cloud computer security techniques and tactics pdf

Cloud Computer Security Techniques And Tactics Pdf

On Saturday, March 27, 2021 8:12:20 PM

File Name: cloud computer security techniques and tactics .zip
Size: 1105Kb
Published: 27.03.2021

Securing the Cloud is the first book that helps you secure your information while taking part in the time and cost savings of cloud computing. As companies turn to burgeoning cloud computing technology to streamline and save money, security is a fundamental concern. The cloud offers flexibility, adaptability, scalability, and in the case of security - resilience.

Metrics details. Cloud Computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. However, cloud Computing presents an added level of risk because essential services are often outsourced to a third party, which makes it harder to maintain data security and privacy, support data and service availability, and demonstrate compliance.

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: This book and the individual contributions contained in it are protected under copyright by the Publisher other than as may be noted herein. Notices Knowledge and best practice in this field are constantly changing.

Securing the Cloud Cloud Computer Security Techniques and Tactics

Metrics details. Cloud Computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. However, cloud Computing presents an added level of risk because essential services are often outsourced to a third party, which makes it harder to maintain data security and privacy, support data and service availability, and demonstrate compliance.

The importance of Cloud Computing is increasing and it is receiving a growing attention in the scientific and industrial communities. A study by Gartner [ 1 ] considered Cloud Computing as the first among the top 10 most important technologies and with a better prospect in successive years by companies and organizations.

Cloud Computing enables ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources e. Cloud Computing appears as a computational paradigm as well as a distribution architecture and its main objective is to provide secure, quick, convenient data storage and net computing service, with all computing resources visualized as services and delivered over the Internet [ 2 , 3 ].

The cloud enhances collaboration, agility, scalability, availability, ability to adapt to fluctuations according to demand, accelerate development work, and provides potential for cost reduction through optimized and efficient computing [ 4 — 7 ].

In some respects, Cloud Computing represents the maturing of these technologies and is a marketing term to represent that maturity and the services they provide [ 6 ]. Although there are many benefits to adopting Cloud Computing, there are also some significant barriers to adoption. One of the most significant barriers to adoption is security, followed by issues regarding compliance, privacy and legal matters [ 8 ]. Because Cloud Computing represents a relatively new computing model, there is a great deal of uncertainty about how security at all levels e.

That uncertainty has consistently led information executives to state that security is their number one concern with Cloud Computing [ 10 ]. Compared to traditional technologies, the cloud has many specific features, such as its large scale and the fact that resources belonging to cloud providers are completely distributed, heterogeneous and totally virtualized. Traditional security mechanisms such as identity, authentication, and authorization are no longer enough for clouds in their current form [ 11 ].

Security controls in Cloud Computing are, for the most part, no different than security controls in any IT environment. However, because of the cloud service models employed, the operational models, and the technologies used to enable cloud services, Cloud Computing may present different risks to an organization than traditional IT solutions.

Unfortunately, integrating security into these solutions is often perceived as making them more rigid [ 4 ]. To alleviate these concerns, a cloud solution provider must ensure that customers will continue to have the same security and privacy controls over their applications and services, provide evidence to customers that their organization are secure and they can meet their service-level agreements, and that they can prove compliance to auditors [ 12 ].

We present here a categorization of security issues for Cloud Computing focused in the so-called SPI model SaaS, PaaS and IaaS , identifying the main vulnerabilities in this kind of systems and the most important threats found in the literature related to Cloud Computing and its environment.

A threat is a potential attack that may lead to a misuse of information or resources, and the term vulnerability refers to the flaws in a system that allows an attack to be successful. There are some surveys where they focus on one service model, or they focus on listing cloud security issues in general without distinguishing among vulnerabilities and threats. Here, we present a list of vulnerabilities and threats, and we also indicate what cloud service models can be affected by them.

Furthermore, we describe the relationship between these vulnerabilities and threats; how these vulnerabilities can be exploited in order to perform an attack, and also present some countermeasures related to these threats which try to solve or improve the identified problems.

The remainder of the paper is organized as follows: Section 2 presents the results obtained from our systematic review. Next, in Section 3 we define in depth the most important security aspects for each layer of the Cloud model. Later, we will analyze the security issues in Cloud Computing identifying the main vulnerabilities for clouds, the most important threats in clouds, and all available countermeasures for these threats and vulnerabilities.

Finally, we provide some conclusions. We have carried out a systematic review [ 13 — 15 ] of the existing literature regarding security in Cloud Computing, not only in order to summarize the existing vulnerabilities and threats concerning this topic but also to identify and analyze the current state and the most important security issues for Cloud Computing.

