Cloud security involves securing the data, applications, and infrastructure associated with cloud computing. The document outlines some common cloud security issues like data breaches, data loss, account hijacking, insecure APIs, denial of service attacks, and back doors. It also discusses how cloud computing works using various deployment models and service models. Finally, it recommends questions users should ask cloud providers about data storage locations, security practices, inspection access, migration costs, disaster recovery documentation, and privacy policies.
2. Cloud security
What is Cloud Computing???...
A cloud, in very simple terms, is a place where
information technology (IT) resources such as
computer hardware, operating systems, networks,
storage, databases, and even entire software
applications are available instantly, on-demand
3. How cloud works ???...
• Cloud Software as
a Service (SaaS)
• Cloud Platform as
a Service (PaaS)
• Cloud
Infrastructure as a
Service (IaaS)
5. Cloud Computing Security Issues ‘13
Data Breaches
Data Loss
Account Hijacking
Insecure APIs
Denial of Service
Back doors
6. Data Breaches:A Data Breach is a
security incident in which
sensitive, protected or
confidential data is
copied, transmitted,
viewed, stolen or used by
an individual
unauthorized to do so.
Data loss:Data loss is an error
condition in information
systems in which
information is destroyed
by failures or neglect in
storage, transmission, or
processing
7. Account hijacking:Account hijacking is a form of identity theft.
Identity theft is when someone uses your
personal identifying information (e.g., name,
address, social security number, financial
institution account number, username or
password) to commit fraud
Insecure API:-
Cloud Computing providers expose a
set of software interfaces or APIs that
customers use to manage and interact
with cloud services. cloud services
allow third-party access by exposing
application programming interfaces
8. Denial Of Service:Denial of Service, is a type of attack where multiple
compromised systems -- which are usually infected
with a Trojan -- are used to target a single system
causing a Denial of Service (DOS) attack.
9. What questions you should ask
your cloud provider?
Information’s of where data is stored
Security and private laws
Is cloud operation available for physical
inspection
Exit charges or penalties while migrating
Documentation of disaster recovery
Organization’s privacy policy