CLOUD TECHNOLOGY IMPLEMENTATION/SECURITY

Similar documents
See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

The NIST Definition of Cloud Computing

The NIST Definition of Cloud Computing (Draft)

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Technology & Business Overview of Cloud Computing

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

CHAPTER 8 CLOUD COMPUTING

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

CLOUD COMPUTING TECHNOLOGY INFRASTRUCTURE TO SUPPORT THE KNOWLEDGE MANAGEMENT PROCESS (A CASE STUDY APPROACH)

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Cloud Computing. What is Cloud Computing?

PART I: The Pros and Cons of Public Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing

Cloud Computing. Karan Saxena * & Kritika Agarwal**

CLOUD COMPUTING. A Primer

Kent State University s Cloud Strategy

IS PRIVATE CLOUD A UNICORN?

Student's Awareness of Cloud Computing: Case Study Faculty of Engineering at Aden University, Yemen


HARNESSING THE POWER OF THE CLOUD

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

Cloud Computing; What is it, How long has it been here, and Where is it going?

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

How To Cloud Compute At The Cloud At The Cyclone Center For Cnc

Managing Cloud Computing Risk

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

Security Issues In Cloud Computing and Countermeasures

Security & Trust in the Cloud

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Rapid Consumption and Deployment of SAP Software as Virtual Appliances Using SAP Cloud Appliance Library

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Security Issues in Cloud Computing

Why Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

A Study on Service Oriented Network Virtualization convergence of Cloud Computing

Introduction to Cloud Services

Cloud Computing Technology

RingStor User Manual. Version 2.1 Last Update on September 17th, RingStor, Inc. 197 Route 18 South, Ste 3000 East Brunswick, NJ

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com

How To Understand Cloud Usability

Module 1: Facilitated e-learning

Cloud Computing. IST 501 Fall Dongwon Lee, Ph.D.

How cloud computing can transform your business landscape

NCTA Cloud Architecture

Security Model for VM in Cloud

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH Agenda. Security Cases What is Cloud? Road Map Security Concerns

Cloud Computing Guide & Handbook. SAI USA Madhav Panwar

Private Cloud in Educational Institutions: An Implementation using UEC

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

A Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing

Security Considerations for Public Mobile Cloud Computing

Using Cloud-Based Technologies in Clinical Trials by Niki Kutac, Director, Product Management

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Cloud-Testing vs. Testing a Cloud

An Introduction to Cloud Computing Concepts

OVERVIEW Cloud Deployment Services

Capability Paper. Today, aerospace and defense (A&D) companies find

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

How cloud computing can transform your business landscape.

Mobile Cloud Computing Security Considerations

Architectural Implications of Cloud Computing

Session 3. the Cloud Stack, SaaS, PaaS, IaaS

A Secure System Development Framework for SaaS Applications in Cloud Computing

SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

PRIVATE CLOUD PLATFORM OPTIONS. Stephen Lee CEO, ArkiTechs Inc.

Business Process Automation through Application Software

Cloud Computing--Efficiency and Security

Lecture 02a Cloud Computing I

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

The cloud - ULTIMATE GAME CHANGER ===========================================

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

Wireless Network Security

CLOUD COMPUTING GUIDELINES FOR LAWYERS

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

Transcription:

1 CLOUD TECHNOLOGY IMPLEMENTATION/SECURITY Torrell Griffin

2 Cloud Technology Implementation/Risk Mitigation The purpose of this report, in essence, is to define cloud technology as well as describe some of the pros and cons of utilizing a number of different cloud services. Cloud technology offers a number of different methods as far as implementation goes, and along with each option, comes a new set of pros and cons. One method or option may be secure than the other, while the next method may offer more flexibility and control to the user. Security has definitely continued to become more and more important over time. Cloud technology, is the utilization of both hardware and software to provide a specific service over a network, and is now being adopted by companies of all types. For example, a cloud service which happens to be used in of all sorts in today s modern business, being cloud storage services, which happens to be an application as a service or an AaaS. As stated by the IEEE Computing Organization, The goal of Services Computing is to enable IT services and computing technology to perform business services more efficiently and effectively. (CLOUD) Amongst the various services provided are different service models such as AaaS, application as a service, and PaaS, platform as a service. As stated earlier cloud services are being used across a much broader range, thanks to the internet. With the help of dedicated hardware, which is designed for a particular function, whether it be a server, database, etc., cloud service providers are able to configure, maintain, or create a platform, infrastructure, or application as a service. NIST, The National Institute of Standards and Technology, suggest that cloud computing model are composed of five essential characteristics. (Mell and Grace) The characteristics are as follows, service measurability, and resource pooling, broad network access, on-demand selfservice, and rapid elasticity. Each and every one of these aspects are very important to the