The question focus was to identify the most relevant issues in Cloud Computing which consider vulnerabilities, threats, risks, requirements and solutions of security for Cloud Computing. This question had to be related with the aim of this work; that is to identify and relate vulnerabilities and threats with possible solutions. Therefore, the research question addressed by our research was the following: What security vulnerabilities and threats are the most important in Cloud Computing which have to be studied in depth with the purpose of handling them?

The keywords and related concepts that make up this question and that were used during the review execution are: secure Cloud systems, Cloud security, delivery models security, SPI security, SaaS security, Paas security, IaaS security, Cloud threats, Cloud vulnerabilities, Cloud recommendations, best practices in Cloud.

The selection criteria through which we evaluated study sources was based on the research experience of the authors of this work, and in order to select these sources we have considered certain constraints: studies included in the selected sources must be written in English and these sources must be web-available.

Later, the experts will refine the results and will include important works that had not been recovered in these sources and will update these work taking into account other constraints such as impact factor, received cites, important journals, renowned authors, etc. Once the sources had been defined, it was necessary to describe the process and the criteria for study selection and evaluation.

The inclusion and exclusion criteria of this study were based on the research question. We therefore established that the studies must contain issues and topics which consider security on Cloud Computing, and that these studies must describe threats, vulnerabilities, countermeasures, and risks.

During this phase, the search in the defined sources must be executed and the obtained studies must be evaluated according to the established criteria. After executing the search chain on the selected sources we obtained a set of about results which were filtered with the inclusion criteria to give a set of about 40 relevant studies. This set of relevant studies was again filtered with the exclusion criteria to give a set of studies which corresponds with 15 primary proposals [ 4 , 6 , 10 , 16 — 27 ].

The studies analyze the risks and threats, often give recommendations on how they can be avoided or covered, resulting in a direct relationship between vulnerability or threats and possible solutions and mechanisms to solve them. In addition, we can see that in our search, many of the approaches, in addition to speaking about threats and vulnerabilities, also discuss other issues related to security in the Cloud such as the data security, trust, or security recommendations and mechanisms for any of the problems encountered in these environments.

The cloud model provides three types of services [ 21 , 28 , 29 ]:. Software as a Service SaaS. The applications are accessible from various client devices through a thin client interface such as a web browser e. Platform as a Service PaaS. The capability provided to the consumer is to deploy onto the cloud infrastructure his own applications without installing any platform or tools on their local machines.

PaaS refers to providing platform layer resources, including operating system support and software development frameworks that can be used to build higher-level services.

Infrastructure as a Service IaaS. The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.

With SaaS, the burden of security lies with the cloud provider. In part, this is because of the degree of abstraction, the SaaS model is based on a high degree of integrated functionality with minimal customer control or extensibility. By contrast, the PaaS model offers greater extensibility and greater customer control. Largely because of the relatively lower degree of abstraction, IaaS offers greater tenant or customer control over security than do PaaS or SaaS [ 10 ].

Before analyzing security challenges in Cloud Computing, we need to understand the relationships and dependencies between these cloud service models [ 4 ].

However, we have to take into account that PaaS offers a platform to build and deploy SaaS applications, which increases the security dependency between them.

As a consequence of these deep dependencies, any attack to any cloud service layer can compromise the upper layers. Each cloud service model comprises its own inherent security flaws; however, they also share some challenges that affect all of them.

These relationships and dependencies between cloud models may also be a source of security risks. A SaaS provider may rent a development environment from a PaaS provider, which might also rent an infrastructure from an IaaS provider. Each provider is responsible for securing his own services, which may result in an inconsistent combination of security models. It also creates confusion over which service provider is responsible once an attack happens. SaaS users have less control over security among the three fundamental delivery models in the cloud.

The adoption of SaaS applications may raise some security concerns. These applications are typically delivered via the Internet through a Web browser [ 12 , 22 ]. However, flaws in web applications may create vulnerabilities for the SaaS applications.

Security challenges in SaaS applications are not different from any web application technology, but traditional security solutions do not effectively protect it from attacks, so new approaches are necessary [ 21 ]. There are more security issues, but it is a good start for securing web applications. SaaS applications can be grouped into maturity models that are determined by the following characteristics: scalability, configurability via metadata, and multi-tenancy [ 30 , 33 ].

In the first maturity model, each customer has his own customized instance of the software. This model has drawbacks, but security issues are not so bad compared with the other models.

In the second model, the vendor also provides different instances of the applications for each customer, but all instances use the same application code. In this model, customers can change some configuration options to meet their needs. In the third maturity model multi-tenancy is added, so a single instance serves all customers [ 34 ]. This approach enables more efficient use of the resources but scalability is limited.

