CLOUD COMPUTING AND SECURITY By V.

Harshith

Cloud Computing
A Game Changing Technology
• Location independent computing • Shared servers  resources, software, and data • Elasticity (Use of computer resources Dynamically) • Cost reduction

• Natural evolution of Cloud:
– Virtualization – Service-Oriented Architecture – Utility computing

• Details are abstracted from consumers

Computing Paradigms
• Distributed Computing – Cluster Computing – Grid Computing • Parallel Computing – Super Computing • Ubiquitous Computing • Pervasive Computing • Mobile Computing • Utility Computing • Soft Computing • Cloud Computing

CLOUD
CLOUD

COMPUTING COMPUTING

. whereby shared resources. software and information are provided to computers and other devices on-demand. Cloud computing is an Internet-based computing.Cloud computing is a synonym for distributed computing .

• Everything Old Becomes New Again . • Paying only for what they use.• Users simply rent or access the software.

.

.

 Shared Infrastructure: Enabling the sharing of physical services. and networking capabilities.Characteristics Cloud computing has a variety of characteristics ON DEMAND SELF SERVICES. storage.  Dynamic Provisioning: Based on current demand requirements levels of reliability and security .

 Managed Metering: Managing and optimizing the service and to provide reporting and billing information. . using standards-based APIs. and mobile devices.• Network Access: Access the internet from a broad range of devices such as PCs. laptops.

CLOUD SERVICE MODELS .

.

photo sharing .SaaS Examples • Email . Social Networking • Information/Knowledge Sharing (Wiki) • Communication (e-mail). Internet Services • Blogging/Surveys/Twitter. Flickr o BitTorrent Amazon EC2 • • • • • Document sharing Elastic Cloud Computing virtual servers for rent called Amazon Machine Images (AMIs) priced on per hour from $1 to $2 • Gov-Apps. Collaboration (e-meeting) • Productivity Tools (office) • Enterprise Resource Planning (ERP) . Calendars and contacts o Google Apps.

PaaS • Application Development. etc.) • Database Management • Directory Services • Networks. etc. Security. Mainframes. Servers. Data. Storage • Telecom Carrier Services • IT Facilities/Hosting Services . • Security Services (Single Sign-On. Workflow. Authentication.

.

Types of Clouds •Public Cloud •Private Cloud •Hybrid Cloud .

Why Do We Need The Cloud ? • Increased accessibility • Decreased operating expenses • Elimination of upfront costs • Immediate upgrades • Lower outages .

• Cloud service providers can be considered similar to silent business partners.com • Sun • VMware • 3tera .Cloud Computing service providers predicts the business will grow above 150 billion dollars by end of 2013. • Amazon • Citrix • cohensiveFT • Flexscale • Google • IBM • Icloud • Joyent • Microsoft • Mozyhome • Nivanix • Rackspace • Salesforce. Below is a partial list of companies that provide cloud computing services.

Benefits • Cost Savings • Scalability/Flexibility • Reliability • Maintenance • Mobile Accessible .

generally • low initial capital investment • shorter start-up time for new services • lower maintenance and operation costs • higher utilization through virtualization • easier disaster recovery .What cloud gives us.

Companies are still afraid to use clouds The Major Issue is Security .

• To move critical applications and sensitive data to public and shared cloud environments via Internet. .Cloud Security • Mobility is a basic need and essential for economic development. • Security is one of the most difficult task to implement in cloud computing.

Where is the Data ? • Different countries have different requirements and controls placed on access. you may not realize that the data must reside in a physical location. . • As your data is in the cloud. • Your cloud provider should agree in writing to provide the level of security required for its customers.

Who has Access ? • Access control is a key concern as insider attacks are a huge risk. . • Anyone considering using the cloud needs to look at who is managing their data and what types of controls are applied to these individuals. Insider attacks are a huge concern as a potential hacker is someone who has been entrusted with approved access to the cloud.

What are the regulatory requirements ? • Organizations operating in the US..g. and review. and COBIT). • We must ensure that the cloud provider is able to meet these requirements and is willing to undergo certification. . Canada. accreditation. or the European Union have many regulatory requirements that they must abide by (e. ISO 27002. ITIL. Safe Harbor.

Do you have the right to audit? • This particular item is no small matter in that the cloud provider should agree in writing to the terms of audit. . • With Cloud Computing maintaining compliance will become more difficult to achieve and even harder to demonstrate to auditors and assessors.

. Knowing how your provider trains their employees is an important issue to review.What type of training does the provider offer their employees? • This is actually a rather important item in that people will always be the weakest link in security.

there is a big difference between WEP and WPA2. Is it being used while the data is at rest and in transit? • You will also want to know what type of encryption is being used. (WiFi Protected Access-II) . • As an example.What type of data classification does the provider use? • How is your data separated from other users? • Encryption should also be discussed.

.What is in the SLA? • The SLA (Service Level Agreement) serves as a contracted level of guaranteed service between the cloud provider and the customer that specifies what level of services will be provided.

what format? .What is the long term viability of the provider? • How long has the cloud provider been in business and what is their track record. If they go out of business. and if so. happens to your data? Will your data be returned. what .

What happens if there is a security breach? • If a security incident occurs. what support the customer receive from the cloud provider? • While many providers promote their services as being un-hackable. cloud based services are an attractive target to hackers. .

Critical Threats of Cloud Security • Account Hijacking • Denial of Service (DoS) • Data Loss • Insecure APIs • Data Breaches • Malicious Insiders • Abuse of Cloud Services • Shared Technology Issues .

Security Attributes • Confidentiality • Integrity • Authentication • Non-Repudiation • Availability .

Cloud Computing Attacks .

based on the identity established by the supplied credentials. . • When a user provides his login name and password to authenticate and prove his identity.Account Hijacking • Authentication Attacks • Authentication plays a critical role in the security of web applications. the application assigns the user specific privileges to the system.

Denial of Service (DoS) • Main aim to stop the victim’s machine from doing it’s required job • Server unable to provide service to legitimate clients Damage done varies from minor inconvenience to major financial losses .

so that the two original parties still appear to be communicating with each other. . substituting his own public key for the requested one.Man in the Middle Attack (MitM) • A man in the middle attack is one in which the attacker intercepts messages in a public key exchange and then retransmits them.

Side Channel Attack • Information leakage from implementation • Attacker Try to Scan Channel loops. .

in the first place. the material must. but they make the elephant stand upon a tortoise. but of chaos. to speak in Sanchean phrase. it must be humbly admitted. Hindus gives the world an elephant to support it. and that beginning must be linked to something that went before. • Invention . does not consist in creating out of void. be afforded … .• Everything must have a beginning.

Common cloud names and Shapes .

Cloud types .

Thank You .

Sign up to vote on this title
UsefulNot useful