SlideShare a Scribd company logo

Aspects of data security

Download as PPTX, PDF
S
SaranSwathi1

Security in cloud computing ppt. confidentiality, integrity, availability in cloud.

Engineering
1 of 20
ASPECTS OF DATA SECURITY
ASPECTS OF DATA SECURITY Data security becomes more important when using cloud computing at all “levels”: infrastructure-as-a-service (IaaS), platform-as-a- service (PaaS), and software-as-a-service. Data-in-transit Data-at-rest Processing of data, including multitenancy Data lineage Data provenance Data remanence
DATA-IN-TRANSIT: To insure the security of data in transit it is not only important to use a vetted encryption algorithm, but also it is important to ensure that the service protocol provides confidentiality as well as integrity (e.g., FTP over SSL [FTPS], Hypertext Transfer Protocol Secure [HTTPS], and Secure Copy Program [SCP])—particularly if the protocol is used for transferring data across the Internet. Encrypting data and using a non-secured protocol (e.g., FTP or HTTP) can provide confidentiality, but does not ensure the integrity of the data.
DATA-AT-REST If you are using an IaaS cloud service (public or private) for simple storage (e.g., Amazon’s Simple Storage Service or S3), encrypting data-at-rest is possible—and is strongly suggested. However, encrypting data-at-rest that a PaaS or SaaS cloud-based application is using (e.g., Google Apps, Salesforce.com) is not always feasible. Data-at-rest used by a cloud-based application is generally not encrypted, because encryption would prevent indexing or searching of that data. In other words, data, when processed by a cloud-based application or stored for use by a cloud-based application, is commingled with other users’ data (i.e., it is typically stored in a massive data store, such as Google’s BigTable)
PROCESSING OF DATA, INCLUDING MULTITENANCY For any application to process data, that data must be unencrypted. Until June 2009, there was no known method for fully processing encrypted data. Therefore, unless the data is in the cloud for only simple storage, the data will be unencrypted during at least part of its life cycle in the cloud—processing at a minimum
DATA LINEAGE Whether the data of an organization has been put into the cloud is encrypted or not, it is useful and might be required (for audit or compliance purposes) to know exactly where and when the data was specifically located within the cloud. Following the path of data (mapping application data flows or data path visualization) is known as data lineage, and it is important for an auditor’s assurance. Trying to provide accurate reporting on data lineage for a public cloud service is really not possible
DATA PROVENANCE Data provenance documents the inputs, entities, systems, and processes that influence data of interest, in effect providing a historical record of the data and its origins. Those resources are not under your physical or even logical control, and you probably have no ability to track the systems used or their state at the times you used them—even if you know some identifying information about the systems (e.g., their IP addresses) and the “general” location (e.g., a country, and not even a specific data center).
DATA REMANENCE Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase the data. This residue may be due to data being left intact by a nominal delete operation, or through physical properties of the storage medium. Data remanence may make inadvertent disclosure of sensitive information possible. The risk posed by data remanence in cloud services is that an organization’s data can be inadvertently exposed to an unauthorized party—regardless of which cloud service you are using. Various techniques have been developed to counter data remanence. These techniques are classified as clearing, purging/sanitizing, or destruction.
DATA SECURITY MITIGATION
what should you do to mitigate these risks to data security? The only viable option for mitigation is to ensure that any sensitive or regulated data is not placed into a public cloud (or that you encrypt data placed into the cloud for simple storage only)
PROVIDER DATA AND ITS SECURITY In addition to the security of customers own data, customers should also be concerned about what data the provider collects and how the CSP protects that data. What metadata does the provider have about customer data, how is it secured, and what of it is accessible to the customer? Additionally, your provider collects and must protect a huge amount of security-related data What data your CSP collects and how it monitors and protects that data is important to the provider for its own audit purposes Additionally, this information is important to both providers and customers in case it is needed for incident response and any digital forensics required for incident analysis.
STORAGE SECURITY The same three information security concerns are associated with this data stored in the cloud (e.g., Amazon’s S3) as with data stored elsewhere: 1. confidentiality, 2. integrity, 3. availability
CONFIDENTIALITY When it comes to the confidentiality of data stored in a public cloud, you have two potential concerns. First, what access control exists to protect the data? Access control consists of both authentication and authorization. The second potential concern is: How is the data that is stored in the cloud actually protected? For all practical purposes, protection of data stored in the cloud involves the use of encryption. So, is a customer’s data actually encrypted when it is stored in the cloud? And if so, what encryption algorithm, and with what key strength? It depends, and specifically, it depends on which CSP you are using. For example, EMC’s MozyEnterprise does encrypt a customer’s data. However, AWS S3 does not encrypt a customer’s data. Customers are able to encrypt their own data themselves prior to uploading, but S3 does not provide encryption.
If a CSP does encrypt a customer’s data, the next consideration concerns what encryption algorithm it uses. Only symmetric encryption has the speed and computational efficiency to handle encryption of large volumes of data. It would be highly unusual to use an asymmetric algorithm for this encryption use case.
The next consideration for you is what key length is used. What can be said is that key lengths should be a minimum of 112 bits for Triple DES (Data Encryption Standard) and 128-bits for AES (Advanced Encryption Standard). Another confidentiality consideration for encryption is key management. How are the encryption keys that are used going to be managed—and by whom? Are you going to manage your own keys? Hopefully, the answer is yes, and hopefully you have the expertise to manage your own keys.
This means additional resources and capabilities are necessary. At a minimum, a customer should consult all three parts of NIST’s 800- 57, “Part 1: General” “Part 2: Best Practices for Key Management Organization” “Part 3: Application-Specific Key Management Guidance (Draft)” Because key management is complex and difficult for a single customer, it is even more complex and difficult for CSPs to try to properly manage multiple customers’ keys
INTEGRITY Confidentiality does not imply integrity; Encryption alone is sufficient for confidentiality, but integrity also requires the use of message authentication codes. The simplest way to use MACs on encrypted data is to use a block symmetric algorithm (as opposed to a streaming symmetric algorithm) in cipher block chaining (CBC) mode, and to include a one- way hash function. Another aspect of data integrity is important, especially with bulk storage using IaaS. Once a customer has several gigabytes (or more) of its data up in the cloud for storage, how does the customer check on the integrity of the data stored there? What is needed instead is a proof of retrievability —that is, a mathematical way to verify the integrity of the data as it is
AVAILABILITY There are currently three major threats in this regard—none of which are new to computing, but all of which take on increased importance in cloud computing because of increased risk. The first threat to availability is network-based attacks. The second threat to availability is the CSP’s own availability. No CSPs offer the sought-after “five 9s” (i.e., 99.999%) of uptime. A customer would be lucky to get “three 9s” of uptime. The third risk is absent of data backup as cloud storage does not mean the stored data is actually backed up.
• ALL THREE OF THESE CONSIDERATIONS (CONFIDENTIALITY, INTEGRITY, AND AVAILABILITY) SHOULD BE ENCAPSULATED IN A CSP’S SERVICE-LEVEL AGREEMENT (SLA) TO ITS CUSTOMERS

