subiecte.info Personal Growth CLOUD SECURITY AND PRIVACY PDF

Cloud security and privacy pdf

Sunday, May 12, 2019 admin Comments(0)

economic, service quality, interoperability, security and privacy issues still . cloud adoption as it relates to traditional network and information security practices. Regarding security and privacy, a finding was reported by IDC based on a study CIOs on cloud computing, in which 75% of respondents listed security as. You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many.


Author: BARI SALAMONE
Language: English, Spanish, Hindi
Country: Libya
Genre: Technology
Pages: 221
Published (Last): 13.11.2015
ISBN: 415-1-41491-388-8
ePub File Size: 29.51 MB
PDF File Size: 16.21 MB
Distribution: Free* [*Regsitration Required]
Downloads: 28250
Uploaded by: SANTINA

Cloud Security and Privacy provides a guide to assist those who are Cloud Security and Privacy is a book for everyone who is interested in. 年1月9日 PDF | On Jan 1, , Tim Mather and others published Cloud Security and Privacy: An Enterprise Perspective on Risks andCompliance. PDF | Cloud computing allows organizations to deliver better and In this paper we have developed a cloud security and privacy taxonomy.

Cloud Infrastructure as a service is also referred as Hardware as a service. Cloud computing has grown due to its advantages like This paper will focus on the major security and privacy storage capacity, resources pooling and multi-tenancy. The various plug-ins and applications available in the web browsers also causes a serious threat to the client systems used to access the provider. Access control: Providers should be equipped with data recovery plans in all emergencies.

A list of necessary port and services should be maintained. Assessment of firewall policies and rule sets and reconfiguration of router should be done in regular intervals. Build and deploy a firewall that restricts access from systems that have direct external connection and those which contain confidential data or configuration data.

Data encryption is one common approach the providers follow to safe guard their clients data but the question is whether the data is getting stored in encrypted format or not. To store crucial data organizations can think of private or hybrid cloud where the data will be in secure corporate firewall. Data refinement is valid in case of backed up data also.

The cloud customers will never be able to make out the exact storage location of their records and there comes the importance of data back up and recovery.

Backup software should include public cloud APIs, enabling simple backup and recovery across major cloud storage vendors, such as Amazon S3, Nirvanix Storage Delivery Network, Rackspace and others, and giving consumers flexibility in choosing a cloud storage vendor to host their data vault. If provider agrees to backup crucial data then the question arises on how to determine the priority of data. The easiest and least complicated way is to protect the entire workstation or the server.

It is critical for the backup application to encrypt confidential data before sending it offsite to the cloud, protecting both data-in-transit over a WAN to a cloud storage vault and data-at-rest at the cloud storage site. Consumers need to verify that the cloud backup software they choose is certified and compliant with the Federal Information Processing Standards FIPS requirements issued by the National Institute of Standards and Technology.

FIPS certification is required for government agencies as well as for regulated financial, healthcare and other industries for compliance with data retention and security regulations such as HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley and other legal requirements.

Identity and Access management eliminates the need for www. Identity federation, popularized with the introduction of service oriented architectures, is one solution that can be accomplished in a number of ways, such as with the Security Assertion Markup Language SAML standard or the OpenID standard. SAML provides a means to exchange information, such as assertions related to a subject or authentication information, between cooperating domains.

SOAP messages are digitally signed. For example, once a user has established a public key certificate for a public cloud, the private key can be used to sign SOAP requests. SOAP message security validation is complicated and must be carried out carefully to prevent attacks. A new element i. The original body can still be referenced and its signature verified, but the operation in the replacement body is executed instead. SAML alone is not sufficient to provide cloud-based identity and access management services.

The capability to adapt cloud subscriber privileges and maintain control over access to resources is also needed. As part of identity management, standards like the eXtensible Access Control Markup Language XACML can be used by a cloud provider to control access to cloud resources, instead of using a proprietary interface.

You might also like: LANDLINE BY RAINBOW ROWELL PDF

XACML is capable of controlling the proprietary service interfaces of most providers, and some cloud providers already have it in place. Messages transmitted between XACML entities are susceptible to attack by malicious third parties, making it important to have safeguards in place to protect decision requests and authorization decisions from possible attacks, including unauthorized disclosure, replay, deletion and modification [Def 9].

Keep a log of Users who access data, time of event and event description. Providers should verify the authenticity of their clients. Frequent data backup policy should be in place Penetration testing at regular intervals to ensure vulnerabilities is not in the cloud. Based on the above discussed proposals i have come up with a framework that will help the cloud consumers and providers to safe guard the data to some extend.

Cloud Providers have number of clients and they may offer any of the services namely Iaas, Paas, Saas. In this framework the providers check for user authentication, make sure that the clients approaching them are authorized and genuine.

