Cloud Security
Characteristics of cloud computing
The essential characteristics of the cloud computing model were defined
by the National Institute of Standards and technology (NIST) and have since
been redefined by number of architects and experts.
A.
On-demand
self-service
Users are capable to providing cloud computing resources, such as server time and network storage without requiring human communication, mostly done through a web-based self-service portal. You can access to your services and you have the capability to change cloud services through an online control panel or directly with the provider. You can add or delete users and change storage networks and software as wanted.B. Broad network access
In this, capabilities
are available through the network and accessed through standard tools that
promote use by heterogeneous thin and thick client platform such as mobile
services and workstations. They can use these devices wherever they are placed
with a simple online access point. Broad network access contains private clouds
that operate within a company’s firewall, hybrid deployments or a public cloud.
C.
Resource Pooling
The provider’s computing resources are pooled to serve multiple clients using a multi-tenant model, with different physical and virtual resources dynamically allocated and reallocated according to client Broad network access demand.
D.
Rapid Elasticity
Resources are provisioned and released on-demand and/or automatic based on triggers or parameters. This will ensure your application will have exact capacity it wants at any point of time.E. Measured Service
A nature of the cloud, you only pay for what you see. You and your cloud provider can measure storage levels, processing, bandwidth, and the amount of user accounts and you are billed correctly.Cloud Security Challenges
Cloud computing is very different than physical or virtual servers, which
translates into a different cyber security model as well. These difference lead
to a variety of security challenges. Many remaining problems have not been
completely addressed in cloud computing, while new challenges keep emerging
from industry applications.
When many people share data in cloud services there is a risk of data
misuse. To avoid that the data should be secure. Protecting the data is the
main and important challenges in cloud computing. Providing authorization,
authentication and access control can enhance the security in cloud computing.
Some challenges issues in cloud computing are given below.
A.
Access Control
Cloud must have right data security policies and accessing data should happen according to policies. Data can be access by authorized users. There are various techniques must be use to ensure that the data is access by valid users like encryption and key management mechanisms. Accessing sensitive data from invalid users can occur to huge problems.B. Authentication
Authentication is to check the identity
of the user which are communicating with cloud. Throughout the internet, the
user that storing the data in cloud is accessible to all unauthorized people.
There henceforth the certified user and assistance cloud must have
interchangeability administration entity.
C.
Data Encryption
An effective way to keep your most sensitive information from being access by other party is data encryption. Strong encryption can minimize the risk of stolen data being used against your company or your customers/clients before you have a chance to alert them so they can take steps to protect their identities.
D. Integrity
In the system, there should be a security such that data can be only modified by the authorized person. In cloud computing the data cannot be lost or change because many people use it. To avoid that data integrity must be there and it should maintain correctly.
E.
Confidentiality
Confidentiality certifies that data is not disclosed to unauthorized persons. Loss of confidentiality happens when data can be viewed or read by any individuals who are unauthorized to access it. Loss of confidentiality can occur physically or electronically.
Solutions for cloud security issues
There are some cloud security solutions, that service providers should concern when they distribute their service to customers in a public cloud solution.
Encryption is recommended as a better solution to protect information. In a PaaS model, the user may or may not be alert of the format or location of stored data. Hence to verify that the data is secured the user should use proper data encryption standards to encrypt the data before uploading it into the cloud. In SaaS model, the client is only able to alter the parameters of an application provided by the cloud, but the customer should safeguard the changes are in accordance with the cloud provider’s security model.
Before uploading data into the cloud, the customers are recommended to confirm whether the data is stored on backup drives and the keywords in files remain as same. Compute the hash of the file before uploading to cloud servers will guarantee that the data is not changed. This hash calculation can be used for data integrity but it is very hard to uphold it. RSA grounded data integrity check can be provided by merging identity based cryptography and RSA Signature.
The security actions designed for virtualization contains virtual firewall, virtual machine security management, virtual machine monitor and virtual machine isolation. Further Cloud providers should employ Intrusion Detection Systems to keep their customers secure in cloud environment. Trusted cloud computing platform (TCCP) is designed to afford better security of the virtual machines.
Heterogeneous data centric security is to be used to deliver data access control. A data security model contains of authentication, data recovery, data encryption and data integrity, user protection has to be designed to expand the data security over cloud. Distributed access control architecture can be used for access management in cloud computing. Using of credential or attributed based policies are better when recognizing unauthorized users. Permission as a service can be used to express the user that which part of data can be accessed. Fine grained access control mechanism permits the owner to delegate most of computation rigorous tasks to cloud servers without disclosing the data contents.
Cloud service providers use Network Based Intrusion Prevention System to detect threats in real time. RSA based storage security method can be used to compute large files with various sizes and to address remote data security.
Data Splitting is also a countermeasure for cloud security issues. Here the data split over several hosts that cannot communicate with each other; only the owner who can access both hosts can collect and combine the separate datasets to re-form the original.
Cloud service provider must deliver safe and helpful recovery facilities, so in any condition if data is fragmented or lost because of any cause, data can be recovered so that continuity of data can be managed. Cloud provider must provide backup facilities since natural disaster may damage or harm physical devices that may be the reason of data loss. Thus, to avoid this issue vendor must provide the backup of information, this facility gives a key assurance of service provided by service providers.
Comments
Post a Comment