1. Cloud Computing
Is it a secure solution for companies which need a platform, an infrastructure and application?
1
Quentin PETIT
Embry Riddle Aeronautical University
2. Introduction
The NIST Definition of Cloud Computing
“Cloud computing is a model for enabling
ubiquitous, convenient, on-demand network
access to a shared pool of configurable
computing ressources that can be rapidly
provisioned and released with minimal
management effort or service provider
interaction.”
(Mell et. al, 2011)
Cloud-based architecture
2
3. Methodology
Research of online and printed documents
Research of the history of previous cloud attacks
Interview of a manager of a cloud
Study of the practices to avoid security breaks and breakdowns
3
5. Security in Charge of the Provider
Supervision of the cloud
Detect vulnerabilities and bugs
Guarantee the respect of the contract
Norms & Certifications
5
6. Customer’s Responsibilities
Update of the operating systems and applications
Encryption to protect the data
Several audits
Be Aware (risks analysis, choice of the provider, contract)
6
7. Recommendations
Do not use the same password for all the services and systems
Use secure passwords
Work with multiple providers
Be extremely aware of the contracts
7
8. Conclusion
A completely sure and reliable computer
system does not exist
Cloud computing is a good solution
The customer have to be vigilant
Thank you for your attention
Contact:
Quentin PETIT
petit.quent@gmail.com
386-679-0148
8
9. References
Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing. Gaithersburg, MD:
U.S. Department of Commerce, Computer Security Division.
Shipley, G. (2010). Cloud Computing: Risks. InformationWeek, (1262), 20-22,24. Retrieved
from
http://search.proquest.com.ezproxy.libproxy.db.erau.edu/docview/220141789?accountid
=27203
Prakash, S. (2011). Risk Management: Cloud computing considerations. CMA Magazine,
85(2), 40. Retrieved from
http://search.proquest.com.ezproxy.libproxy.db.erau.edu/docview/894725517?accountid
=27203
Clarke, R. (2010). User Requirement for Cloud Computing Architecture. Proc. 2nd Int’l
Symposium on Cloud Computing. Retrieved from
http://www.rogerclarke.com/II/CCSA.html 9
10. References
SAS 70 Overview. (2013). SAS70.com. Retrieved from
http://sas70.com/sas70_overview.html
(n.d.). Recommandations pour les entreprises qui envisagent de souscrire à des services
de Cloud computing. Paris, France: Commission Nationale de l’Informatique et des
Libertés.
(2009). Cloud Computing: Benefits, risks, and recommendations for information security.
Heraklion, Greece: European Network and Information Security Agency.
Mather, T., & Kumaraswamy, S. & Latif, S. (2009). Cloud Security and Privacy: An Enterprise
Perspective on Risk and Compliance. Sebastopol, CA: O’Reilly Media
Singh, A., & Shrivastava, M. (2012). Overview of Attacks on Cloud Computing. International
Journal of Engineering and Innovation Technology, 1 4, 321-323.
10
11. References
(2011, April 28). Break-ins and breakdowns. The Economist. Retrieved from
http://www.economist.com/node/18620774
(2012). Concepts / Glossaire. eBanking aber sicher. Retrieved from
https://www.ebankingabersicher.ch/fr/begriffeglossar
(2012). Attaques par déni de service. eBanking aber sicher. Retrived from
https://www.ebankingabersicher.ch/fr/component/content/article/182-denial-of-service-
attacke&Itemid=110
Begon, J., (2013, April 2). Personal communication.
11