Since data from multiple tenants is likely to be stored in the same database, the risk of data leakage between these tenants is high. For the final model, applications can be scaled up by moving the application to a more powerful server if needed.

Data security is a common concern for any technology, but it becomes a major challenge when SaaS users have to rely on their providers for proper security [ 12 , 21 , 36 ]. In SaaS, organizational data is often processed in plaintext and stored in the cloud. The SaaS provider is the one responsible for the security of the data while is being processed and stored [ 30 ]. Also, data backup is a critical aspect in order to facilitate recovery in case of disaster, but it introduces security concerns as well [ 21 ].

Also cloud providers can subcontract other services such as backup from third-party service providers, which may raise concerns. Moreover, most compliance standards do not envision compliance with regulations in a world of Cloud Computing [ 12 ]. Accessing applications over the internet via web browser makes access from any network device easier, including public computers and mobile devices.

However, it also exposes the service to additional security risks. The Cloud Security Alliance [ 37 ] has released a document that describes the current state of mobile computing and the top threats in this area such as information stealing mobile malware, insecure networks WiFi , vulnerabilities found in the device OS and official applications, insecure marketplaces, and proximity-based hacking.

PaaS facilitates deployment of cloud-based applications without the cost of buying and maintaining the underlying hardware and software layers [ 21 ].

PaaS application security comprises two software layers: Security of the PaaS platform itself i. PaaS providers are responsible for securing the platform software stack that includes the runtime engine that runs the customer applications.

Same as SaaS, PaaS also brings data security issues and other challenges that are described as follows:. Moreover, PaaS does not only provide traditional programming languages, but also does it offer third-party web services components such as mashups [ 10 , 38 ]. Mashups combine more than one source element into a single integrated unit.

Thus, PaaS models also inherit security issues related to mashups such as data and network security [ 39 ]. Also, PaaS users have to depend on both the security of web-hosted development tools and third-party services.

From the perspective of the application development, developers face the complexity of building secure applications that may be hosted in the cloud. Developers have to keep in mind that PaaS applications should be upgraded frequently, so they have to ensure that their application development processes are flexible enough to keep up with changes [ 19 ].

However, developers also have to understand that any changes in PaaS components can compromise the security of their applications. Besides secure development techniques, developers need to be educated about data legal issues as well, so that data is not stored in inappropriate locations.

Let Us Keep You Warm This Winter

Skip to search form Skip to main content You are currently offline. Some features of the site may not work correctly. Winkler Published Engineering. As companies turn to cloud computing technology to streamline and save money, security is a fundamental concern. Loss of certain control and lack of trust make this transition difficult unless you know how to handle it. Securing the Cloud discusses making the move to the cloud while securing your peice of it! The cloud offers felxibility, adaptability, scalability, and in the case of security-resilience.


design strategies for cloud computing. Chapter 5 is devoted to data security. issues. The author shows the weakness-. es in data security and.


Securing the Cloud: Cloud Computer Security Techniques and Tactics

To browse Academia. Skip to main content. By using our site, you agree to our collection of information through the use of cookies. To learn more, view our Privacy Policy. Log In Sign Up.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut congue hendrerit urna vel ultricies. Sed ut nunc et quam fringilla sollicitudin.

Vic J. Winkler offers an important book for addressing security issues surrounding the growing use of cloud technology to share and transport files and information. Winkler draws on his 30 plus years of experience working with cyber security in various capacities to provide a detailed framework from which to understand cloud technology, different ways of securing data and networks, and positive and negative aspects of using a cloud.

Description

Он сказал, что ты будешь очень расстроена, если поездку придется отложить. Сьюзан растерялась. - Вы говорили с Дэвидом сегодня утром. - Разумеется.  - Стратмора, похоже, удивило ее недоумение.  - Мне пришлось его проинструктировать.

Но это было не. Терминал Хейла ярко светился. Она забыла его отключить.

Это ловушка. Энсей Танкадо всучил вам Северную Дакоту, так как он знал, что вы начнете искать. Что бы ни содержалось в его посланиях, он хотел, чтобы вы их нашли, - это ложный след.

ГЛАВА 40 Стоя у двери Третьего узла, Чатрукьян с безумным видом отчаянно пытался убедить Хейла в том, что с ТРАНСТЕКСТОМ стряслась беда. Сьюзан пробежала мимо них с одной только мыслью - как можно скорее предупредить Стратмора. Сотрудник лаборатории систем безопасности схватил ее за руку.

with pdf manual pdf

Subscribe

Subscribe Now To Get Daily Updates