Steps involved in security framework are explained below: Alternate plans should be ready to meet unexpected disasters.

Providers should be equipped with data recovery plans in all emergencies.

(PDF) Addressing Security and Privacy Issues in Cloud Computing | Emad Abu Shanab - subiecte.info

Deleting data from servers, backup devices when the service is removed or server is removed from the cloud. System logs must be maintained with the following details users accessed the data, when, how much time was spend , and modifications made.

But it can help to a great extend to ensure data security in cloud. The flexibility the cloud brings in has some disadvantages over privacy and security.

Security pdf privacy cloud and

If the providers and consumers follow the security measures discussed above cloud computing will be more secure. As and when the issues around security and privacy are elucidated cloud computing will be accepted widely. Cloud providers should also incorporate these measures to assure secure transaction among its customers. Issues concerning data ownership is an on going debate and it is a crucial aspect in cloud computing. When consumers migrate critical company data to the cloud they are not giving the data tenure to the providers.

Providers should ensure that the business-data customers store on the cloud should not be compromised under any circumstances. It is mere common sense that the right to use data, manipulate, modify and ownership of data stored in the cloud is customers and there should be an agreement in place that prohibits the data usage by providers.

In traditional data centers business had the privilege to know about the data flow, exact data location, precautions used to protect data from unauthorized access. In public cloud the idea of data storage is distinct; business is unlikely to know where and how the data is stored, when data is moved, and what particular security measures are in place. In case of privacy infringement due to providers fault the confusion still exist on who will take the responsibility and will compensate to the affected people.

Lack of common security standards also adds to the concern of data storage over cloud. Public cloud has the attraction of cost saving and low maintenance but the enticement comes www. The infra structure has to be shared with unknown people. A cyber invader can act as a subscriber and can spread malicious viruses in the system.

The vendor may grant some privileged third parties access to your stored data. The identity of such parties, if any, must be disclosed to the customer. Here, the third party could be a legal authority or even an internal employee. The customer should always be informed before the vendor allows third parties to access the stored data [Def 3]. Non cloud services also have security concerns but cloud has additional risk of external party involvement and exposure of critical and confidential data outside organizations control.

Modifying security measures or introducing pristine best practices relevant to one particular organization is also unattainable. Cloud provider stores the data in providers side and maintenance is exclusively done by the providers hence clients have no means to check on the providers security practices, providers employees, their skills specializations etc.

Incidents may also be caused unintentionally where employees mistakenly send across the sensitive data to wrong recipient. Applications which people used to access within organizations intranet are hence exposed to networking threats and internet vulnerabilities which includes distributed denial of service attacks, phishing, malwares and Trojan horses.

If an attacker gains access to client credentials, they can eavesdrop on all activities and transactions, manipulate data, return falsified information, and redirect clients to illegitimate sites. Your account or service instances may become a new base for the attacker. From here, they may leverage the power of your reputation to launch subsequent attacks.

Privacy and cloud pdf security

Providers should be able to tell the users what will happen in case of any natural disaster, how much of data they will be able to recover and the stipulated www. The difficulty in retrieving data if there is a change in provider or a need to roll to different platform adds to the apprehension to embrace cloud computing. We have discussed about the different security vulnerabilities of cloud computing and the question arises about the measures that has to be taken to secure data over the cloud.

Proper implementation of security measures is mandatory in cloud computing. The fact that application is launched over the internet makes it susceptible for security risks. Cloud providers should think beyond the customary security practices like restricted user access, password protection etc. When an employee no longer has a business need to access datacenter his privileges to access datacenter should be immediately revoked. A firewall should be present in all external interfaces.

A list of necessary port and services should be maintained. Assessment of firewall policies and rule sets and reconfiguration of router should be done in regular intervals. Build and deploy a firewall that restricts access from systems that have direct external connection and those which contain confidential data or configuration data.

Data encryption is one common approach the providers follow to safe guard their clients data but the question is whether the data is getting stored in encrypted format or not.

To store crucial data organizations can think of private or hybrid cloud where the data will be in secure corporate firewall.

Data refinement is valid in case of backed up data also. The cloud customers will never be able to make out the exact storage location of their records and there comes the importance of data back up and recovery.

Backup software should include public cloud APIs, enabling simple backup and recovery across major cloud storage vendors, such as Amazon S3, Nirvanix Storage Delivery Network, Rackspace and others, and giving consumers flexibility in choosing a cloud storage vendor to host their data vault. If provider agrees to backup crucial data then the question arises on how to determine the priority of data.

