SlideShare une entreprise Scribd logo

Cloud Computing Security

Télécharger en tant que DOCX, PDF
Ahmed Banafa
Ahmed Banafa

Cloud Computing Security :A broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing.

InternetTechnologieBusiness
1  sur  5
Cloud Computing Security By: Ahmed Banafa, Distinguished Tenured Staff | Faculty | SME | E-Learning Expert | Four-time winner of instructor of the year award A broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing. Because of the cloud's very nature as a shared resource, identity management, privacy ,access control , are of particular concern. With more organizations using cloud computing and associated cloud providers for data operations, proper security in these and other potentially vulnerable areas have become a priority for organizations contracting with a cloud computing provider. Cloud computing security processes should address the security controls the cloud provider will incorporate to maintain the customer's data security, privacy andcompliance with necessary regulations. The processes will also likely include a business continuity and data backup plan in the case of a cloud security breach. In the second half of 2013, Forrester Research conducted its usual Forrsights Hardware Survey and found enterprise hardware buyers more than willing to make use of cloud servers, but they were limiting their use because of unresolved concerns over security. In that survey, 73% of IT decision makers were concerned about public cloud security, and 51% were concerned about their own private cloud security. Cloud Security Threats According to CSA’s Report of 2013the biggest threats:
 Data Breaches Cloud computing introduces significant new avenues of attack. The absolute security of hypervisor operation and virtual machine operations is still to be proved. Clouds represent concentrations of corporate applications and data, and if any intruder penetrated far enough, who knows how many sensitive pieces of information will be exposed. "If a multitenant cloud service database is not properly designed, a flaw in one client's application could allow an attacker access not only to that client's data, but every other client's data as well," the report concluded.  Data Loss a data breach is the result of a malicious and probably intrusive action.Small amounts of data were lost for some Amazon Web Service customers as its EC2 cloud suffered "a remirroring storm" due to human operator error on Easter weekend in 2011. And a data loss could occur intentionally in the event of a malicious attack.  Account Or Service Traffic Hijacking Account hijacking sounds too elementary to be a concern in the cloud. Phishing, exploitation of software vulnerabilities such as buffer overflow attacks, and loss of passwords and credentials can all lead to the loss of control over a user account.Compromising the confidentiality, integrity, and availability of the services  Insecure APIs The cloud era has brought about the contradiction of trying to make services available to millions while limiting any damage all these largely anonymous users might do to the service. The answer has been Application Programming Interface, or API, that defines how a third party connects an application to the service and providing verification that the third party producing the application is who he says he is. Leading web developers, including ones from Twitter and Google, collaborated on specifying an open authorization service for web services that controls third party access. But security experts warn that there is no perfectly secure public API.  Denial Of Service Denial of service attacks are an old disrupter of online operations, but they remain a threat nevertheless. For cloud customers, "experiencing a denial-of-service attack is like being caught in rush-hour traffic gridlock: there's no way to get to your destination, and nothing you can do about it except sit and wait," according to the report. When a denial
of service attacks a customer's service in the cloud, it may impair service without shutting it down.”  Malicious Insiders Malicious insiders might seem to be a common threat. If one exists inside a large cloud organization, the hazards are magnified. One tactic cloud customers should use to protect themselves is to keep their encryption keys on their own premises, not in the cloud.  Abuse Of Cloud Services Cloud computing brings large-scale, elastic services to enterprise users and hackers alike. It might take an attacker years to crack an encryption key using his own limited hardware. But using an array of cloud servers, he might be able to crack it in minutes,.  Insufficient Due Diligence "Too many enterprises jump into the cloud without understanding the full scope of the undertaking," said the report. Without an understanding of the service providers' environment and protections, customers don't know what to expect in the way of incident response, encryption use, and security monitoring. Not knowing these factors means organizations are taking on unknown levels of risk in ways they may not even comprehend, but that are a far departure from their current risks.  Shared Technology In a multi-tenant environment, the compromise of a single component, such as the hypervisor, exposes more than just the compromised customer; rather, it exposes the entire environment to a potential of compromise and breach. The same could be said other shared services, including CPU caches, a shared database service, or shared storage. The Future The cloud now represents not only concentrations of compute power and storage, but also a concentration of security, given the potential for mischief or disaster if those centralized resources fall into the wrong hands. Whether it's a private cloud in the virtualized enterprise datacenter or a public cloud, new levels of "layered" security will need to be built in. Such security will need to operate in a highly automated fashion and be driven by well-crafted and relentlessly applied policies.
Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by encryption used to secure the Internet. Encryption provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).  Heartbleed bug allows cybercriminals to access website data and visitors' personal information, including credit cards, e-mails and passwords that are stored in the cloud.  Heartbleed leaves no record in an attacked Web server’s logs, which makes it impossible to tell exactly how many websites may have been exploited by it.  Heartbleed went undetected for more than two years, and it could have affected thousands of OpenSSL Web servers across the globe.  According to The Economist, up to two-thirds of the world's websites are vulnerable to Heartbleed attacks. While OpenSSL has been available since March 2012, it contained a serious coding error that allowed a computer at one end of an encrypted link to send a signal to the computer at the other end of it to check that it is still online. Google found that hackers could exploit this coding error, duplicate its signal and access an OpenSSL Web server's memory.  The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. Why it is called the Heartbleed Bug?  Bug is in the OpenSSL's implementation of the (transport layer security protocols) heartbeat extension. When it is exploited it leads to the leak (bleeding) of memory contents from the server to the client and from the client to the server.  Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.
References http://www.informationweek.com/cloud/infrastructure-as-a-service/cloud-security-needs-more- layers-hytrust/d/d-id/1114025?itc=edit_in_body_cross http://en.wikipedia.org/wiki/Cloud_computing_security http://searchcompliance.techtarget.com/definition/cloud-computing-security http://www.informationweek.com/cloud/infrastructure-as-a-service/9-worst-cloud-security- threats/d/d-id/1114085?page_number=2 http://talkincloud.com/cloud-computing-security/040914/heartbleed-openssl-security-flaw-puts- corporate-cloud-data-risk http://heartbleed.com/

