Professional Documents
Culture Documents
Security: now
and Then
Submitted to Submitted by
Neha bassan Rashmi Burman
11410590
B-57
Introduction cloud provider for each of the service models
also needs to be made.
Cloud computing has led to a shift in how
people think about IT systems architecture. Cloud computing security
Many organizations today are either
Trust
implementing cloud-based solutions, or
evaluating which cloud-based solutions they The concept of trust, adjusted to the case of
will be implementing in the future. two parties involved in a transaction, can be
According to gartener Inc. cloud computing described as follows: An entity A is
is "no less influential than e-business". This considered to trust another entity B when
shift in architecture from an enterprise-based entity A believes that entity B will behave
traditional server-based system to a cloud- exactly as expected and required.
based system will have associated costs of Thereinafter, an entity can be considered
entry and risks, but it can result in enormous trustworthy, if the parties or people involved
benefits in savings and in IT and business in transactions with that entity rely on its
agility. While there is considerable pressure credibility. In general, the concept described
on organizations to consider moving to the above can be verbally represented by the term
cloud-based services, security issues reliability, which refers to the quality of a
continue to be one of the largest concerns that person or entity that is worthy of trust. Trust
organizations have about this move. The in the information society is built on various
different cloud-based deployment models, different grounds, based on calculus, on
including private, public or hybrid cloud, knowledge or on social reasons . The notion
bring with them a range of challenges, and of trust in an organization could be defined as
security concerns cut across them all. Many the customers certainty that the organization
organizations will need to apply best practice is capable of providing the required services
security standards that are far in excess of accurately and infallibly. A certainty which
those that they currently implement with their also expresses the customers faith in its
on-premise systems. The migration or moral integrity, in the soundness of its
adoption of cloud services then can provide operation, in the effectiveness of its security
an advantage in that firms can design, from mechanisms, in its expertise and in its
the ground up, their new cloud-based abidance by all regulations and laws, while at
infrastructures with security "baked-in"; this the same time, it also contains the
is in contrast to the piecemeal and "after the acknowledgement of a minimum risk factor,
fact" or "bolted-on" nature of security seen in by the relying party. The notion of security
most data centers today. The cloud service refers to a given situation where all possible
model that an organization wants to risks are either eliminated or brought to an
implement influences security design and absolute minimum .Trust in a cloud
implementation. We will cover the three environment depends heavily on the selected
cloud computing service deployment model, as governance of data and
models: Infrastructure as a Service applications is outsourced and delegated out
iaas , and Software as a Service saas . These of the owners strict control. In traditional
models all have different security issues that architectures, trust was enforced by an
need to be considered and more importantly, efficient security policy, which addressed
a determination of the balance of constraints on functions and flow among
responsibilities between the customer and the them, constraints on access by external
systems and adversaries including programs
and access to data by people. In a cloud information systems functional and
deployment, this perception is totally operational requirements, as well as other
obscured. In the case of public or community pertinent system requirements
clouds, control is delegated to the (e.g., reliability, maintainability,
organization owning the infrastructure. When supportability). Cloud computing due to its
deploying on a public cloud, control is architectural design and characteristics
mitigated to the infrastructure owner to imposes a number of security benefits, which
enforce a sufficient security policy that include centralization of security, data and
guarantees that appropriate security activities process segmentation, redundancy and high
are being performed to ensure that risk is availability. While many traditional risks are
reduced. This introduces a number of risks countered effectively, due to the
and threats, as essentially security is related infrastructures singular characteristics, a
to trusting the processes and computing base number of distinctive security challenges are
implemented by the cloud owner. It is crucial introduced. Cloud computing has unique
to differentiate between deployment models, attributes that require risk assessment in areas
as a private cloud, where the infrastructure is such as availability and reliability issues, data
operated and managed on premise by a integrity, recovery, and privacy and
private organization, does not introduce auditing. Security in general, is related to the
additional unique security challenges, as trust important aspects of confidentiality, integrity
remains within the organization. In such a and availability; they thus become building
situation the infrastructures owner remains blocks to be used in designing secure
the data and process owner systems. These important aspects of security,
apply to the three broad categories of assets
which are necessary to be secured, data,
software and hardware resources. The cloud
infrastructure proposes unique security
challenges which need to be considered in
detail.
Security identification of
threats
Essentially securing an Information System
(IS), involves identifying unique threats and
challenges which need to be addressed by
implementing the appropriate
countermeasures. Ultimately, the identified
security requirements and selected security
controls are introduced to the standard
systems engineering process, to effectively
integrate the security controls with the
unauthorized access, organizations can
achieve greater confidence in data and
system integrity. Additionally, such
mechanisms offer the greater visibility into
determining who or what may have altered
data or system information, potentially
affecting their integrity (accountability).
Authorization is the mechanism by which a
system determines what level of access a
particular authenticated user should have to
secured resources controlled by the system.
Due to the increased number of entities and
access points in a cloud environment,
authorization is crucial in assuring that only
authorized entities can interact with data.
Personnel security
Various information security concerns
relating to the IT and other professionals
associated with cloud services are typically
handled through pre-, para- and post-
employment activities such as security
screening potential recruits, security
awareness and training programs, proactive.