Recommended

Ab initio Synthesis by DNA Polymerases
Ab initio Synthesis by DNA PolymerasesAb initio Synthesis by DNA Polymerases
Ab initio Synthesis by DNA PolymerasesAmna Jalil
 
mobile application security
mobile application securitymobile application security
mobile application security-jyothish kumar sirigidi
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issuesAleem Mohammed
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 

Recommended

Ab initio Synthesis by DNA Polymerases
Ab initio Synthesis by DNA PolymerasesAb initio Synthesis by DNA Polymerases
Ab initio Synthesis by DNA PolymerasesAmna Jalil
 
mobile application security
mobile application securitymobile application security
mobile application security-jyothish kumar sirigidi
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issuesAleem Mohammed
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
System models in distributed system
System models in distributed systemSystem models in distributed system
System models in distributed systemishapadhy
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Vrince Vimal
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security ProfessionalHatem ElSahhar
 
Security Issues in Cloud Computing
Security Issues in Cloud ComputingSecurity Issues in Cloud Computing
Security Issues in Cloud ComputingJyotika Pandey
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
Cloud Privacy & Security compliance
Cloud Privacy & Security complianceCloud Privacy & Security compliance
Cloud Privacy & Security complianceBryan Starbuck
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Sean Xie
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Securit...
Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Securit...Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Securit...
Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Securit...Edureka!
 
The Five Pillars of Customer Identity and Access Management (CIAM)
The Five Pillars of Customer Identity and Access Management (CIAM)The Five Pillars of Customer Identity and Access Management (CIAM)
The Five Pillars of Customer Identity and Access Management (CIAM)WSO2
 
Database Security & Encryption
Database Security & EncryptionDatabase Security & Encryption
Database Security & EncryptionTech Sanhita
 
E Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPE Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPijtsrd
 
Access_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyAccess_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyArti Ambokar
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)Maganathin Veeraragaloo
 
An Auditing Protocol for Protected Data Storage in Cloud Computing
An Auditing Protocol for Protected Data Storage in Cloud ComputingAn Auditing Protocol for Protected Data Storage in Cloud Computing
An Auditing Protocol for Protected Data Storage in Cloud Computingijceronline
 

More Related Content

What's hot

The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
System models in distributed system
System models in distributed systemSystem models in distributed system
System models in distributed systemishapadhy
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Vrince Vimal
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security ProfessionalHatem ElSahhar
 
Security Issues in Cloud Computing
Security Issues in Cloud ComputingSecurity Issues in Cloud Computing
Security Issues in Cloud ComputingJyotika Pandey
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
 
Cloud Privacy & Security compliance
Cloud Privacy & Security complianceCloud Privacy & Security compliance
Cloud Privacy & Security complianceBryan Starbuck
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Sean Xie
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Securit...
Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Securit...Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Securit...
Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Securit...Edureka!
 
