soundofheaven.info Science CLOUD SECURITY AND PRIVACY PDF

Cloud security and privacy pdf

Sunday, April 14, 2019 admin Comments(0)

economic, service quality, interoperability, security and privacy issues still . cloud adoption as it relates to traditional network and information security practices. Regarding security and privacy, a finding was reported by IDC based on a study CIOs on cloud computing, in which 75% of respondents listed security as. You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many.


Author: LEOMA HUDDLE
Language: English, Spanish, Indonesian
Country: Iran
Genre: Art
Pages: 359
Published (Last): 07.02.2016
ISBN: 150-2-69263-592-9
ePub File Size: 21.79 MB
PDF File Size: 9.77 MB
Distribution: Free* [*Regsitration Required]
Downloads: 39642
Uploaded by: KEIKO

Cloud Security and Privacy provides a guide to assist those who are Cloud Security and Privacy is a book for everyone who is interested in. 年1月9日 PDF | On Jan 1, , Tim Mather and others published Cloud Security and Privacy: An Enterprise Perspective on Risks andCompliance. PDF | Cloud computing allows organizations to deliver better and In this paper we have developed a cloud security and privacy taxonomy.

The Cloud Security Issues is a summary of their work. B- Threats o Data segregation: In case of privacy infringement due to providers fault the confusion still exist on who will take the responsibility and will compensate to the affected people. Consumers need to verify that the cloud backup software they choose is certified and compliant with the Federal Information Processing Standards FIPS requirements issued by the National Institute of Standards and Technology. Secure [1] Patidar, K. As discussed earlier, data security risks are potent Abuse.

In traditional data centers business had the privilege to know about the data flow, exact data location, precautions used to protect data from unauthorized access. In public cloud the idea of data storage is distinct; business is unlikely to know where and how the data is stored, when data is moved, and what particular security measures are in place.

In case of privacy infringement due to providers fault the confusion still exist on who will take the responsibility and will compensate to the affected people. Lack of common security standards also adds to the concern of data storage over cloud. Public cloud has the attraction of cost saving and low maintenance but the enticement comes www.

The infra structure has to be shared with unknown people. A cyber invader can act as a subscriber and can spread malicious viruses in the system. The vendor may grant some privileged third parties access to your stored data. The identity of such parties, if any, must be disclosed to the customer. Here, the third party could be a legal authority or even an internal employee.

The customer should always be informed before the vendor allows third parties to access the stored data [Def 3].

Non cloud services also have security concerns but cloud has additional risk of external party involvement and exposure of critical and confidential data outside organizations control. Modifying security measures or introducing pristine best practices relevant to one particular organization is also unattainable. Cloud provider stores the data in providers side and maintenance is exclusively done by the providers hence clients have no means to check on the providers security practices, providers employees, their skills specializations etc.

Security and privacy issues in cloud computing - IEEE Conference Publication

Incidents may also be caused unintentionally where employees mistakenly send across the sensitive data to wrong recipient. Applications which people used to access within organizations intranet are hence exposed to networking threats and internet vulnerabilities which includes distributed denial of service attacks, phishing, malwares and Trojan horses.

If an attacker gains access to client credentials, they can eavesdrop on all activities and transactions, manipulate data, return falsified information, and redirect clients to illegitimate sites. Your account or service instances may become a new base for the attacker. From here, they may leverage the power of your reputation to launch subsequent attacks. Providers should be able to tell the users what will happen in case of any natural disaster, how much of data they will be able to recover and the stipulated www.

The difficulty in retrieving data if there is a change in provider or a need to roll to different platform adds to the apprehension to embrace cloud computing. We have discussed about the different security vulnerabilities of cloud computing and the question arises about the measures that has to be taken to secure data over the cloud.

Proper implementation of security measures is mandatory in cloud computing. The fact that application is launched over the internet makes it susceptible for security risks. Cloud providers should think beyond the customary security practices like restricted user access, password protection etc.

When an employee no longer has a business need to access datacenter his privileges to access datacenter should be immediately revoked.

A firewall should be present in all external interfaces. A list of necessary port and services should be maintained. Assessment of firewall policies and rule sets and reconfiguration of router should be done in regular intervals. Build and deploy a firewall that restricts access from systems that have direct external connection and those which contain confidential data or configuration data.

