Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à security Issues of cloud computing
Similaire à security Issues of cloud computing (20)
Dernier
Dernier (20)
security Issues of cloud computing
- 1. Current Security Issues for cloud computing
- 2. Contents • Introduction • Cloud models • Security Issues • Conclusion • References
- 3. WHAT IS CLOUD COMPUTING??? • Features – Use of internet-based services to support business process – Rent IT-services on a utility-like basis • Attributes – Rapid deployment – Low startup costs/ capital investments – Costs based on usage or subscription – Multi-tenant sharing of services/ resources • Essential characteristics – On demand self-service(just-in-time availability of resources”) – Ubiquitous network access – Location independent resource pooling – Rapid elasticity – Measured service Source: NIST
- 4. Cloud Models • Delivery Models – SaaS – PaaS – IaaS • Deployment Models • Public cloud: • multiple customers share the computing resources provided by a single service provider. • Private cloud: • computing resources are used and controlled by a private enterprise. • Hybrid cloud: • A third type can be hybrid cloud that is typical combination of public and private cloud. • Community cloud: • Several organizations jointly construct and share the same cloud .
- 6. Problems Associated with Cloud Computing • Most security problems stem from: – Loss of control – Lack of trust (mechanisms) – Multi-tenancy SECURITY ISSUES: • Network security. • Interfaces. • Data Security. • Virtualization. • Governance
- 7. 1.Network security Problems associated with network communications and configurations regarding cloud computing infrastructures. (a)Transfer security: Distributed architectures,massive resource sharing and virtual machine(VM) instances synchronization imply more data in transit in the cloud,VPN(virtual private network)( mehanism.dropbox) (b) Firewalling: (yotta networks) Firewalls protect the provider’s internal cloud infrastructure against insiders and outsiders.
- 8. 2.Data security Is Data Secure??? Protection of data in terms of confidentiality. (a) Cryptography:-Most employed practice to secure sensitive data. 1.Keep cloud credentials safe. 2.Keep encrypted data.(encrytion keys). (b) Redundancy: Essential to avoid data loss. (c) Disposal: Elementary data disposal techniques are the insufficient and commonly referred a deletion .
- 9. 3.Virtualization • Virtualization is an essential technological characteristic of clouds which hides the technological complexity from the user and enables enhanced flexibility (through Aggregation, Routing and Translation). • (a) Isolation:-Although logically isolated, all VMs share the same hardware and consequently the same resources. • (b) Data leakage: Exploit hypervisor vulnerabilities and lack of isolation controls in order to leak data from virtualized infrastructures
- 10. . (c) VM identification: Lack of controls for identifying virtual machines that are being used for executing a specific process or for storing files. (d) Cross-VM attacks:-Includes attempts to estimate provider traffic rates in order to steal cryptographic keys and increase chances of VM placement attacks.
- 11. 4.Interfaces Concentrates all issues related to user administrative. (a) API:- Programming interfaces for accessing virtualized resources. (b) Administrative interface: Enables remote control of resources in an IaaS development for PaaS and application tools for SaaS. (c) User interface:-End-user interface for exploring provided resources and tools(the service itself). (d) Authentication:-Mechanisms required to enable access to the Cloud.
- 12. 5.Governance • Issues related to (losing) administrative and security cloud computing solutions. • (a) Data control:- • Moving data to the cloud means losing control over redundancy. – Data, applications, resources are located with provider – User identity management is handled by the cloud – User access control rules, security policies and enforcement are managed by the cloud provider – Consumer relies on provider to ensure Data security and privacy (b) Security control:- Loss of governance over security mechanisms and policies.
- 13. • (c) Lock-in: • User potential dependency on a particular service provider due to lack of well-established standards ,consequently becoming particularly vulnerable to migrations and service termination.
- 14. Conclusion • Cloud computing is sometimes viewed as a reincarnation of the classic mainframe client-server model – However, resources are ubiquitous, scalable, highly virtualized – Contains all the traditional threats, as well as new ones • The main goal is to securely store and manage data that is not controlled by the owner of the data
- 15. References 1. NIST (Authors: P. Mell and T. Grance), "The NIST Definition of Cloud Computing (ver. 15)," National Institute of Standards and Technology, Information Technology Laboratory (October 7 2009). 2. J. McDermott, (2009) "Security Requirements for Virtualization in Cloud Computing," presented at the ACSAC Cloud Security Workshop, Honolulu, Hawaii, USA, 2009. 3. J. Camp. (2001), “Trust and Risk in Internet Commerce,”
Notes de l'éditeur
- Government and Military sectors: complicated procurement rules and stringent security requirements Cloud-based categories: Cloud-based applications (SAAS) Cloud-based development (e.g. Google App Engine) Cloud-based infrastructure (e.g. Amazon’s EC2)
- Trust and tenancy issues as well as loss of control related to the management model
- Data mobility: the abiltiy to share data between cloud services Where does data reside? - out-of-state, out-of-country issues Security Concerns for government in particular FISMA How to certify and accredit cloud computing providers under FISMA (e.g. ISO 27001)