Cloud Computing Security: Challenges, Solutions, and Best Practices

Verified

Added on 2019/09/24

AI Summary

This report provides a comprehensive overview of cloud computing security, addressing the challenges and risks associated with storing and processing data in the cloud. It explores various security issues faced by both cloud providers and their customers, including insider attacks, data isolation, and virtualization vulnerabilities. The report details cloud security controls, categorizing them into deterrent, preventive, detective, and corrective measures. It also covers dimensions of cloud security, such as identity management, physical security, personnel security, and data security, including confidentiality, access controllability, and integrity. The report also discusses advanced encryption algorithms and the role of CISOs in managing cloud services and applications. The report emphasizes the importance of comprehensive audits, application testing, and incorporating security measures throughout the software development life cycle to ensure a secure cloud environment.

Task 3
1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cloud computing security or, more just, cloud security alludes to an expansive set of policies,
technologies, and controls sent to ensure data, applications, and the associated infrastructure of
cloud computing. It is a sub-domain of PC security, network security, and, more extensively,
information security.
The approach of cloud computing is actually forcing organizations to change their techniques.
Already, contracting another worker implied furnishing him with a work area, PC gear and
different other hardware or software. Cloud computing enables them to lessen these capital
expenditures fundamentally. Presently each of the employees needs is a PC with a web
association with access the work data. Work areas and office gear may in any case be vital;
however the interest in PC hardware can be outsourced to cloud computing organizations. The
hardware and software demands on the business' side reduction drastically. Labor costs per
singular representatives go down, empowering an organization to procure more workers.
Productivity expands, raising the proficiency and profits of the business.
Security issues associated with the cloud
The essential motivation behind why cloud computing is getting so much consideration is its
impact on business methodologies. The sheer cost weight alone is forcing industry after industry
to adjust to the new reality. The points of interest notwithstanding, a few legitimate concerns
about cloud computing exist, specifically doing with privacy and security.
Entrepreneurs and administrators may hesitate to turn over their sensitive data to an outsider
system all things considered. Losing access to their own data or having it compromised is
unsatisfactory in a heartlessly competitive private sector. One major contention against this dread
is the fact that cloud computing organizations survive based on their notorieties. This gives them
a colossal impetus not to lose their clients data or bargain accessibility. Despite the intensity of
this motivating force, regulations may at present be required to guarantee wellbeing.
With respect to privacy, the conspicuous concern is the association between the client's PC and
the cloud system. Privacy could undoubtedly be compromised by corrupt people who could
2

access individual information like credit card numbers. An answer for this issue is to utilize
authentication and encryption like customary secure associations.
These practical concerns are to some degree eclipsed by various philosophical and lawful
inquiries. While it is held in the customer's name, a case could possibly be made that the cloud
computing system is the actual proprietor and therefore has a privilege to it. These technicalities
are still under open deliberation, and no determination has yet been accomplished.
Cloud computing and storage gives users capabilities to store and process their data in outsider
data centers Organizations utilize the cloud in a wide range of service models (with acronyms,
for example, SaaS, PaaS, and IaaS) and deployment models (private, public, hybrid, and
community). Security concerns associated with cloud computing fall into two general categories:
security issues looked by cloud providers (organizations giving software-, platform-, or
infrastructure-as-a-service by means of the cloud) and security issues looked by their customers
(organizations or organizations who host applications or store data on the cloud).The
responsibility is shared, be that as it may. The supplier must guarantee that their infrastructure is
secure and that their clients' data and applications are ensured, while the client must take
measures to fortify their application and utilize strong passwords and authentication measures.
At the point when an organization chooses to store data or host applications on the public cloud,
it loses its ability to have physical access to the servers hosting its information. Accordingly,
potentially sensitive data is in danger from insider attacks. According to an ongoing Cloud
Security Alliance report, insider attacks are the 6th greatest risk in cloud computing. Therefore,
cloud service providers must guarantee that thorough personal investigations are directed for
representatives who have physical access to the servers in the data focus. Additionally, data
centers must be as often as possible monitored for suspicious activity.
In order to moderate resources, cut costs, and look after productivity, cloud service providers
often store more than one client's data on a similar server. Accordingly, there is a possibility that
one client's private data can be seen by other users (possibly even competitors). To handle such
sensitive situations, cloud service providers ought to guarantee appropriate data disengagement
and logical storage isolation.
3

