Security issues in cloud database Presentation Transcript
1. A cloud database is a database that typically runs on a cloud computing platform, such as Amazon EC2 and Rackspace.2. The cloud database was conceived for the purpose of online data management by using a variety of distributed servers .3. There are two common deployment models: users can run databases on the cloud independently, using a virtual machine image, or they can purchase access to a database service, maintained by a cloud database provider.
1. The cloud database system makes information sharing simple and convenient.2. Easy access to files and data is what a cloud database actually emphasizes. If freak accidents happen, there is no reason for you to worry since all pieces of information are safely kept.3. A cloud database is far cheaper than that of maintaining an actual server, wherein a lot of other applications are necessary.4. Being a virtual data storage location, you get every single opportunity of manipulating data wherever you may be.
Identify Assets • Which assets are we trying to protect? • What properties of these assets must be maintained? Identify Threats • What attacks can be mounted? • What other threats are there (natural disasters, etc.)? Identify Countermeasures • How can we counter those attacks? Appropriate for Organization-Independent Analysis • We have no organizational context or policies
Failures in Provider SecurityAttacks by Other CustomersAvailability and Reliability IssuesLegal and Regulatory Issue
Explanation • Provider controls servers, network, etc. • Customer must trust provider’s security • Failures may violate CIA principles Countermeasures • Verify and monitor provider’s security Notes • Outside verification may suffice • For SMB, provider security may exceed customer security
Threats• Provider resources shared with untrusted parties• CPU, storage, network• Customer data and applications must be separated• Failures will violate CIA principles Countermeasures• Hypervisors for compute separation• MPLS, VPNs, VLANs, firewalls for network separation• Cryptography (strong)• Application-layer separation (less strong)
Threats• Clouds may be less available than in-house IT• Complexity increases chance of failure• Clouds are prominent attack targets• Internet reliability is spotty• Shared resources may provide attack vectors• BUT cloud providers focus on availability Countermeasures• Evaluate provider measures to ensure availability• Monitor availability carefully• Plan for downtime• Use public clouds for less essential applications
1. Middleware muddles2. Authentication3. Regulatory compliance issues in the cloud
1. Middleware is the technology that facilitates integration of components in a distributed system..2. It is software that allows elements of applications to interoperate across network links, despite differences in underlying communications protocols, system architectures, other application services.3. Middleware makes it possible to develop architectural patterns that represent innovative design solutions for specific system design problems.
4. Managers report that unwanted middleware access to the database causes security breaches.5. To avoid this hassle, security and database administrators must stop unauthorized database access from middleware components, including the application server, which can be treated as a middleware in this scenario..6. Also, you can cement database security by using trusted/secured connections and communications between middleware and the database and proven/standardized authentication mechanisms.
1. Authentication is the process of confirming a user or computer’s identity.2. The process normally consists of four steps: 1. The user makes a claim of identity, usually by providing a username. For example, I might make this claim by telling a database that my username is “mchapple”. 2. The system challenges the user to prove his or her identity. The most common challenge is a request for a password. 3. The user responds to the challenge by providing the requested proof. In this example, I would provide the database with my password 4. The system verifies that the user has provided acceptable proof by, for example, checking the password against a local password database or using a centralized authentication server
1. Despite these notable anticipated benefits, commercial acceptance of cloud databases their growth has been somewhat slower than many expected.2. An important factor behind this apparent reluctance to embrace cloud computing is uncertainty regarding regulatory compliance issues associated with activities in the cloud.3. There is uncertainty as to the specific regulatory requirements applicable to the cloud.
4. In the cloud environment, location matters, especially from alegal standpoint.5. Cloud computing contracts should include many data protectionprovisions, but cloud computing service providers may not agree tothem.6. The use of cloud services could sacrifice an entity’s ability tocomply with several laws and regulations and could put sensitivedata at risk.