Security Issues in Cloud Computing Cloud Computing v

Cloud Computing v Cloud Computing is an emerging field wherein the focus is on

Security issues and possible solutions Maintaining the privacy of the user data in the

Dynamic data Storage (a) The user data is stored on a server that may

Data Recovery (a) Data can be easily lost because of a successful attack or

Legal Issues (a) Both user and service provider must be updated with the local

Software as a Service (Saas) (a) The software technology that offers services in cloud

Failure of traditional web application firewall in the cloud v. The privacy settings of

Distributed Web Application Firewall (d. WAF) v. It operates in a virtualized environment. v.

Hyperguard Saa. S provided by Amazon Web Services is one of the few DWAF’s

Detection only mode: v v In this mode the administrator may only test new/proposed

Protection only mode: v v v In this mode the administrator can enforce the

Case Study: T - Mobile Sidekick v v v Recently T-Mobile Sidekick cellphones which

Case Study: T – Mobile Sidekick v The server crashed and the rest is

References 1)http: //www. artofdefence. com/dokumente/Cloud_App. Sec_Whitepaper. pdf(dwaf) 2 http: //communities. intel. com/community/openportit/server/blog/2008/07/03/gartner-sevencloudcomputing-security-risks 3)http: //www.

Slides: 16

Download presentation

Security Issues in Cloud Computing

Cloud Computing v Cloud Computing is an emerging field wherein the focus is on providing virtualized resources as service. v Also the user is almost entirely blinded from the infrastructure that supports Cloud Computing. v. This is why we have most of the issues in Cloud Computing

Security issues and possible solutions Maintaining the privacy of the user data in the clo (a) Users must be informed of what data is being collected and how it would be used. (b) Users must be informed about the entities having access to their data.

Dynamic data Storage (a) The user data is stored on a server that may be anywhere in the globe. (b) Different parts of the user data may be stored in different servers. (c) These servers are actually encrypted block servers. (d) The user data is usually encrypted using a strong AES encryption algorithm.

Data Recovery (a) Data can be easily lost because of a successful attack or in the even of any natural disaster. (b) As a precautionary measure cloud providers should store data in less risky areas. (c) The cloud providers should replicate cloud storage in order to have a chance of recovery data in case of a main server failure

Legal Issues (a) Both user and service provider must be updated with the local governments transfer laws and restrictions. (b) If any third party services are used by the provider then the latter must educate the user about it. (c) The user and/or service provider must be held liable for any violations of the rules and regulations.

Software as a Service (Saas) (a) The software technology that offers services in cloud computing undergoes changes more frequently than desired. (b) This can develop a doubt in the minds of the customers. (c) As the cloud computing is in its initial stage of development overly stringent rule may not be so useful.

Failure of traditional web application firewall in the cloud v. The privacy settings of each cloud user could vary. v. Allocation of separate web application firewall/hardware for each of these settings will lead to enormous consumption of resources. v. Managing of these hardwares is tedious. v. Aim of using of less resources in the cloud is hampered.

Distributed Web Application Firewall (d. WAF) v. It operates in a virtualized environment. v. It provides firewall as a service. v. The filtering is done by a combination of hardware and software and also relies on how well it integrates with the existing Firewall Technologies. v. An user-friendly web based interface enables cloud users to specify their security settings.

Hyperguard Saa. S provided by Amazon Web Services is one of the few DWAF’s available today to protect your cloud. It has basically two modes of operation. There are two modes of operation: 1) Detection only mode. 2) Protection only mode.

Detection only mode: v v In this mode the administrator may only test new/proposed rule sets but will not enforce them. Although the administrator may use the exisiting proven rule sets to test the new rule sets.

Protection only mode: v v v In this mode the administrator can enforce the rule sets that have been tested over and over again and proven. These rule sets are authorized to block an attempted attack. In this mode logging is performed for future analysis and documentation.

Case Study: T - Mobile Sidekick v v v Recently T-Mobile Sidekick cellphones which uses a cloud network to store the data present in the user’s cellphone suffered a major embarrassment. The data was stored in a server present on the cloud. The user could extract data from this server whenever needed because T Mobile were storing and providing data back to the users using this server.

Case Study: T – Mobile Sidekick v The server crashed and the rest is history. v There were no back up servers. v All user’s data gone in the blink of an eye. v Thus this incident points out the need to store user data even on a back up server.

References 1)http: //www. artofdefence. com/dokumente/Cloud_App. Sec_Whitepaper. pdf(dwaf) 2 http: //communities. intel. com/community/openportit/server/blog/2008/07/03/gartner-sevencloudcomputing-security-risks 3)http: //www. hpl. hp. com/techreports/2009/HPL-2009 -54. pdf 4)http: //devcentral. f 5. com/weblogs/macvittie/archive/2009/01/21/cloud-computing-locationis-important-but-not-the-way-you. aspx 5)http: //www. comnews. com/features/2009_march_april/0409_web 1_data. aspx 6)http: //www. computerweekly. com/Articles/2009/11/09/235782/Top-five-cloud-computingsecurity-issues. htm 7)http: //aws. artofdefence. com/faq/ 8)http: //www. sans. org/newsletters/newsbites. php? vol=11&issue=81#s. ID 200

THANK YOU!!!