The broad utilization of virtualization in actualizing cloud infrastructure brings unique security
concerns for customers or inhabitants of a public cloud service. Virtualization modifies the
connection between the OS and fundamental hardware – be it computing, storage or
notwithstanding networking. This presents an additional layer – virtualization – that itself must
be legitimately arranged, managed and secured.Specific concerns incorporate the potential to
trade off the virtualization software, or "hypervisor". While these concerns are to a great extent
theoretical, they do exist. For instance, a breach in the administrator workstation with the
management software of the virtualization software can cause the entire data focus to go down or
be reconfigured to an attacker's preferring.
Cloud security controls
Cloud security architecture is viable just if the correct cautious usage are set up. Proficient cloud
security architecture ought to perceive the issues that will emerge with security management.
The security management tends to these issues with security controls. These controls are set up
to shield any shortcomings in the system and diminish the impact of an assault. While there are
numerous kinds of controls behind a cloud security architecture, they can more often than not be
found in one of the accompanying categories:
Deterrent controls
These controls are planned to decrease attacks on a cloud system. Much like a notice sign on a
fence or a property, deterrent controls ordinarily diminish the risk level by informing potential
attackers that there will be antagonistic outcomes for them in the event that they continue. Some
consider them a subset of preventive controls.
Preventive controls
Preventive controls strengthen the system against occurrences, for the most part by decreasing if
not actually eliminating vulnerabilities. Strong authentication of cloud users, for example, makes
it more outlandish that unauthorized users can access cloud systems, and more likely that cloud
users are positively distinguished.
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Detective controls
Detective controls are planned to recognize and react suitably to any episodes that happen. In
case of an assault, a detective control will flag the deterrent or corrective controls to address the
issue. System and network security monitoring, including intrusion detection and prevention
arrangements, are commonly utilized to identify attacks on cloud systems and the supporting
correspondences infrastructure.
Corrective controls
Corrective controls diminish the results of an episode, normally by limiting the harm. They
become effective amid or after an episode. Restoring system backups in order to reconstruct a
compromised system is a case of a corrective control.
Dimensions of cloud security
It is for the most part prescribed that information security controls be chosen and actualized
according and in proportion to the dangers, commonly by evaluating the threats, vulnerabilities
and impacts. Cloud security concerns can be assembled in different ways; Gartner named seven
while the Cloud Security Alliance recognized fourteen zones of concern. Cloud access security
brokers (CASBs) are software that sits between cloud service users and cloud applications to
monitor all activity and enforce security policies.
Security and privacy
Identity management
5

Each endeavor will have its own particular identity management system to control access to
information and computing resources. Cloud providers either incorporate the client's identity
management system into their own infrastructure, utilizing league or SSO technology, or a
biometric-based identification system, or give an identity management system of their own. It
interfaces the confidential information of the users to their biometrics and stores it in an
encrypted design. Making utilization of a searchable encryption system, biometric identification
is performed in encrypted domain to ensure that the cloud supplier or potential attackers don't
access any sensitive data or even the contents of the individual questions.
Physical security
Cloud service providers physically secure the IT hardware (servers, routers, cables and so forth.)
against unauthorized access, impedance, theft, fires, surges and so on and guarantee that basic
supplies, (for example, electricity) are adequately strong to limit the possibility of disruption.
This is normally accomplished by serving cloud applications from 'world-class' (i.e.
professionally specified, designed, constructed, managed, monitored and maintained) data
centers.
Personnel security
Different information security concerns identifying with the IT and other professionals
associated with cloud services are normally handled through pre-, para-and post-business
activities, for example, security screening potential recruits, security awareness and preparing
programs, proactive.
Privacy
6

