Cloud Security

1
Cloud Computing and Security
Presented by Ms.R.Pragadeeshwari Assistant
Professor Bon Secours College for Women Thanjavur
2
RISKS IN CLOUD COMPUTING

• The most significant risks presented by cloud
  computing are SLAs violations, proficiency to
  amply consider risks of a cloud provider, blame
  to defend perceptive data, virtualization-related
  risks, lessening of direct command of assets and
  software programs, compliance risks and decreased
  reliability since service providers may proceed
  out of business

• The levels, from base to peak, are
  infrastructure, storage, platform, application,
  services and client.

3
Cloud Computing Risks

• Risk 1The solution may not meet its economic
  objectives Do the short-run and long-run ROI
  work.
• Risk 2The solution may not work in the context
  of the client enterprises association and
  culture This should encompass the establishment
  of a clear roadmap for procurement or
  implementation of cloud services and applications
  .
• Risk 3The solution may be tough to evolve due
  to the adversity of incorporating the cloud
  services involved The service integration risk
  can be considered by contemplating interface
  alteration cost, proficiency to change the
  existing system and available skills.
• Risk 4A catastrophe may occur from which the
  solution will not recover As part of a risk
  investigation, it should recognize the unplanned
  happenings that could damage and assess their
  probabilities and impacts.

4
RISK MANAGEMENT

• Risk management is a significant part of business
  planning. The method of risk management is
  believed to reduce or eradicate the risk of
  certain types of happenings or having an
  influence on the business.

5
CLOUD IMPACT

• Cloud computing has provided possibilities for
  organizations of all types to reduce the risks
  affiliated to IT acquisition (software and
  hardware), in sync with enterprise desires and
  total costs.

6

• What is Risk Management?
• Risk Management is the practice followed to avert
  as many errors as possible and devising fee
  procedures for the rest.
• Risk management is technical and set about
  considering the untainted risks faced by users
  and businesses.

7
Risk Management Process

• The methods in risk management. The method
  comprises of six steps which either an expert or
  nonprofessional risk supervisor can chart to an
  organizations enterprise conclusions and business
  goals.

8
Step 1 Identify the Risk. The initial step in
the risk management process is to identify the
risks that the business is exposed to in its
operating environment. ... Step 2 Analyze the
Risk. ... Step 3 Evaluate the Risk or Risk
Assessment. ... Step 4 Treat the Risk. ... Step
5 Monitor and Review the Risk.
9
TYPES OF RISKS IN CLOUD COMPUTING
Threat 1Misuse and illicit use of cloud
computing Lawless individuals may take advantage
of the befitting registration, straightforward
methods and somewhat anonymous access to cloud
services to launch diverse attacks. Threat
2Insecure interfaces and APIs Customers
organize and combine with cloud services through
interfaces or APIs. Providers should double-check
that security is incorporated into their service
forms, while users should be cognizant of
security risks in the use, implementation, and
administration and monitoring of such
services. Threat 3Vicious insiders Vicious
insiders represent a larger risk in a cloud
computing environment, since clients manage not
have a clear outlook of provider principles and
procedures. Threat 4Issues-related technology
sharing IaaS is based on distributed
infrastructure, which is often not conceived to
accommodate a multi-tenant architecture.
10
Threat 5Data loss or leakage Compromised data
may encompass (i) deleted or changed data without
producing a backup, (ii) unlinking a record,
(iii) decrease of an encoding key and (iv)
unauthorized access to perceptive data. Threat
6Hijacking (Account/Service) Account or
service hijacking is generally carried out with
pilfered credentials. Such attacks encompass
phishing, deception and exploitation of programs
vulnerabilities. Threat 7Unknown Risk Profile
Cloud services signify that organizations are
less engaged with hardware and software ownership
and maintenance.
11
Other Risk in Cloud Internal Security Risk Cloud
computing presents flexibility by outsourcing the
services, but it also adds inherent risks of
malicious insiders and abusive use of login
access by an unauthorized person. External
Security Risk Cloud computing technologies can
be utilized as a platform for commencing attacks,
hosting Spam/Malware, programs . Data Protection
Risk Public cloud infrastructure constituents
are normally not conceived for compartmentalizatio
n and are prone to vulnerabilities than can be
exploited.
12
DATA SECURITY IN CLOUD

• Data security risks are aggregated by the open
  environment of cloud computing.
• Accessibility of data is the basic concern in
  cloud-based systems.
• One way this can be done is by adding an element
  of control, in the pattern of access control, to
  pay for risk mitigation for a platform.

13
Security Advantages in Cloud Environments
Data centralization In a cloud atmosphere, the
service provider takes responsibility of storage
and small organizations need not spend more money
for personal storage devices. Also, cloud-based
storage provides a method to centralize the data
much faster and probably with low cost. Incident
response IaaS providers contribute dedicated
legal server which can be used on demand.
Whenever there is a violation of the security
policy, the server can be intimated through
online. When there is an inquest, a backup of
the environment can be effortlessly made and put
up on the cloud without affecting the usual
course of business. Forensic image verification
time Some cloud storage implementations reveal a
cryptographic ascertain addition or hash. For
example, MD5 hash function is developed
automatically by Amazon S3 during object storage.
Therefore in principle, the time to develop MD5
checkups utilizing external devices is
eliminated. Logging In a usual computing
paradigm by and large, logging is regular
feature. In general, insufficient computer disk
space is assigned that makes logging either
non-existent or minimal.
14
Security Disadvantages in Cloud
Investigation Investigating an illegal
undertaking may be unrealistic in cloud
environments. Cloud services are particularly
hard to enquire. Data segregation Data in the
cloud is normally in a distributed simultaneously
with data from other customers. Long-term
viability Service providers should double-check
the data security in altering enterprise
positions, such as mergers and acquisitions.
Compromised servers In a cloud computing
environment, users do not even have an
alternative of utilizing personal acquisition
toolkit. Regulatory compliance Traditional
service providers are exempted from outside
audits and security certifications. Recovery
Cloud service providers should double-check the
data security in natural and manmade disasters.
Generally, data is duplicated over multiple
sites.
15
Cloud Security Services

• Network Security Services These services focus
  on protecting the underlying networking
  infrastructure from threats, unauthorized access,
  and disruptions. 
• Data Protection Services As the name suggests,
  these services revolve around protecting a
  companys data stored in the cloud. 
• Identity and Access Management Services (IAM)
  IAM services are critical to cloud security,
  ensuring that only authorized individuals can
  access specific resources.
• Threat Intelligence and Secure DevOps Services
  These services focus on predicting, identifying,
  and mitigating potential threats to cloud
  security. 

16
SECURITY AUTHORIZATION CHALLENGES IN THE CLOUD

• Misconfiguration
• Unauthorized Access
• Hijacking of Accounts
• Lack of Visibility
• Data Privacy/Confidentiality
• External Sharing of Data
• Legal and Regulatory Compliance
• Unsecure Third-party Resources

17
Protection Tips
18
THANK YOU