Professional Documents
Culture Documents
I.
INTRODUCTION
CLOUD COMPUTING
SERVICE MODELS
Saa
S
Paa
S
IaaS
III.
SECURITY ISSUES IN
CLOUD COMPUTING
A. Data Breaches
Data breaches are every CTOs worst
nightmare. This implies leakage of an
organizations sensitive private data into the
hand of the competitors and unwanted
people. While data loss and data leakage are
both severe threats to cloud computing, the
measures you put in place to reduce one of
these threats can enhance the other. You can
have data encryption to reduce the impact of
a data breach, but if encryption key is lost,
all your data is lost as well. Conversely, one
may decide to keep offline backups of his
data to reduce the impact of a catastrophic
data loss, but it increases exposure to data
breaches.
B. Data Loss
The thought of losing ones data
permanently is terrifying for both consumers
and businesses. Malicious attackers are one
of the key reasons for the loss of data. Any
accidental deletion by the cloud service
provider, or worse, a physical calamity such
as a fire or earthquake, can lead to the
permanent loss of customers data unless the
provider takes adequate measures to backup
data.
C. Account Hijacking
In 2009, many Amazon systems were
hijacked to run Zeus botnet nodes. In April
2010, Amazon experienced a Cross-Site
Scripting (XSS) bug that allowed attackers
to hijack credentials from the site.
Account or service hijacking is not new.
Phishing, fraud, and exploitation of software
vulnerabilities still achieve results. Cloud
solutions add more elements to the top of the
stack. If an attacker gains access to your
credentials, they can intercept your activities
and transactions, manipulate data, return
IV.
IaaS STRUCTURE
V.
authentication, consider two factor or multifactor authentication for all information that
needs to be restricted. In addition, consider
Authentica
tiering your access policies based on the
tion and
Authorizati
IaaS
level of trust you have for each identity
on
Securit
provider for your IaaS cloud solutions. The
y
level of authorization you enable from an
Model
identity provide such as Google Mail is
Infrast
ructur
going be a lot lower than if the identity
al
provider is your corporate Active Directory
Harde
ning
environment. Integrate this authorization
Figure 2 Deploying IaaS Security Model
tiering into your DLP solution.
Data
leakage
protection
End to End
Encryption
End to End
logging
C. Infrastructure hardening
Virtual machines and VM templates should
be hardened and clean. You can do this with
initial system hardening when you create the
images, and you can also take advantage of
technologies that enable you to update the
images offline with the latest service and
security updates. Make sure that you have a
process in place to test the security of these
master images on a regular basis to confirm
that there has been no drift from your
desired configuration, due to malicious or
non-malicious changes from the original
configuration.
D. End to end encryption
In end to end encryption, you should use
whole disk encryption, which ensures that
all data on the disk are encrypted so that it
can be prevented from online as well as
offline attacks. Also make sure that all
communications to host OSs and VMs in
the IaaS infrastructure are encrypted. This
can be done over SSL/TLS or IPsec. This
includes not only communications from
management
stations,
but
also
communications between the virtual
machines themselves. One should also
deploy mechanisms such as homomorphic
encryption to keep end-user communications
VI.
CONCLUSION
ACKNOWLEDGEMENT
I am very grateful to Mr. Gaurav Sharma,
for his support to write this paper.
References
Appication Denial of Service. (n.d.). Retrieved from The open web application security project:
https://www.owasp.org/index.php/Application_Denial_of_Service
Cloud Security Issues - A fading worry. (n.d.). Retrieved from Ramco blog:
http://www.ramco.com/blog/cloud-security-issues-fading-worry
Czarnecki, C. (2011, November 9). Cloud Service Models: Comparing SaaS, PaaS and IaaS.
Retrieved from Learning Tree International: http://cloudcomputing.learningtree.com/2011/11/09/cloud-service-models-comparing-saas-paas-andiaas/
Gill, P. J. (2013, April). Utility Computing in the cloud. Oracle Magazine, pp. 1-5.
Goodin, D. (2010, April 4). Amazon purges account hijacking threat from site. Retrieved from
The Register: http://www.theregister.co.uk/2010/04/20/amazon_website_treat/
Grance, T., & Mell, P. (2009, July 10). The NIST definition of Cloud Computing. Retrieved from
http://www.wheresmyserver.co.nz/storage/media/faq-files/cloud-def-v15.pdf
Honan, M. (2012, November 11). Kill the password : Why a string of characters cant protect us
anymore? Retrieved from Wired: http://www.wired.com/gadgetlab/2012/11/ff-mathonan-password-hacker/
Howell, D. (2013, January 16). Cloud Computing Users are losing data, Symantec finds SYMC.
Retrieved from Investors.com: http://news.investors.com/technology/011613-640851cloud-computing-data-loss-high-in-symantec-study.htm
Kassner, M. (2011, June 29). Homomorphic Encryption: Can it save cloud computing? Retrieved
from TechRepublic: http://www.techrepublic.com/blog/security/homomorphicencryption-can-it-save-cloud-computing/5488
Lemos, R. (2012, April 23). Insecure API implementations threaten Cloud. Retrieved from Dark
reading: http://www.darkreading.com/cloud/insecure-api-implementations-threatencl/232900809
Miller, M. (2009). Cloud Computing - Web Based Application that change the way you
collaborate online. QUE, 2nd print.
Schwartz, M. J. (2012, June 13). New Virtualization Vulnerability Allows Escape To Hypervisor
Attacks. Retrieved from Information Week:
http://www.informationweek.com/security/application-security/new-virtualizationvulnerability-allows/240001996
Shinder, D. (2013, January 23). Security Considerations for Infrastructure as a Service Cloud
Computing. Retrieved from Windows Security: http://www.windowsecurity.com/articles-
tutorials/Cloud_computing/Security-Considerations-Infrastructure-Service-CloudComputing-Model.html
The Notorious Nine : loud COmputing threats in 2013. (2013, February). Retrieved from Cloud
Security alliance: http://www.cloudsecurityalliance.org/topthreats/
Vilaca, R., & Oliveira, R. (2009). A flexible large scale decentralized object store. WDDDM.
Architecture Overview.