Cloud Computing & Security
image

Cloud Computing is increasingly becoming popular due to large sets of the data output of various programs run by multiple enterprise applications. Cloud Computing refers to the network solutions for providing on-demand access to the shared pool of configurable and dependable computing resources, e.g., network, servers, storage, applications, services etc. As most enterprises are moving their data towards Cloud, the confidentiality, integrity and availability of the data have emerged to be the prime concern lately.

ccas2

There are three Cloud Service models which are –
Cloud Software-as-a-service (SAAS) – In this service model, the consumers are provided with applications running on a cloud infrastructure. The consumer does not control the underlying infrastructure such as network, servers, Operating system, storage.
 
Cloud Platform-As-a-Service (PAAS) – In this service model, the consumer can deploy the consumer-created applications created using various programming knowledge. However, a consumer still does not control the underlying infrastructure such as network, servers, Operating system, storage.
 
Cloud Infrastructure-As-a-Service (IAAS) – In this service model, the consumer can deploy and run any software that can include Operating system, applications, and access to network servers, storage and other fundamental computing resources.

 

Cloud Deployment Models

ccas3

1. Private Cloud- An organisation can deploy their cloud infrastructure. The organisation or the third party can manage it.
2. Community Cloud- In this kind of deployment model, the cloud infrastructure is shared by different organisations maintained either by the organisations or the third party.
3. Public Cloud- In this type, the cloud infrastructure is made available to the general public or a large industry group.
4. Hybrid Cloud- In this type, two or more cloud infrastructure (public, private, community) make up the hybrid cloud infrastructure. They remain their unique identities but are bound together by standardised or proprietary technologies that enable data and application portability.
 

Problems faced by the Organisations in the Cloud

Several security concerns and risks are associated with data in Cloud which are-

1. Virtualisation – To utilise the host operating system’s resources to its fullest capacity, Virtualisation came into existence. A fully functional guest active system image is captured in another host operating system, possibly due to hypervisor. The potential risk related to Virtualisation is that if the hypervisor is vulnerable, it will become the primary target.
2. Storage in Public Cloud – Data stored in public Cloud can be an appealing target for hackers as it is stored in public Cloud. So, keeping the data in Public Cloud is always a security risk.
3. Multitenancy – Using the same shared computing resources like CPU, storage, memory etc., can be a significant security risk in cloud computing.

 

Data Security in Cloud Computing – As most enterprises have moved to store their sensitive data in Cloud, the security of Cloud has emerged out to be of immense importance. The data that threatens its security in Cloud is of two types – Data at rest and data in transit. Data security in Cloud also follows the CIA triad, which is Confidentiality, Integrity and Availability. The techniques used to protect Cloud data are similar to the techniques used to preserve the traditional data centre data. These techniques include- Authentication and Identity, Access Control, Encryption, Secure deletion, Integrity checking etc.

Authentication and Identity – Authentication of users can take several forms, but all are based on traditional authentication mechanism, Cryptography and the combination of authentication factors such as something an individual knows, something they possess, and something unique to them. The problems faced during authentication in Cloud are due to multiple CSPs because synchronising the entire enterprise information is not scalable.

 

Access Control Techniques – Access Control mechanisms support separation and integrity of different levels or categories of information belonging to various parties. The most common access control models are:

  • Discretionary Access Control (DAC)
  • Role-Based Access Control (RBAC)
  • Mandatory Access Control (MAC)
Encryption for data in motion

Encryption for data in motion

 

 

Hidden Partition – Data in motion will be secured by maintaining the integrity and confidentiality of data. Encryption combined with authentication when applied to the data in motion can safely pass the data. Transferring data by programmatic means, manual file transfer, or using a browser such as HTTPS, SSL, or TLS are the mostly used security protocols. A PKI is used to authenticate the transaction and encryption algorithms to protect the payload.