So information will be issues need to be addressed like: Insufficient user control exposed to the risk of unauthorized access. In other word, over his data, information disclosure in movement across we face a big challenge when we talk about sharing a the cloud, unauthorized secondary storage of sensitive cloud computing resources with protecting customer data, uncontrolled data proliferation, and dynamic privacy.

The important step to solve this challenge is data provision legal challenges [23]. Privacy Challenges Solutions Another difficult issue about cloud computing is the Many methods were proposed to preserve privacy movement of data, where data may transfer between anytime and anywhere.

In this review we will describe countries and face local regulations. Information some of these methods and approaches called Privacy anonymity is the solution in this case by ensuring Preserving Methods. The privacy of must guarantee both preserving the privacy of data as users their identity and data in the cloud is a very well as assuring data correctness [23].

The anonymity algorithm depending on TPA to carry out auditing. Here, Three works in a very logical manner, firstly, processes the data algorithms: KeyGen, RingSign and RingVerify are and anonymizes all or some information before shooting constructed for achieving the privacy-preserving auditing it in the cloud environment.

Often not always, the cloud [23]. Privacy Laws and Regulations has and incorporates the details with the anonymous data to mine the needed knowledge.

Pdf privacy cloud and security

When studying the Realizing the difficulties facing cloud computing, we traditional approach for privacy preserving i. But Anonymity-based method is responsibility , to sustain an acceptable privacy levels easier, the attributes that has to be made anonymous and encourage users to use cloud computing. Also, varies and it depends on the cloud service provider [23] researchers are worried that could computing concept will [24]. Users can sectors [30]. There are two main PEP are used for making authorization decisions and options that can be used: Master Policy and self-regulation or by regulating it by the government.

Decision Points are launched, which figure out and solve Within the privacy context there are differences between the conflicts among various decisions of different PDPs. Other users unauthorized access of their data. As the cloud provider is proclaimed that self-regulation is difficult as no available trusted, encryption of outsourced data is not done [25]. When we talk about significant, and logical policies to implement.

On the other hand, [30]. After the request arrives to the database, encryption Other directions in research concluded that making the and assigning secured identities for each request is done. The authors complete the process of preserving privacy. This suggested a complaints department to handle this issue, approach prevents the risk of both internal and external where users submit their complaints a service provider, attacks to outsourced data however this approach faces a then complaints be forwarded anonymously to public big challenge in providing machine readable access rights authorities, and finally, run its operations in a public [23].

Public departments need not need to find any Oruta approach: The previous approaches proposed concerns related to cloud computing. Also, we by Ref.

This approach takes requirements, applications and associated challenges and into account three major entities: In this paper we described some models and auditing TPA and the users whom are statically grouped solutions to create a simplified view of cloud computing into two types: A Study on challenge in this field. Some solutions depended on the Cloud Security Issues and challenges.

Cloud Security and Privacy

Cloud Computing: International management. Research is Computing Security Issues and Challenges. The real Would the synergies from utilizing the [6] Jamil, D. Security issues in cloud lower cost of cloud computing economical gains computing and countermeasures. Also, in this work, privacy concerns were identified as [7] Kumar, S. Cloud Computing — an associated concern with security flaws. Privacy issues Research Issues, Challenges, Architecture, Platforms and were discussed and some solutions also were proposed.

A Survey. International Journal of Computational This research work focused on providing solutions to Intelligence and Information Security, Vol.

An Analysis of literature in this area. The cloud computing concept is a Security Challenges in Cloud Computing. Businesses are keen on understanding this Applications, Vol. A survey on security as challenges in cloud computing. International Journal of Advanced and practice society.

Cloud risk of obsolescence of technology. Future work in this area should focus of two major International Journal of Soft Computing and Engineering tracks: The second track is the business adoption [13] Ashktorab, V. Security of such environment and how top management takes the Threats and Countermeasures in Cloud decision to follow such path or not.

The Innovation Computing. Diffusion Theory IDT is a suitable tool that contributes 1 2 , pp. International be explored empirically through a field research that Journal of Emerging Technology and Advanced investigates the perceptions of organizations after Engineering, Vol.

Security Framework for experience. Cloud Computing Environment: A Review. Secure [1] Patidar, K. A Shrivastava, M. Integrating the Trusted survey. Privacy in the clouds: A report Security threats and Counter http: Security and Privacy in Cloud Sinjilawi is a computer McSpedden-Brown, N.

Cloud Computing. Accessed from mining, Information retrieval, and Cloud the Internet in October from: He recently graduated from http: Security issues of banking Mohammad Q. AL-Nabhan received his adopting the application of cloud computing. International B. Systems from Yarmouk University, [22] Subashini, S. A survey on security Jordan, in June and M. Journal of Network and Computer same University. His research interests Applications, Vol.

Privacy Preserving networks, and software testing. Approaches in Cloud: