Transcript of "Cloud computing & Security presentation"
About me & Submission details
Security Researcher aka Ethical Hacker .
Working as a Freelancer .
White Hat Hacking work.
Few Recognitions :-
Got listed my name in Google Hall of fame,Amazon,Paypal,Adobe
& Few others.
Paper Title :- Cloud Computing & Security .
What is Cloud Computing ?
Cloud Computing is a technology used to provide:
Ease of access to user data, programs and security
Services anytime and anywhereServices anytime and anywhere
Ensuring complete reliability and security
Reduces the cost of work..least possible expenditure
BASIC Characteristics of Cloud Computing
Resources in cloud systems can be
shared among a large number of users.
Improve the efficiency of cloud systems
and save cost for cloud service
Even when the total work load for a cloud
system increases dramatically, the system
could improve its capacity by adding more
hardware to handle the increased loadhardware to handle the increased load
A cloud system only delivers the minimum
amount of computing resources that meet
users’ need. The amount of resources provided
to users increase when they need more, andto users increase when they need more, and
decrease when they need less. Users only pay
for whatever they consumed.
Users can utilize cloud services using
whatever device they have, should it be a
laptop, an iPad or a smartphone, as long as
they have access to the Internet.they have access to the Internet.
Computing resources are provided by cloud systems.
Users do not need to purchase expensive computers
to perform tasks that need high performanceto perform tasks that need high performance
Multiple redundant sites are used in cloud systems.
There are always backups available when one or
more sites are down.more sites are down.
History of cloud computing
The idea of cloud computing dates as far back as the 1960’s
when John McCarthy envisioned a time when computation
may someday be orgainsed as a public organisation.
Cloud computing has evolved through a number of phases
which include grid and utility computing ,application service
processing(ASP),software as a service (Saas)
Grid Computing a form of distributed
computing,acting in concert to perform very large
Utility Computing a metered service similar to
a traditional public utility such as electricity.
Few other types of Clouds
Network as a Service (NaaS)
Storage as a Service (STaaS)
Security as a Service (SECaaS)
Data as a Service (DaaS)
API as a Service (APIaaS)
Cloud Service Models
Software as a Service (SaaS)
Service provider’s apps
User’s do not manage the Network, Servers, OS, Storage or
applications by the user
Platform as a Service (PaaS)
User deploys their apps on the cloudUser deploys their apps on the cloud
Controls their apps
User’s do not manage Servers, IS, Storage
Infrastructure as a Service (IaaS)
User’s get access to the infrastructure to deploy their content
Doesn’t manage or control the infrastructure
Does manage or control the OS, storage, apps, selected network
Cloud Deployment models
Public Cloud computing environment are open for
use to anyone who wants to sign up and use them.
These are run by vendors and applications from
different customers are likely to be mixed together ondifferent customers are likely to be mixed together on
the cloud’s servers, storage systems, and networks.
Examples of a public cloud: Amazon Web Services and
Google's AppEngine .
A private cloud is basically an organization that
needs more control over their data than they can get
by using a vendor hosted service.
A hybrid cloud combine both public and private
cloud modelscloud models.
A cloud based online Office
Allow you to create, edit and
share documents online
using web browsers, iPads or
even smart phones.even smart phones.
Amazon Cloud Drive
Amazon Cloud Drive is an personal hard
drive in a cloud system.
Store music, videos, photos, and
documents on Amazon's servers.
documents on Amazon's servers.
Dropbox cloud provider
Dropbox is a file hosting service that offers cloud
storage,file synchronization & client software.
It allows users to create a special folder on each of their
computers,which dropbox then synchronizes so that itcomputers,which dropbox then synchronizes so that it
appears to be in the same folder regardless of which
computer is used to view it.
Opportunities and Challenges
The use of the cloud provides a number of
It enables services to be used without any
understanding of their infrastructure.
It potentially lowers the outlay expense for start upIt potentially lowers the outlay expense for start up
companies, as they would no longer need to buy
their own software or servers.
Cost would be by on-demand pricing.
Data and services are stored remotely but accessible
Advantages Of Cloud Computing
Lower total cost of ownership.
Always on, Always available.
Faster application delivery.
Improved business continuity.
Platform for easier and faster sharing, mobilePlatform for easier and faster sharing, mobile
Rental pricing model.
Pay-as–you-go, Try before you buy.
Lower Infrastructure Cost .
Disadvantages Of Cloud computing
Data Loss Risks
But can we tackle it……How???43% of current cloud users reported a security
incident in the past 12 months
Cloud Computing-Attacking methods
Distributed Denial of Service Attacks (DDoS) .
Data Segregation Risks.
Web-application Attacking methods.Web-application Attacking methods.
Distributed Denial of Service Attacks
Distributed Denial of service (DDoS) attacks means
many node systems attacking one node all at the same
time with a Flood of useless messages to exhaust Web
Server’s resources .
Authentication is a weak point in a hosted & virtual service’s and
Ways to check the Authenticity of the client :
Leverage strong two –factor authentication techniques.
Use of static I.P, Virtual I.P techniques .
Designated Emplyoee’s Access .
Data Segregation Risks
Data segregation is not easily facilitated in all cloud enviornments
as all the data can’t be segregated acc. To the user needs.Some
customers do not encrypt the data as there are chances for the
encryption itself to destroy the data .
The compromised servers are shut down whenever a data is
needed to be recovered.The available data is not correctly sent toneeded to be recovered.The available data is not correctly sent to
the customer at all times of need.
When recovering the data there could be instances of replication
of data in multiple sites.