3 concept of cloud computing. With a brief overview of what exactly each and every one of these aspects include shall follow. Service Measurability are a cloud system s ability to report, control, and monitor resource usage, such network bandwidth, storage, processing, and memory, meanwhile providing copies to the both the consumer and the provider. Resource pooling is a provider s ability to serve numerous consumers with dynamic resources that be reallocated, or reassigned, according to each consumer s specific demand. Dynamic resources include network bandwidth, and storage. Rapid elasticity is relevant to the capabilities of a service to be elastically handled, or adjustable under many circumstances, in order to meet with the demand. This allows for the consumer to have access to what seems to be an unlimited amount of resources. Broad network access refers to the ability to access a service through various mechanisms, for example; cell phones, tablets, and computers. On-demand self-service pertains to a consumer s ability to oversee computing capabilities, for example; performing network storage maintenance while requiring no face-toface interaction with your service provider. Broad network access refers to the ability to access a service through various mechanisms, for example; cell phones, tablets, and computers. As of today, there are 3 three main service models used to deploy services through cloud computing, AaaS or (Application as a Service), PaaS or (Platform as a Service), and finally IaaS or (Infrastructure as a Service). The Application as a Service model would be used to deploy a service such as Facebook, or Dropbox, to the public. This layer of the cloud computing model allows a consumer to interact with a particular service at any point in time. The Platform as a Service would essentially be used by developers as a tool for expanding an AaaS currently in use, without the need to buy additional hardware or hire new maintenance to accompany whatever upgrades. Last but certainly not least, we have the Infrastructure as a Service model

4 which is used on usually larger scale, business oriented jobs such as providing virtual computer infrastructures, such as network equipment, software, and storage, along with website and server hosting. Let s use an average scenario, considering The AaaS, or application as a service model, is able to provide a wealth of different services which are currently being used by countless individuals, per day, whether they be subscription based services, or some sort free service. In particular, Dropbox, which happens to be a cloud based storage system, allows people from all over the globe to either professionally, or even personally collaborate, store, and share files with one another. The flexibility of the service is demonstrated by the fact that not one person is limited to the free option, as any one person can choose to purchase Dropbox for business, or even just additional space, if that is all that is required. Even so, the main function of Dropbox falls back to one of the essential five characteristics of a cloud computing model: broad network access. In particular this very characteristic is what allows anyone to access their Dropbox accounts, regardless of whether or not they are using a mobile phone, a computer, or even a tablet, given that they have internet access of course. Security risks musts be accepted in order to fully utilize cloud technology. The internet is a constant stream of data that, like every other network, can be manipulated by unauthorized individuals using various hacking techniques. Let s start with Dropbox for example, exactly what steps are involved in the authentication of the login process? By default every user of the service is forced to register a set of login credentials. This includes a username and password, while utilizing the https protocol. But this doesn t seem particular effective in truly verifying the person s identity when trying to authenticate someone s credentials. So besides creating a strong password, what other ways can an individual further restrict access to their Dropbox accounts?

