Cloud Security Best Practices

Verified

Added on 2020/03/28

AI Summary

This assignment delves into the critical topic of cloud security. It emphasizes the importance of implementing robust security measures to protect sensitive data and applications deployed on cloud platforms. The document outlines best practices for securing various aspects of a cloud environment, including APIs, web consoles, database instances (like MS SQL Server 2012 R2), cloud infrastructure, and backup and restore processes. Key areas covered include access control using protocols like SSHv2 and TLS/SSL, multi-factor authentication, public key certificates, security tools for VMs, antivirus protection, data encryption for backups, and offline storage of decryption keys. The assignment stresses the need to thoroughly review the security features provided by cloud vendors and minimize browser-based access to infrastructure due to vulnerabilities.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: CLOUD COMPUTING
Cloud computing
Name of the student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1CLOUD COMPUTING
Answer to question 2:
The various risks that are evident due to the migration of the database, IaaS infrastructure
and the communication of the company are discussed in this portion.
Risks in database:
The various cloud related risks that are evident due to the migration of the database is
discussed in this portion. In case of cloud feature installations, the various applications installed
in the system will need to be installed in the cloud architecture. In some cases, these applications
may show license problems. In cases like this, the business operations will be affected due to the
license risks.
In addition, as the cloud features are being provided by the cloud vendors, the
organization needs to comply with their requirements (Garrison, Kim & Wakefield, 2012). Any
changes to the system are to be done after contacting with these vendors. This reduces the
transparency of the system with respect to the organization involved.
Risks in IaaS infrastructure:
The main risks to the IaaS infrastructures due to the migration of the database are
discussed in this section. The main risks are the misconfiguration, shadow-IT and vulnerabilities.
The first risk to be discussed is the misconfiguration in the infrastructure. The presence of
existing problems in the system is to be referenced to fight these vulnerabilities. For addressing
such requirements, the scanning of the whole system is to be referenced. This includes the scan
of the whole system by using the IaaS APIs. These are used to scan the whole database. These
data are used to compare with the existing templates of the API scanning (Garrison, Kim &
Wakefield, 2012). These templates are complied with the universal standards. The data are then
to be applied for addressing the risks in the infrastructure. In addition, the presence of monitoring

2CLOUD COMPUTING
features to scan the status of the system is also to be done for detecting any errors present in the
system.
Vulnerability is another risk that is present in the infrastructure. This is to be addressed
by not only the vendors of the cloud solutions but also the organization. The main process to be
involved is the installation of applications for automated scanning procedures and workload
security management.
The last risk in the infrastructure is the presence of shadow-IT features (Jadeja & Modi,
2012). This mainly consists of ghost servers, dormant storages and orphan storage. The ghost
server generally means the presence of servers which can still perform efficiently. However,
these servers are unused for a long time. Similarly, the orphan servers are the presence of those
servers that are also not used for a long time and are not in good conditions with respect to
operations. Moreover, when servers are replaced by the new ones, they remain in the
infrastructures. These are the dormant resources. All these poses great risks to the organizations
as these storages still consist of data. These can be used to get access to these data unethically.
Risks in communication between the organization and database:
The main risks in the communications among the organization and the cloud vendor are
the concerns in privacy and availability of data. As the organization needs to update the vendor
regarding any organizational changes, the vendor will have access to all the data of the
organization. This raises a security and privacy concern as the organization concerned may not
have ease of mind in doing businesses (Hashizume et al., 2013). This also provides an ethical
risks if the cloud vendor unethically analyses their data.
The presence of internet access is a requirement in cloud architecture. As the information
to be updated in the cloud infrastructure can only be done by the presence of internet, the risks

3CLOUD COMPUTING
due to such requirements is great. In case an organization is facing threats in the system, they
need to close the cloud application to mitigate the threats. In case of internet absence, the
organization will not be able to access the system which will lead to grave impacts in the system.
Answer to question 4:
This section is concerned with the application of the access protection features in
different parameters of the cloud solutions.
IaaS infrastructure:
The access to the IaaS infrastructure can only be provided by utilizing the four different
parameters. These include the internet access, physical access, APIs and web console. The
physical access is provided by the cloud vendors. The organization needs to review the security
features and protocols followed by the cloud vendors. Any problems in their security can lead to
the business failure as well (Jadeja & Modi, 2012). Internet access can be secured by the
application of various cloud related solutions. These include the applications of tighter security
measures. The most commercially available solutions are the one provided by Cloud Sigma. The
main aim of these solutions is the implementation of firewall setups that could be used for
neglecting access by third-parties. In case of the APIs and web-console, tighter security can be
applied by the adoption of security protocols.
Ms SQL Server 2012 R2 cloud instance:
The presence of user privileged access to the instance of the server is to be emphasized
for the IaaS cloud consumer’s corporate network. This can be done by the application of access
protocols like SSHv2 or TLS/SSL. The main emphasis of these uses will be based on the use of

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4CLOUD COMPUTING
multi-factor authentication. In addition, the use of public key certificate is also to be emphasized
for addressing these requirements.
Cloud infrastructure:
The access to the cloud infrastructure by using the browser is to be minimized. The main
reason is that they are prone to injection attacks. In addition, the presence of security tools is also
needed in the VMs to reduce the possibilities of back door intrusion and information leak (Jadeja
& Modi, 2012). Furthermore, the antivirus programs must also be used for removing the
malwares from the system.
Cloud backup and restore:
The organization needs to review the security features and protocols followed by the
cloud vendors. Any problems in their security can lead to the business failure as well. This
requires the need for encrypting the data to be backed up (Khan et al., 2013). In such cases the
data will not be easily accessed. Furthermore, the presence of offline storage of the decrypting
key is also required.

5CLOUD COMPUTING
References:
Garrison, G., Kim, S., & Wakefield, R. L. (2012). Success factors for deploying cloud
computing. Communications of the ACM, 55(9), 62-68.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of
security issues for cloud computing. Journal of Internet Services and Applications, 4(1),
5.
Jadeja, Y., & Modi, K. (2012, March). Cloud computing-concepts, architecture and challenges.
In Computing, Electronics and Electrical Technologies (ICCEET), 2012 International
Conference on (pp. 877-880). IEEE.
Jula, A., Sundararajan, E., & Othman, Z. (2014). Cloud computing service composition: A
systematic literature review. Expert Systems with Applications, 41(8), 3809-3824.
Kavis, M. J. (2014). Architecting the cloud: design decisions for cloud computing service models
(SaaS, PaaS, and IaaS). John Wiley & Sons.
Khan, A. N., Kiah, M. M., Khan, S. U., & Madani, S. A. (2013). Towards secure mobile cloud
computing: A survey. Future Generation Computer Systems, 29(5), 1278-1299.
Kumar, S., & Goudar, R. H. (2012). Cloud Computing-Research Issues, Challenges,
Architecture, Platforms and Applications: A Survey. International Journal of Future
Computer and Communication, 1(4), 356.
Li, J., Qiu, M., Ming, Z., Quan, G., Qin, X., & Gu, Z. (2012). Online optimization for scheduling
preemptable tasks on IaaS cloud systems. Journal of Parallel and Distributed
Computing, 72(5), 666-677.

1 out of 6

+13062052269

info@desklib.com

Cloud Security Best Practices

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Related Documents

Cloud Security Risks for Webb's Store

Cloud Security Risks and Recommendations for Effective Migration