Data encryption is one common approach the providers follow to safe guard their clients data but the question is whether the data is getting stored in encrypted format or not. To store crucial data organizations can think of private or hybrid cloud where the data will be in secure corporate firewall. Data refinement is valid in case of backed up data also. The cloud customers will never be able to make out the exact storage location of their records and there comes the importance of data back up and recovery.

Backup software should include public cloud APIs, enabling simple backup and recovery across major cloud storage vendors, such as Amazon S3, Nirvanix Storage Delivery Network, Rackspace and others, and giving consumers flexibility in choosing a cloud storage vendor to host their data vault. If provider agrees to backup crucial data then the question arises on how to determine the priority of data. The easiest and least complicated way is to protect the entire workstation or the server.

It is critical for the backup application to encrypt confidential data before sending it offsite to the cloud, protecting both data-in-transit over a WAN to a cloud storage vault and data-at-rest at the cloud storage site. Consumers need to verify that the cloud backup software they choose is certified and compliant with the Federal Information Processing Standards FIPS requirements issued by the National Institute of Standards and Technology.

FIPS certification is required for government agencies as well as for regulated financial, healthcare and other industries for compliance with data retention and security regulations such as HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley and other legal requirements.

Identity and Access management eliminates the need for www. Identity federation, popularized with the introduction of service oriented architectures, is one solution that can be accomplished in a number of ways, such as with the Security Assertion Markup Language SAML standard or the OpenID standard.

And pdf privacy security cloud

SAML provides a means to exchange information, such as assertions related to a subject or authentication information, between cooperating domains. SOAP messages are digitally signed. For example, once a user has established a public key certificate for a public cloud, the private key can be used to sign SOAP requests. SOAP message security validation is complicated and must be carried out carefully to prevent attacks. A new element i.

The original body can still be referenced and its signature verified, but the operation in the replacement body is executed instead. SAML alone is not sufficient to provide cloud-based identity and access management services. The capability to adapt cloud subscriber privileges and maintain control over access to resources is also needed. As part of identity management, standards like the eXtensible Access Control Markup Language XACML can be used by a cloud provider to control access to cloud resources, instead of using a proprietary interface.

XACML is capable of controlling the proprietary service interfaces of most providers, and some cloud providers already have it in place. Messages transmitted between XACML entities are susceptible to attack by malicious third parties, making it important to have safeguards in place to protect decision requests and authorization decisions from possible attacks, including unauthorized disclosure, replay, deletion and modification [Def 9].

Keep a log of Users who access data, time of event and event description. Providers should verify the authenticity of their clients. Frequent data backup policy should be in place Penetration testing at regular intervals to ensure vulnerabilities is not in the cloud. Based on the above discussed proposals i have come up with a framework that will help the cloud consumers and providers to safe guard the data to some extend.

Cloud Providers have number of clients and they may offer any of the services namely Iaas, Paas, Saas. In this framework the providers check for user authentication, make sure that the clients approaching them are authorized and genuine. Steps involved in security framework are explained below: Alternate plans should be ready to meet unexpected disasters. Providers should be equipped with data recovery plans in all emergencies.

To maintain secure client, organizations should review existing security practices and employ additional ones to ensure the security of its data. Clients must consider secure VPN to connect to the provider. Web browsers are majorly used in client side to access cloud computing services.

Cloud www. It is vital to ensure the security of these APIs to protect against both accidental and malicious attempts to evade the security. The various plug-ins and applications available in the web browsers also causes a serious threat to the client systems used to access the provider. Many of the web browsers do not allow automatic updates which will append to the security concerns.

To ensure secure cloud organizations should work on the existing internal policies and improvise its security strategies if necessary. To adopt cloud computing it is necessary to ensure providers security measures.

Security and pdf cloud privacy

To enhance the trust factor providers can get their system verified by external organizations or by security auditors. Aside from the security factor other issues that needs attention is about the data in the cloud, if at the provider goes bankrupt or being acquired by another business.

Traditional data centers used to have regular security audit and mandatory security certifications which ensure the data security.

Cloud providers should also incorporate these measures to assure secure transaction among its customers. Issues concerning data ownership is an on going debate and it is a crucial aspect in cloud computing. When consumers migrate critical company data to the cloud they are not giving the data tenure to the providers. Providers should ensure that the business-data customers store on the cloud should not be compromised under any circumstances. It is mere common sense that the right to use data, manipulate, modify and ownership of data stored in the cloud is customers and there should be an agreement in place that prohibits the data usage by providers.

