately reflect the actual damage caused by a breach of the SLA such as unscheduled downtime or data loss? For example, most generic SLAs designed for the consumer mass market typically involve inadequate compensation such as a few hours of free service, or a credit, partial refund or other small discount on the monthly bill. This example also highlighted deficiencies in staff training, business processes and backup implementation.
Data integrity and availability. How does the vendor implement mechanisms such as redundancy and offsite backups to prevent corruption or loss of my data, and guarantee both the integrity and the availability of my data? For example, in February a major vendor of email Software as a Service began deploying a software update that unexpectedly deleted all of the email belonging to tens of thousands of customers.
Data restoration. If I accidentally delete a file, email or other data, how much time does it take for my data to be partially or fully restored from backup, and is the maximum acceptable time captured in the SLA?
Changing vendor. If I want to move my data to my organisation or to a different vendor, or if the vendor suddenly becomes bankrupt or otherwise quits the cloud business, how do I get access to my data in a vendor-neutral format to avoid vendor lock-in?
How cooperative will the vendor be? For Platform as a Service, which standards does the vendor use that facilitate portability and interoperability to easily move my application to a different vendor or to my organisation? Protecting data from unauthorised access by a third party Answers to the following questions can reveal mitigations to help manage the risk of unauthorised access to data by a third party: Choice of cloud deployment model.
Am I considering using a potentially less secure public cloud, a potentially more secure hybrid cloud or community cloud, or a potentially most secure private cloud? Sensitivity of my data. Is my data to be stored or processed in the cloud classified, sensitive, private, or data that is publicly available such as information from my public web site?
Does the aggregation of my data make it more sensitive than any individual piece of data? For example, the sensitivity may increase if storing a significant amount of data, or storing a variety of data that if compromised would facilitate identity theft.
If there is a data compromise, could I demonstrate my due diligence to senior management, government officials and the public? Legislative obligations.
What obligations do I have to protect and manage my data under various legislation, for example the Privacy Act, the Archives Act, as well as other legislation specific to the type of data? Will the vendor contractually accept adhering to these obligations to help me ensure that the obligations are met to the satisfaction of the Australian Government? Countries with access to my data. In which countries is my data stored, backed up and processed? Which foreign countries does my data transit? In which countries is the failover or redundant data centres?
Will the vendor notify me if the answers to these questions change? Data stored in, processed in, or transiting foreign countries may be subject to their laws.
Such laws range from Freedom of Information requests by members of the public, through to government lawful access mechanisms.
Data encryption technologies. Is the encryption deemed strong enough to protect my data for the duration of time that my data is sensitive? For example, cloud computing processing power has already been used to significantly reduce the time and cost of using brute force techniques to crack and recover relatively weak passwords either stored as SHA1 hashes or used as Wi-Fi Protected Access WPA pre-shared keys. Media sanitisation. What processes are used to sanitise the storage media storing my data at its end of life, and are the processes deemed appropriate by the ISM?
Does the vendor monitor, administer or manage the computers that store or process my data? If yes, is this performed remotely from foreign countries or from Australia? My monitoring and management. Can I use my existing tools for integrity checking, compliance checking, security monitoring and network management, to obtain visibility of all my systems regardless of whether these systems are located locally or in the cloud?
Do I have to learn to use additional tools provided by the vendor? Does the vendor even provide such a mechanism for me to perform monitoring? Data ownership. Do I retain legal ownership of my data, or does it belong to the vendor and may be considered an asset for sale by liquidators if the vendor declares bankruptcy? Gateway technologies.
What technologies does the vendor use to create a secure gateway environment?
Examples include firewalls, traffic flow filters, content filters, antivirus software and data diodes where appropriate. Gateway certification. Email content filtering. If there is a justifiable reason why auditing is not possible, which reputable third party has performed audits and other vulnerability assessments? What sort of internal audits does the vendor perform, and which compliance standards and other recommended practices from organisations such as the Cloud Security Alliance are used for these assessments?
Can I thoroughly review a copy of recent resulting reports? User authentication. What identity and access management systems does the vendor support for users to log in to use Software as a Service? Does the vendor use physical security products and devices that are endorsed by the Australian Government?
For example, several major vendors in Australia advertise using data centres accredited by the Australian Security Intelligence Organisation T4 Protective Security Section.
Software and hardware procurement. What procurement process is used to ensure that cloud infrastructure software and hardware has been supplied by a legitimate source and has not been maliciously modified in transit? For Infrastructure as a Service, the virtualisation software used to share hardware and provide each customer with their own operating system environment was typically not originally designed to provide segregation for security purposes.
However, the developers of such virtualisation software are increasingly focusing their efforts on making their software more suitable for this purpose.
What controls are in place to detect and prevent a tenant exploiting a publicly unknown or unpatched vulnerability in a hypervisor? For Software as a Service, the logical separation between customers is usually less well defined, and in some cases the separation mechanism may be retrofitted to an existing software application such as email server or database software.
Weakening my security posture. Would the vendor advertise me as one of their customers without my explicit consent, thereby assisting an adversary that is specifically targeting me? Dedicated servers. Do I have some control over which physical computer runs my virtual machines?
Can I pay extra to ensure that no other customer can use the same physical computer as me e. When I delete portions of my data, what processes are used to sanitise the storage media before it is made available to another customer, and are the processes deemed appropriate by the ISM?
Protecting data from unauthorised access by rogue vendor employees Answers to the following questions can reveal mitigations to help manage the risk of unauthorised access to data by rogue vendor employees: Data encryption key management. Does the vendor know the password or key used to decrypt my data, or do I encrypt and decrypt the data on my computer so the vendor only ever has encrypted data?
What personnel employment checks and vetting processes does the vendor perform to ensure that employees are trustworthy? Examples include thorough police background checks, as well as citizenship checks, security clearances and psychological assessments especially for employees with administrative privileges or other access to customer data.
For example, in September a major vendor acknowledged sacking an employee for allegedly deliberately violating the privacy of users by inappropriately reading their electronic communications during a timeframe of several months. Visitors to data centre. Are visitors to data centres escorted at all times, and is the name and other personal details of every visitor verified and recorded? Is the vendor readily contactable and responsive to requests for support, and is the maximum acceptable response time captured in the SLA or simply a marketing claim that the vendor will try their best?
Is the support provided locally, or from a foreign country, or from several foreign countries using an approach that follows the sun? Does the vendor have a security incident response plan that specifies how to detect and respond to security incidents, in a way that is similar to incident handling procedures detailed in the ISM?
Can I thoroughly review a copy? Notification of security incidents. Will the vendor notify me via secure communications of security incidents that are more serious than an agreed threshold, especially in cases where the vendor might be liable?
Will the vendor automatically notify law enforcement or other authorities, who may confiscate computing equipment used to store or process my data? Extent of vendor support. How much assistance will the vendor provide me with investigations if there is a security breach such as an unauthorised disclosure of my data, or if there is a need to perform legal electronic discovery of evidence?
My access to logs. How do I obtain access to time synchronised audit logs and other logs to perform a forensic investigation, and how are the logs created and stored to be suitable evidence for a court of law? Security incident compensation. Data spills. If data that I consider is too sensitive to be stored in the cloud is accidentally placed into the cloud, referred to as a data spill, how can the spilled data be deleted using forensic sanitisation techniques?
Is the relevant portion of physical storage media zeroed whenever data is deleted? If not, how long does it take for deleted data to be overwritten by customers as part of normal operation, noting that clouds typically have significant spare unused storage capacity?