5 The answer comes in the form of two-step-verification. This allows for a more complex verification process as far as logging into an individual s account due to the user having to go through additional screening whenever they go to login. Even so, with all of the measures taken into place cloud services are for the most part, secure, and the service provider should be able to provide the consumer with some sort of back up of their data, granted something unfortunate were to happen to their cloud environment. In all actuality, security issues have, and always will be prevalent in cloud technology, and thus should always be acknowledged taking into consideration that fact that cloud services are provided via the internet, which is a constant network. Having on-demand access to a service can pose a potential threat to any service provider and without the proper threat mitigation in place prior to an unfortunate event taking place. How can cloud service providers best mitigate the risks of providing cloud services? As stated by Zhang Designing and planning for an effective information security risk management occurs through two major processes: selecting relevant critical area, strategy and planning. (Zhang) More specifically the process of strategy and planning includes establishing some sort of risk management program direction, and guide activities, establishing a committee, defining the program goals, and requirements, and of course goals. Then there is the responsibility of the service providers to implement and operate three processes in particular, and they are, risk analysis, risk assessment, and risk mitigation. First, risk analysis, includes the tasks of threat identification, and vulnerability identification. Figure 1.1 shows different outputs from the threat identification step. Figure 1.1

6 Figure 1.2 shows different outputs from the vulnerability identification step. Zhang also made to Recommended methods for identifying system vulnerabilities are the use of vulnerability sources, the performance of system security testing, and the development of a security requirements checklist. The output of this process helps to identify vulnerabilities and threats for reducing or eliminating risk during the risk mitigation process. (Zhang). Figure 1.2 Next, risk assessment, consists of four major processes, likelihood determinations, impact analysis, risk determination, and control recommendations. To be brief, likelihood determination is a rating that is used to indicate the probability that may be exercised within the construct of the associated threat environment. Likelihood levels range from high, medium, and low. Impact analysis is the step of analyzing the level of risk by measuring the impact from a threat that has successfully exercised vulnerability. The levels are measured by three security goals, confidentiality, integrity and availability. Next, we have risk determination, which the sole purpose of this step is to find the risks that impact of critical areas, determined by whomever was in charge of architecting and establishing the Risk Management Program. Finally, control recommendations is the step where controls that could either eliminate, or mitigate identified risks, are therefore provided. In conclusion, cloud services are being utilized more and more in today s age. Have access to important information on the go can be just as dangerous as it is convenient, but thankfully, we have cloud service providers we can trust. We have cloud service providers who

7 actually take the time to take the proper precautions when building their cloud infrastructure from the ground up. Google, Amazon, you name, both of these companies definitely have Risk Treatment Plans in full force, ready to be implemented if the time every came that they needed to do so. In return, the average user, or even the business owner, can pretty much guarantee their data s availability and safety. Once again, Zhang states that a Cloud provider must development of risk treatment plans (RTP) with multiple options (avoidance, transfer, retention, reduction, and acceptance). The outcomes of risk treatment plans should be incorporated into service agreements. Because different models of cloud computing have various ways to mitigation a vulnerability and threat. (Zhang). With that being said, for as long as time goes on we will always be for to mitigate and eliminate threats to our networks, and or devices, and with cloud services being utilized over the internet, the need for security is only going to continue to grow. Without risk mitigation, any potential service provider is in for a bad experience, given level of hacking that has been going on in today s modern day in age.

8 References CA Community. Ed. Summer Blount. N.p., 11 Apr. 2012. Web. 20 Nov. 2012. "CLOUD 2012." The IEEE Cloud Computing Organization. Cloud Computing, n.d. Web. 20 Sep 2012. *Fam, Thum. "Cloud Computing and Disaster Recovery." resource.onlinetech.com. N.p., 7 Sept. 2011. Web. 2012. <http://resource.onlinetech.com/2011-cloud-it-disaster-recoverystatistics/cloud-computing-and-disaster-recovery-statistics-business-driversbehind-cloud-initiatives/>.. Hot Hardware. Ed. Seth Colaner. N.p., 11 July 2012. Web. 20 Nov. 2012. Markel, Mike. Technical communication. 9th. Boston: Bedford/St. Martin's, 2010. Print. Mell, Peter, and Timothy Grace. United States. Department of Commerce. NIST Definition of Cloud Computing. Gaithersburg: NIST Special Publication, 2011. Print *Zhang, Xuan. "IEEE Xplore Full-Text HTML: Information Security Risk Management Framework for the Cloud Computing Envrironment." Information Security Risk Management Framework for the Cloud Computing Environments. IEEE Xplore Digital Library, 29 Jun 2010. Web. 13 Apr 2014. <http://ieeexplore.ieee.org.jproxy.lib.ecu.edu/xpls/icp.jsp?arnumber=5577860

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information