Recommandé

MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
Implementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkImplementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkSalam Shah
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIOSR Journals
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing presentJames Sutter
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
4.authentication and key agreement based on anonymous identity for peer to-pe...
4.authentication and key agreement based on anonymous identity for peer to-pe...4.authentication and key agreement based on anonymous identity for peer to-pe...
4.authentication and key agreement based on anonymous identity for peer to-pe...Venkat Projects
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 

Recommandé

MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
Implementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkImplementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkSalam Shah
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIOSR Journals
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing presentJames Sutter
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
4.authentication and key agreement based on anonymous identity for peer to-pe...
4.authentication and key agreement based on anonymous identity for peer to-pe...4.authentication and key agreement based on anonymous identity for peer to-pe...
4.authentication and key agreement based on anonymous identity for peer to-pe...Venkat Projects
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 Networks
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingIRJET Journal
 
Securing Cloud Using Fog: A Review
Securing Cloud Using Fog: A ReviewSecuring Cloud Using Fog: A Review
Securing Cloud Using Fog: A ReviewIRJET Journal
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityArunvignesh Venkatesh
 
Abuse_in_the_Cloud_Palani_Ashwin
Abuse_in_the_Cloud_Palani_AshwinAbuse_in_the_Cloud_Palani_Ashwin
Abuse_in_the_Cloud_Palani_AshwinAshwin Palani
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industryCloudMask inc.
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
Hindering data theft attack through fog computing
Hindering data theft attack through fog computingHindering data theft attack through fog computing
Hindering data theft attack through fog computingeSAT Publishing House
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementGluu
 
An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...IJECEIAES
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and servicesJas Preet
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Cláudia Alves
 
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...IRJET Journal
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...IJECEIAES
 
Project 3
Project 3Project 3
Project 3Priyanka Goswami
 
Implementation_of_User_Authentication_as
Implementation_of_User_Authentication_asImplementation_of_User_Authentication_as
Implementation_of_User_Authentication_asMasood Shah
 
A017130104
A017130104A017130104
A017130104IOSR Journals
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloudkairostech
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGIRJET Journal
 
Security for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsSecurity for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsEditor IJCATR
 

Contenu connexe

Tendances

F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 Networks
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingIRJET Journal
 
Securing Cloud Using Fog: A Review
Securing Cloud Using Fog: A ReviewSecuring Cloud Using Fog: A Review
Securing Cloud Using Fog: A ReviewIRJET Journal
 
Abuse_in_the_Cloud_Palani_Ashwin
Abuse_in_the_Cloud_Palani_AshwinAbuse_in_the_Cloud_Palani_Ashwin
Abuse_in_the_Cloud_Palani_AshwinAshwin Palani
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industryCloudMask inc.
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
Hindering data theft attack through fog computing
Hindering data theft attack through fog computingHindering data theft attack through fog computing
Hindering data theft attack through fog computingeSAT Publishing House
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementGluu
 
An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...IJECEIAES
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and servicesJas Preet
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Cláudia Alves
 
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...IRJET Journal
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...IJECEIAES
 

Tendances (16)

F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhere
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
 
Securing Cloud Using Fog: A Review
Securing Cloud Using Fog: A ReviewSecuring Cloud Using Fog: A Review
Securing Cloud Using Fog: A Review
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Abuse_in_the_Cloud_Palani_Ashwin
Abuse_in_the_Cloud_Palani_AshwinAbuse_in_the_Cloud_Palani_Ashwin
Abuse_in_the_Cloud_Palani_Ashwin
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industry
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
 
Hindering data theft attack through fog computing
Hindering data theft attack through fog computingHindering data theft attack through fog computing
Hindering data theft attack through fog computing
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access management
 
An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and services
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
 
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...
 

Similaire à Cloud Computing Security

Implementation_of_User_Authentication_as
Implementation_of_User_Authentication_asImplementation_of_User_Authentication_as
Implementation_of_User_Authentication_asMasood Shah
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloudkairostech
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGIRJET Journal
 
Security for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsSecurity for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsEditor IJCATR
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providersiosrjce
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfTechugo
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIaetsd Iaetsd
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfTechugo
 
Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudcloudresearcher
 
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud ComputingSeven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud ComputingMervat Bamiah
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computingijcnes
 
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Salam Shah
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...SubmissionResearchpa
 
Risk Management in the Cloud
Risk Management in the CloudRisk Management in the Cloud
Risk Management in the CloudDavid X Martin
 

Similaire à Cloud Computing Security (20)

Project 3
Project 3Project 3
Project 3
 
Implementation_of_User_Authentication_as
Implementation_of_User_Authentication_asImplementation_of_User_Authentication_as
Implementation_of_User_Authentication_as
 
A017130104
A017130104A017130104
A017130104
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
 
Security for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsSecurity for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi Clouds
 
I017225966
I017225966I017225966
I017225966
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environment
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloud
 
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud ComputingSeven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud Computing
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
 
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
 
H017155360
H017155360H017155360
H017155360
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
 
Risk Management in the Cloud
Risk Management in the CloudRisk Management in the Cloud
Risk Management in the Cloud
 

Plus de Ahmed Banafa

IoT and 5G convergence
IoT and 5G convergenceIoT and 5G convergence
IoT and 5G convergenceAhmed Banafa
 
Quantum Computing and AI
Quantum Computing and AIQuantum Computing and AI
Quantum Computing and AIAhmed Banafa
 
The convergence of IoT and Quantum Computing
The convergence of IoT and Quantum ComputingThe convergence of IoT and Quantum Computing
The convergence of IoT and Quantum ComputingAhmed Banafa
 
Quantum Internet Explained
Quantum Internet ExplainedQuantum Internet Explained
Quantum Internet ExplainedAhmed Banafa
 
Quantum Teleportation
Quantum TeleportationQuantum Teleportation
Quantum TeleportationAhmed Banafa
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
How blockchain is revolutionizing crowdfunding
How blockchain is revolutionizing crowdfundingHow blockchain is revolutionizing crowdfunding
How blockchain is revolutionizing crowdfundingAhmed Banafa
 
Blockchain technology and supply chain management
Blockchain technology and supply chain managementBlockchain technology and supply chain management
Blockchain technology and supply chain managementAhmed Banafa
 
8 key tech trends in a post covid-19 world edited
8 key tech trends in a post covid-19 world edited8 key tech trends in a post covid-19 world edited
8 key tech trends in a post covid-19 world editedAhmed Banafa
 
Blockchain Technology and COVID19
Blockchain Technology and COVID19Blockchain Technology and COVID19
Blockchain Technology and COVID19Ahmed Banafa
 
Ten trends of blockchain in 2020
Ten trends of blockchain in 2020Ten trends of blockchain in 2020
Ten trends of blockchain in 2020Ahmed Banafa
 
Quantum Computing and Blockchain: Facts and Myths
Quantum Computing and Blockchain: Facts and Myths Quantum Computing and Blockchain: Facts and Myths
Quantum Computing and Blockchain: Facts and Myths Ahmed Banafa
 
Ten Blockchain Applications
Ten Blockchain ApplicationsTen Blockchain Applications
Ten Blockchain ApplicationsAhmed Banafa
 
Hot technologies of 2019
Hot technologies of 2019Hot technologies of 2019
Hot technologies of 2019Ahmed Banafa
 
The Blockchain Wave in 2019 and Beyond - SJSU
The Blockchain Wave in 2019 and Beyond - SJSU The Blockchain Wave in 2019 and Beyond - SJSU
The Blockchain Wave in 2019 and Beyond - SJSU Ahmed Banafa
 
9 IoT predictions for 2019
9 IoT predictions for 20199 IoT predictions for 2019
9 IoT predictions for 2019Ahmed Banafa
 
Secure and Smart IoT using Blockchain and AI
Secure and Smart IoT using Blockchain and AISecure and Smart IoT using Blockchain and AI
Secure and Smart IoT using Blockchain and AIAhmed Banafa
 
The Blockchain Wave in 2019 and Beyond
The Blockchain Wave in 2019 and BeyondThe Blockchain Wave in 2019 and Beyond
The Blockchain Wave in 2019 and BeyondAhmed Banafa
 

Plus de Ahmed Banafa (20)

IoT and 5G convergence
IoT and 5G convergenceIoT and 5G convergence
IoT and 5G convergence
 
Quantum Computing and AI
Quantum Computing and AIQuantum Computing and AI
Quantum Computing and AI
 
The convergence of IoT and Quantum Computing
The convergence of IoT and Quantum ComputingThe convergence of IoT and Quantum Computing
The convergence of IoT and Quantum Computing
 
Quantum Internet Explained
Quantum Internet ExplainedQuantum Internet Explained
Quantum Internet Explained
 
IoT and Covid 19
IoT and Covid 19IoT and Covid 19
IoT and Covid 19
 
Quantum Teleportation
Quantum TeleportationQuantum Teleportation
Quantum Teleportation
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
How blockchain is revolutionizing crowdfunding
How blockchain is revolutionizing crowdfundingHow blockchain is revolutionizing crowdfunding
How blockchain is revolutionizing crowdfunding
 
Blockchain technology and supply chain management
Blockchain technology and supply chain managementBlockchain technology and supply chain management
Blockchain technology and supply chain management
 
8 key tech trends in a post covid-19 world edited
8 key tech trends in a post covid-19 world edited8 key tech trends in a post covid-19 world edited
8 key tech trends in a post covid-19 world edited
 
Blockchain Technology and COVID19
Blockchain Technology and COVID19Blockchain Technology and COVID19
Blockchain Technology and COVID19
 
Ten trends of blockchain in 2020
Ten trends of blockchain in 2020Ten trends of blockchain in 2020
Ten trends of blockchain in 2020
 
Quantum Computing and Blockchain: Facts and Myths
Quantum Computing and Blockchain: Facts and Myths Quantum Computing and Blockchain: Facts and Myths
Quantum Computing and Blockchain: Facts and Myths
 
Ten Blockchain Applications
Ten Blockchain ApplicationsTen Blockchain Applications
Ten Blockchain Applications
 
Hot technologies of 2019
Hot technologies of 2019Hot technologies of 2019
Hot technologies of 2019
 
Blockchain and AI
Blockchain and AIBlockchain and AI
Blockchain and AI
 
The Blockchain Wave in 2019 and Beyond - SJSU
The Blockchain Wave in 2019 and Beyond - SJSU The Blockchain Wave in 2019 and Beyond - SJSU
The Blockchain Wave in 2019 and Beyond - SJSU
 
9 IoT predictions for 2019
9 IoT predictions for 20199 IoT predictions for 2019
9 IoT predictions for 2019
 
Secure and Smart IoT using Blockchain and AI
Secure and Smart IoT using Blockchain and AISecure and Smart IoT using Blockchain and AI
Secure and Smart IoT using Blockchain and AI
 
The Blockchain Wave in 2019 and Beyond
The Blockchain Wave in 2019 and BeyondThe Blockchain Wave in 2019 and Beyond
The Blockchain Wave in 2019 and Beyond
 

Dernier

定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxBipin Adhikari
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 

Dernier (20)

定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptx
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 

