Cloud ComputingData Security in the cloud :

Tactics and Practices INSPIRON-2011

Bangalore , Karnataka

Kashyap Kunal(BE-ISE) SAMBHRAM INSTITUTE OF TECHNOLOGY

BANGALORE

What is Cloud Computing?

According to AT&T ,CLOUD is: Common Location-independent Online Utility available on-Demand Service.

Cloud Computing is internet -based computing where shared resources, software and information are provided to the computer.

It promises not just cheaper IT, but also faster, easier, more flexible, and

more effective IT . It is also versatile and flexible application of internet.

Cloud Computing is not immune to risks and ethical objections, but the fact is that it promises big changes.

Consider an example of Hotmail.com , Yahoo.com or Gmail.com where no installation of server or software is required. All you need to acess them is an internet connection .These are simple examples of Cloud Computing.

Terminology:

Types of Cloud:

SaaS (Software as a Service)

PaaS (Platform as a Service )

IaaS (Infrastructure as a service)

Deployment Type:

Private Cloud (Low Security Risk):

-Typically owned by the respective Enterprise. -Functionalities are not directly exposed to customers. Public Cloud(More Security

Risk): -Enterprises may use Cloud functionalities from others. -Scope of functionalities may differ.

Hybrid Cloud(High Security Risk):

-Mixed employment of private & Public cloud. -Provide highly customized, enhanced offerings to local companies & world class application

Security Advantages in Cloud Computing: Data Centralization Password Assurance Testing Improve the state of Security Software Security Testing Incident Response Forensic Image verification time Logging

Security Disadvantages in Cloud Computing:

Data Location Investigation Data Segregation Long-term Viability Compromised Servers Regulatory Compliance Recovery

Major security Issues(Threats) & Challenges:

Two Question arise??

How secure is the Data?????? How secure is the Code??????

Top Threats in Cloud Environment according to CSA(Cloud Security Alliance):

Abuse and Nefarious Use of Cloud Computing Insecure Application Programming Interfaces Malicious Insiders Shared Technology Vulnerabilities Data Loss/Leakage Account, Service & Traffic Hijacking Unknown Risk Profile

Security issues in Virtualization: Virtualization is an essential technological characteristic of clouds which hides the technological complexity from the user and enables enhanced flexibility (through Aggregation, Routing and Translation).

Types of Virtualization:

Full Virtualization: Entire H/W Architecture Replicated Virtually. Para Virtualization: Modified OS that can run concurrently with

other OS.

More concretely, virtualization supports the following features:

Ease of Use Infrastructure Independency Flexibility & Adaptability Location Independence

CURRENT NEWS:

> Developments in the Azure and Windows server 8 pairing : Microsoft made the Windows server 8 and Azure connection clearer , rising hopes for easier development in the cloud.

> Community Cloud pushes Harvard out of the data center : Harvards community cloud project will move university into a new world of consuming IT resources as a utility.

> Breach fears push federal cloud computing initiative to private cloud : Trapped between budget constraints and security fears , government agencies are increasing opting for private cloud.

RISK ANALYSIS APPROACH: The cloud computing service providers use various security mechanisms to ensure that all the security risks are fully taken care of. However, there are two broad questions:???  How to estimate the risk to data security before putting a job into

the cloud?

How to ensure customers that their data and programs are safe in provider’s

premises?

If a cloud service user is able to estimate the risk of his data security then he can have a level of trust with the service provider. If there is a high risk about the data security then it leads to a decrease in trust and vice-versa.

Current security technology provides us with some capability to build a certain level of trust in cloud computing in order to analyze Security risks.

For example, SSL (Secure Socket Layer), digital signatures, and authentication protocols for proving authentication and access control methods for managing authorization.

CONCLUSION:

Data security dimensions will continuously increase. The security analysis approach will help service providers to

ensure their customers about the data security. Risk analysis can be performed. At present, there is a lack of structured analysis approaches .

And hence, The security problem in cloud paradigm can be handled frequently and effectively.

THANK YOU