In traditional data centers business had the privilege to know about the data flow, exact data location, precautions used to protect data from unauthorized access.

In public cloud the idea of data storage is distinct; business is unlikely to know where and how the data is stored, when data is moved, and what particular security measures are in place.

In case of privacy infringement due to providers fault the confusion still exist on who will take the responsibility and will compensate to the affected people. Lack of common security standards also adds to the concern of data storage over cloud. Public cloud has the attraction of cost saving and low maintenance but the enticement comes www. The infra structure has to be shared with unknown people.

A cyber invader can act as a subscriber and can spread malicious viruses in the system. The vendor may grant some privileged third parties access to your stored data. The identity of such parties, if any, must be disclosed to the customer. Here, the third party could be a legal authority or even an internal employee.

The customer should always be informed before the vendor allows third parties to access the stored data [Def 3]. Non cloud services also have security concerns but cloud has additional risk of external party involvement and exposure of critical and confidential data outside organizations control. Modifying security measures or introducing pristine best practices relevant to one particular organization is also unattainable. Cloud provider stores the data in providers side and maintenance is exclusively done by the providers hence clients have no means to check on the providers security practices, providers employees, their skills specializations etc.

Incidents may also be caused unintentionally where employees mistakenly send across the sensitive data to wrong recipient. Applications which people used to access within organizations intranet are hence exposed to networking threats and internet vulnerabilities which includes distributed denial of service attacks, phishing, malwares and Trojan horses.

If an attacker gains access to client credentials, they can eavesdrop on all activities and transactions, manipulate data, return falsified information, and redirect clients to illegitimate sites.

Your account or service instances may become a new base for the attacker.

From here, they may leverage the power of your reputation to launch subsequent attacks. Providers should be able to tell the users what will happen in case of any natural disaster, how much of data they will be able to recover and the stipulated www. The difficulty in retrieving data if there is a change in provider or a need to roll to different platform adds to the apprehension to embrace cloud computing. We have discussed about the different security vulnerabilities of cloud computing and the question arises about the measures that has to be taken to secure data over the cloud.

Proper implementation of security measures is mandatory in cloud computing. The fact that application is launched over the internet makes it susceptible for security risks. Cloud providers should think beyond the customary security practices like restricted user access, password protection etc. When an employee no longer has a business need to access datacenter his privileges to access datacenter should be immediately revoked.

A firewall should be present in all external interfaces.

Cloud Security and Privacy

A list of necessary port and services should be maintained. Assessment of firewall policies and rule sets and reconfiguration of router should be done in regular intervals. Build and deploy a firewall that restricts access from systems that have direct external connection and those which contain confidential data or configuration data.

Data encryption is one common approach the providers follow to safe guard their clients data but the question is whether the data is getting stored in encrypted format or not. To store crucial data organizations can think of private or hybrid cloud where the data will be in secure corporate firewall. Data refinement is valid in case of backed up data also. The cloud customers will never be able to make out the exact storage location of their records and there comes the importance of data back up and recovery.

Backup software should include public cloud APIs, enabling simple backup and recovery across major cloud storage vendors, such as Amazon S3, Nirvanix Storage Delivery Network, Rackspace and others, and giving consumers flexibility in choosing a cloud storage vendor to host their data vault. If provider agrees to backup crucial data then the question arises on how to determine the priority of data. The easiest and least complicated way is to protect the entire workstation or the server.

It is critical for the backup application to encrypt confidential data before sending it offsite to the cloud, protecting both data-in-transit over a WAN to a cloud storage vault and data-at-rest at the cloud storage site.

Consumers need to verify that the cloud backup software they choose is certified and compliant with the Federal Information Processing Standards FIPS requirements issued by the National Institute of Standards and Technology. FIPS certification is required for government agencies as well as for regulated financial, healthcare and other industries for compliance with data retention and security regulations such as HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley and other legal requirements.

Identity and Access management eliminates the need for www. Identity federation, popularized with the introduction of service oriented architectures, is one solution that can be accomplished in a number of ways, such as with the Security Assertion Markup Language SAML standard or the OpenID standard. SAML provides a means to exchange information, such as assertions related to a subject or authentication information, between cooperating domains.

SOAP messages are digitally signed. For example, once a user has established a public key certificate for a public cloud, the private key can be used to sign SOAP requests.