Cloud security a major concern.
Many of the tools and techniques that we would use to protect your data, comply with regulations, and maintain the integrity of our systems are complicated by the fact that we are sharing our systems with others and many times outsourcing their operations as well.
Different types of cloud computing service models provide different levels of security services.
Cloud computing has all the vulnerabilities associated with Internet applications, and additional vulnerabilities arise from pooled, virtualized, and outsourced resources.
- we get the least amount of built in security with an Infrastructure as a Service provider, and the most with a Software as a Service provider.
- Data stored in the cloud should be transferred and stored in an encrypted format.
- We can use proxy and brokerage services to separate clients from direct access to shared cloud storage.
- Logging, auditing, and regulatory compliance are all features that require planning in cloud computing
- we can use Identity management to authenticate client requests
- Brokered Cloud storage access
- Brokered Cloud Storage Access is an approach for isolating storage in the cloud. In this approach, two services are created: A broker with full access to storage but no access to client. A proxy with no access to storage but access to both client and broker
- Storage location and tenancy
- Where the cloud data is stored
- use encryption
- Auditing and compliance
- check security measurement such as firewalls, use tire 1 network
- One technique for maintaining security is to have “golden” system image.
- It helps to take a system image off-line and analyze the image for vulnerabilities or compromise.
- Many cloud providers offer a snapshot feature that can create a copy of the client’s entire environment
- A snapshot includes not only machine images, but applications and data, network interfaces, firewalls, and switch access.
- If you feel that a system has been compromised, you can replace that image with a known good version.
Establishing Identity and Presence
- Identities are used to authenticate client requests for services in a distributed network system such as the internet or cloud computing services.
- Identity management is a primary mechanism for controlling access to data in the cloud, preventing unauthorized uses, maintaining user roles, and complying with regulations.
- Presence is the mapping of an authenticated identity to a known location.
- Presence is important in cloud computing because it adds context that can modify services and service delivery.
- Cloud computing requires the following:
- That you establish an identity
- That the identity be authenticated
- That the authentication be portable
- That authentication provide access to cloud resources
- Areas of cloud computing that are identified as troublesome:
- Data integrity
- e-Discovery for legal compliance
- Regulatory compliance
- Risks in any cloud deployment are dependent upon the particular cloud service model chosen and the type of cloud on which you deploy your applications.
- The following analysis needs to be performed in order to evaluate your risks.
- Determine which resources (data, services, or applications) you are planning to move to the cloud.
- Determine the sensitivity of the resource to risk. Risks that need to be evaluated are loss of privacy, unauthorized access by others, loss of data, and interruptions in availability.
- Determine the risk associated with the particular cloud type for a resource.
- Take into account the particular cloud service model that you will be using.
- If you have selected a particular cloud service provider, you need to evaluate its system to understand how data is transferred, where it is stored, and how to move data both in and out of the cloud.
Along with we have following Strategy to analyse security holes:
The Security Boundary:
- Security boundary in cloud computing is defined based on the particular model of cloud computing we use.
- It provides a framework for understanding what security is already built into the system and who has responsibility for a particular security mechanism.
- It defines the boundary between the responsibility of the service provider and the customer.
- The cloud service model you choose determines where in the proposed deployment the variety of security features, compliance auditing, and other requirements must be placed.
- To determine the particular security mechanisms you need, you must perform a mapping of the particular cloud service model to the particular application you are deploying.