Professional Documents
Culture Documents
Cloud Security
saliya@nsbm.lk
1
What is Cloud computing
Essential
Network Access Elasticity Service Self-Service
Resource Pooling
(c) IaaS
Router
Network
or I nternet
Router
LAN Cloud
switch service
provider
Servers
Security
Privacy
IaaS Service
Security Aggregation
ResourceAbstraction Provisioning/
Audit
and Control Layer Configuration Service
Privacy Physical ResourceLayer Arbitrage
Impact Audit
Hardware Portability/
Performance Interoperability
Facility
Audit
Cloud Carrier
Unknown risk
profile
Cloud Security Risks 2
Abuse and nefarious use of cloud computing:
o Attackers to get inside the cloud as trial uses etc, to
conduct various attacks, such as spamming, malicious
code attacks, and denial of service.
Insecure interfaces and APIs:
o CPs expose a set of software interfaces or APIs that
customers use to manage and interact with cloud
services.
o The security and availability of general cloud services is
dependent upon the security of these basic APIs.
Cloud Security Risks 3
Malicious insiders:
o Under the cloud computing, an organizations place an
unprecedented level of trust onto the CP.
o One grave concern is the risk of malicious insider activity.
Examples include rare possibility of insider attacks
from CP system administrators or managed security
service providers.
Shared technology issues:
o In the cloud underlying components that make up the
infrastructure (CPU caches, GPUs, etc.) are shared.
These are not designed to offer strong isolation
properties for a multi-tenant architecture.
o This create vulnerabilities.
Cloud Security Risks 4
Data loss or leakage:
o For many clients, the most devastating impact from a
security breach is the loss or leakage of data.
o We address this issue in the next section.
Multi-tenant model
DBMS running on
a virtual machine
instance for each
Architectura cloud subscriber
l or Provides a predefined
operational Gives the Gives the appearance of
environment for the cloud
subscriber exclusive use of the instance
characteristi complete control
subscriber that is shared with
but relies on the cloud provider
other tenants typically through
cs of the over tagging data with a subscriber
to establish and maintain a
cloud administrative secure database environment
identifier
tasks related to
environmen security
t
Multi-instance & Multi-tenant
Database environments used in cloud computing can
vary significantly.
Some providers support a multi-instance model,
Other providers support a multi-tenant model
multi-instance model : provides a unique DBMS
running on a virtual machine instance for each cloud
subscriber.
o This gives the subscriber complete control over role definition, user
authorization, and other administrative tasks related to security.
multi-tenant model: provides a predefined environment
for the cloud subscriber that is shared with other tenants,
security through tagging data with a subscriber identifier.
Tagging gives the appearance of exclusive use of the instance, but relies
on the cloud provider to maintain security.
SecaaS:
Cloud Security As A Service
Is a segment of the SaaS offering of a CP (Cloud
Provider)
Defined by The Cloud Security Alliance as:
oProvision of security applications and services
via the cloud
either to cloud-based infrastructure and
software
or from the cloud to the customers on-
premise systems
Encryption
E-mail security
Web security
Intrusion
management