Cloud Computing Security

  • 1. Cloud Computing Security By: Ahmed Banafa, Distinguished Tenured Staff | Faculty | SME | E-Learning Expert | Four-time winner of instructor of the year award A broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing. Because of the cloud's very nature as a shared resource, identity management, privacy ,access control , are of particular concern. With more organizations using cloud computing and associated cloud providers for data operations, proper security in these and other potentially vulnerable areas have become a priority for organizations contracting with a cloud computing provider. Cloud computing security processes should address the security controls the cloud provider will incorporate to maintain the customer's data security, privacy andcompliance with necessary regulations. The processes will also likely include a business continuity and data backup plan in the case of a cloud security breach. In the second half of 2013, Forrester Research conducted its usual Forrsights Hardware Survey and found enterprise hardware buyers more than willing to make use of cloud servers, but they were limiting their use because of unresolved concerns over security. In that survey, 73% of IT decision makers were concerned about public cloud security, and 51% were concerned about their own private cloud security. Cloud Security Threats According to CSA’s Report of 2013the biggest threats:
  • 2.  Data Breaches Cloud computing introduces significant new avenues of attack. The absolute security of hypervisor operation and virtual machine operations is still to be proved. Clouds represent concentrations of corporate applications and data, and if any intruder penetrated far enough, who knows how many sensitive pieces of information will be exposed. "If a multitenant cloud service database is not properly designed, a flaw in one client's application could allow an attacker access not only to that client's data, but every other client's data as well," the report concluded.  Data Loss a data breach is the result of a malicious and probably intrusive action.Small amounts of data were lost for some Amazon Web Service customers as its EC2 cloud suffered "a remirroring storm" due to human operator error on Easter weekend in 2011. And a data loss could occur intentionally in the event of a malicious attack.  Account Or Service Traffic Hijacking Account hijacking sounds too elementary to be a concern in the cloud. Phishing, exploitation of software vulnerabilities such as buffer overflow attacks, and loss of passwords and credentials can all lead to the loss of control over a user account.Compromising the confidentiality, integrity, and availability of the services  Insecure APIs The cloud era has brought about the contradiction of trying to make services available to millions while limiting any damage all these largely anonymous users might do to the service. The answer has been Application Programming Interface, or API, that defines how a third party connects an application to the service and providing verification that the third party producing the application is who he says he is. Leading web developers, including ones from Twitter and Google, collaborated on specifying an open authorization service for web services that controls third party access. But security experts warn that there is no perfectly secure public API.  Denial Of Service Denial of service attacks are an old disrupter of online operations, but they remain a threat nevertheless. For cloud customers, "experiencing a denial-of-service attack is like being caught in rush-hour traffic gridlock: there's no way to get to your destination, and nothing you can do about it except sit and wait," according to the report. When a denial
  • 3. of service attacks a customer's service in the cloud, it may impair service without shutting it down.”  Malicious Insiders Malicious insiders might seem to be a common threat. If one exists inside a large cloud organization, the hazards are magnified. One tactic cloud customers should use to protect themselves is to keep their encryption keys on their own premises, not in the cloud.  Abuse Of Cloud Services Cloud computing brings large-scale, elastic services to enterprise users and hackers alike. It might take an attacker years to crack an encryption key using his own limited hardware. But using an array of cloud servers, he might be able to crack it in minutes,.  Insufficient Due Diligence "Too many enterprises jump into the cloud without understanding the full scope of the undertaking," said the report. Without an understanding of the service providers' environment and protections, customers don't know what to expect in the way of incident response, encryption use, and security monitoring. Not knowing these factors means organizations are taking on unknown levels of risk in ways they may not even comprehend, but that are a far departure from their current risks.  Shared Technology In a multi-tenant environment, the compromise of a single component, such as the hypervisor, exposes more than just the compromised customer; rather, it exposes the entire environment to a potential of compromise and breach. The same could be said other shared services, including CPU caches, a shared database service, or shared storage. The Future The cloud now represents not only concentrations of compute power and storage, but also a concentration of security, given the potential for mischief or disaster if those centralized resources fall into the wrong hands. Whether it's a private cloud in the virtualized enterprise datacenter or a public cloud, new levels of "layered" security will need to be built in. Such security will need to operate in a highly automated fashion and be driven by well-crafted and relentlessly applied policies.
  • 4. Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by encryption used to secure the Internet. Encryption provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).  Heartbleed bug allows cybercriminals to access website data and visitors' personal information, including credit cards, e-mails and passwords that are stored in the cloud.  Heartbleed leaves no record in an attacked Web server’s logs, which makes it impossible to tell exactly how many websites may have been exploited by it.  Heartbleed went undetected for more than two years, and it could have affected thousands of OpenSSL Web servers across the globe.  According to The Economist, up to two-thirds of the world's websites are vulnerable to Heartbleed attacks. While OpenSSL has been available since March 2012, it contained a serious coding error that allowed a computer at one end of an encrypted link to send a signal to the computer at the other end of it to check that it is still online. Google found that hackers could exploit this coding error, duplicate its signal and access an OpenSSL Web server's memory.  The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. Why it is called the Heartbleed Bug?  Bug is in the OpenSSL's implementation of the (transport layer security protocols) heartbeat extension. When it is exploited it leads to the leak (bleeding) of memory contents from the server to the client and from the client to the server.  Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.