The Five Pillars of Customer Identity and Access Management (CIAM)
The Five Pillars of Customer Identity and Access Management (CIAM)The Five Pillars of Customer Identity and Access Management (CIAM)
The Five Pillars of Customer Identity and Access Management (CIAM)WSO2
 
Database Security & Encryption
Database Security & EncryptionDatabase Security & Encryption
Database Security & EncryptionTech Sanhita
 
E Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPE Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPijtsrd
 
Access_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyAccess_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyArti Ambokar
 

What's hot (20)

The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit v
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
 
System models in distributed system
System models in distributed systemSystem models in distributed system
System models in distributed system
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
 
(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional
 
Security Issues in Cloud Computing
Security Issues in Cloud ComputingSecurity Issues in Cloud Computing
Security Issues in Cloud Computing
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Privacy & Security compliance
Cloud Privacy & Security complianceCloud Privacy & Security compliance
Cloud Privacy & Security compliance
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Securit...
Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Securit...Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Securit...
Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Securit...
 
The Five Pillars of Customer Identity and Access Management (CIAM)
The Five Pillars of Customer Identity and Access Management (CIAM)The Five Pillars of Customer Identity and Access Management (CIAM)
The Five Pillars of Customer Identity and Access Management (CIAM)
 
Database Security & Encryption
Database Security & EncryptionDatabase Security & Encryption
Database Security & Encryption
 
E Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPE Authentication System with QR Code and OTP
E Authentication System with QR Code and OTP
 
Access_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyAccess_Control_Systems_and_methodology
Access_Control_Systems_and_methodology
 

Similar to Aspects of data security

An Auditing Protocol for Protected Data Storage in Cloud Computing
An Auditing Protocol for Protected Data Storage in Cloud ComputingAn Auditing Protocol for Protected Data Storage in Cloud Computing
An Auditing Protocol for Protected Data Storage in Cloud Computingijceronline
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
Cloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge PrivacyCloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge PrivacyIJERA Editor
 
Secure_Data_Distribution_Algorithm_for_Fog_Computing.pdf
Secure_Data_Distribution_Algorithm_for_Fog_Computing.pdfSecure_Data_Distribution_Algorithm_for_Fog_Computing.pdf
Secure_Data_Distribution_Algorithm_for_Fog_Computing.pdfHimaBinduKrovvidi
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
 
Iaetsd secured and efficient data scheduling of intermediate data sets
Iaetsd secured and efficient data scheduling of intermediate data setsIaetsd secured and efficient data scheduling of intermediate data sets
Iaetsd secured and efficient data scheduling of intermediate data setsIaetsd Iaetsd
 
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...Editor IJCATR
 
Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...
Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...
Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...ijsrd.com
 
A Survey on Different Techniques Used in Decentralized Cloud Computing
A Survey on Different Techniques Used in Decentralized Cloud ComputingA Survey on Different Techniques Used in Decentralized Cloud Computing
A Survey on Different Techniques Used in Decentralized Cloud ComputingEditor IJCATR
 
Paper id 27201448
Paper id 27201448Paper id 27201448
Paper id 27201448IJRAT
 
Achieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing reportAchieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing reportKiran Girase
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Insuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud EnvironmentInsuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud EnvironmentEditor IJCATR
 

Similar to Aspects of data security (20)

Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)
 
An Auditing Protocol for Protected Data Storage in Cloud Computing
An Auditing Protocol for Protected Data Storage in Cloud ComputingAn Auditing Protocol for Protected Data Storage in Cloud Computing
An Auditing Protocol for Protected Data Storage in Cloud Computing
 
Kp3419221926
Kp3419221926Kp3419221926
Kp3419221926
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
 
H017155360
H017155360H017155360
H017155360
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
 
Cloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge PrivacyCloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge Privacy
 
Secure_Data_Distribution_Algorithm_for_Fog_Computing.pdf
Secure_Data_Distribution_Algorithm_for_Fog_Computing.pdfSecure_Data_Distribution_Algorithm_for_Fog_Computing.pdf
Secure_Data_Distribution_Algorithm_for_Fog_Computing.pdf
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...
 