Providers guarantee that every critical datum are veiled or encrypted and that exclusive
authorized users approach data completely. Moreover, digital identities and credentials must be
ensured as should any data that the supplier gathers or delivers about client activity in the cloud.
Data security
Various security threats are associated with cloud data services: not just traditional security
threats, for example, network listening in, illegal invasion, and denial of service attacks, yet
additionally particular cloud computing threats, for example, side channel attacks, virtualization
vulnerabilities, and mishandle of cloud services. The accompanying security requirements limit
the threats.
Confidentiality
Data confidentiality is the property that data contents are not made accessible or disclosed to
illegal users. Outsourced data is stored in a cloud and out of the proprietors' immediate control.
Just authorized users can access the sensitive data while others, including CSPs, ought not
increase any information of the data. In the interim, data proprietors hope to completely use
cloud data services, e.g., data search, data computation, and data sharing, without the spillage of
the data contents to CSPs or other adversaries.
Access controllability
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Access controllability implies that a data proprietor can perform the specific limitation of access
to her or his data outsourced to cloud. Legitimate users can be authorized by the proprietor to
access the data, while others can't access it without consents. Further, it is alluring to enforce
fine-grained access control to the outsourced data, i.e., distinctive users ought to be conceded
diverse access benefits as to various data pieces. The access authorization must be controlled just
by the proprietor in untrusted cloud situations.
Integrity
Data integrity demands keeping up and guaranteeing the precision and culmination of data. A
data proprietor dependably expects that her or his data in a cloud can be stored correctly and
trustworthily. It implies that the data ought not be illegally altered, dishonorably changed,
intentionally erased, or malignantly manufactured. On the off chance that any bothersome
activities corrupt or erase the data, the proprietor ought to have the capacity to distinguish the
corruption or loss. Further, when a portion of the outsourced data is corrupted or lost, it can even
now be recovered by the data users.
Encryption
Some propelled encryption algorithms which have been connected into cloud computing
increment the protection of privacy. In a practice called crypto-destroying, the keys can
essentially be erased when there is no more utilization of the data.
Attribute-based encryption algorithms
Attribute-based encryption is a sort of public-key encryption in which the mystery key of a client
and the ciphertext are needy upon attributes.
8

CISOs need to approach the issues with respect to cloud computing security in two different
ways: one concentrating on cloud services, and the other on created applications.
To successfully oversee cloud services, begin with a far reaching audit of cloud providers. IT
chiefs should as of now be doing these audits as a component of their due perseverance, however
it's important that CISOs and other information-security personnel play a part in this process to
guarantee that any potential vendor offers fundamental security measures, as encrypted data very
still and two-factor authentication.
Once a vendor's security measures are considered satisfactory, CISOs should look inside to their
ventures' new and existing applications, a process that is more convoluted when the cloud is
included. Cloud computing takes into consideration the fast improvement and arrival of
applications, particularly when advancement receives an Agile methodology, which implies it's
basic that organizations incorporate application testing into their Software Development Life
Cycles. CISOs must start with a disclosure process (which is generally a little amazing in big
business cloud conditions), alongside an audit of all advancement groups, their particular
applications and their discharge cycles. With an entire improvement outline put, endeavors can
start incorporating being developed trying to guarantee that new applications are secure when
they're discharged.
All current cloud-based applications, which ought to likewise be mapped in the revelation
process, must be filtered for vulnerabilities without granulating IT to a stop in the process.
Parallel examining for referred to vulnerabilities, for example, the OWASP Top 10, will give
significant knowledge into the applications' general quality. And critical applications ought to
experience profound outputs so endeavors can see a more thorough perspective of every
potential vulnerability. CISOs ought to consider cloud-based answers for these outputs, as a
cloud-security vendor is probably going to understand the cloud superior to a heritage
9

arrangement, and the sweep itself stays sufficiently lightweight to test a whole catalog of
applications.
At last, when working in cloud conditions, CISOs need to understand the dangers inalienable to
outsider and open-source software — for instance, such software can have vulnerabilities that are
hard to get in runtime, and source code isn't generally accessible. Evade those issues by utilizing
security arrangements that sweep paired code. Often introduced as a feature of a bigger bundle,
these arrangements leave most of the remediation and mitigation legwork to security vendors,
authorizing endeavor IT resources for other squeezing undertakings.
Indeed, even as the cloud turns out to be more secure, cloud vendors hoping to compromise will
keep on giving their industry a terrible rep. Endeavor information-security pioneers can't
generally control which cloud vendors are utilized, however they can guarantee their applications
are as secure as possible for deployment in the cloud, giving their organizations a noteworthy leg
up finished the competition.
10