Iaetsd secured and efficient data scheduling of intermediate data sets
Iaetsd secured and efficient data scheduling of intermediate data setsIaetsd secured and efficient data scheduling of intermediate data sets
Iaetsd secured and efficient data scheduling of intermediate data sets
 
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
 
Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...
Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...
Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...
 
A Survey on Different Techniques Used in Decentralized Cloud Computing
A Survey on Different Techniques Used in Decentralized Cloud ComputingA Survey on Different Techniques Used in Decentralized Cloud Computing
A Survey on Different Techniques Used in Decentralized Cloud Computing
 
Paper id 27201448
Paper id 27201448Paper id 27201448
Paper id 27201448
 
Achieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing reportAchieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing report
 
V04405122126
V04405122126V04405122126
V04405122126
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Insuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud EnvironmentInsuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud Environment
 

Recently uploaded

Engineering Drawing section of solid
Engineering Drawing section of solidEngineering Drawing section of solid
Engineering Drawing section of solidnamansinghjarodiya
 
Python Programming for basic beginners.pptx
Python Programming for basic beginners.pptxPython Programming for basic beginners.pptx
Python Programming for basic beginners.pptxmohitesoham12
 
System Simulation and Modelling with types and Event Scheduling
System Simulation and Modelling with types and Event SchedulingSystem Simulation and Modelling with types and Event Scheduling
System Simulation and Modelling with types and Event SchedulingBootNeck1
 
Katarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School CourseKatarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School Coursebim.edu.pl
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
CS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdfCS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdfBalamuruganV28
 
List of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdfList of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdfisabel213075
 
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Sumanth A
 
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMSHigh Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMSsandhya757531
 
Gravity concentration_MI20612MI_________
Gravity concentration_MI20612MI_________Gravity concentration_MI20612MI_________
Gravity concentration_MI20612MI_________Romil Mishra
 
multiple access in wireless communication
multiple access in wireless communicationmultiple access in wireless communication
multiple access in wireless communicationpanditadesh123
 
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfModule-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfManish Kumar
 
"Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ..."Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ...Erbil Polytechnic University
 
Artificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewArtificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewsandhya757531
 
Prach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism CommunityPrach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism Communityprachaibot
 
Earthing details of Electrical Substation
Earthing details of Electrical SubstationEarthing details of Electrical Substation
Earthing details of Electrical Substationstephanwindworld
 
Industrial Applications of Centrifugal Compressors
Industrial Applications of Centrifugal CompressorsIndustrial Applications of Centrifugal Compressors
Industrial Applications of Centrifugal CompressorsAlirezaBagherian3
 
OOP concepts -in-Python programming language
OOP concepts -in-Python programming languageOOP concepts -in-Python programming language
OOP concepts -in-Python programming languageSmritiSharma901052
 
Turn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxTurn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxStephen Sitton
 
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.elesangwon
 

Recently uploaded (20)

Engineering Drawing section of solid
Engineering Drawing section of solidEngineering Drawing section of solid
Engineering Drawing section of solid
 
Python Programming for basic beginners.pptx
Python Programming for basic beginners.pptxPython Programming for basic beginners.pptx
Python Programming for basic beginners.pptx
 
System Simulation and Modelling with types and Event Scheduling
System Simulation and Modelling with types and Event SchedulingSystem Simulation and Modelling with types and Event Scheduling
System Simulation and Modelling with types and Event Scheduling
 
Katarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School CourseKatarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School Course
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 
CS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdfCS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdf
 
List of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdfList of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdf
 
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
 
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMSHigh Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
 
Gravity concentration_MI20612MI_________
Gravity concentration_MI20612MI_________Gravity concentration_MI20612MI_________
Gravity concentration_MI20612MI_________
 
multiple access in wireless communication
multiple access in wireless communicationmultiple access in wireless communication
multiple access in wireless communication
 
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfModule-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
 
"Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ..."Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ...
 
Artificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewArtificial Intelligence in Power System overview
Artificial Intelligence in Power System overview
 
Prach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism CommunityPrach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism Community
 
Earthing details of Electrical Substation
Earthing details of Electrical SubstationEarthing details of Electrical Substation
Earthing details of Electrical Substation
 
Industrial Applications of Centrifugal Compressors
Industrial Applications of Centrifugal CompressorsIndustrial Applications of Centrifugal Compressors
Industrial Applications of Centrifugal Compressors
 
OOP concepts -in-Python programming language
OOP concepts -in-Python programming languageOOP concepts -in-Python programming language
OOP concepts -in-Python programming language
 
Turn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxTurn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptx
 
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
 

Aspects of data security

  • 1. ASPECTS OF DATA SECURITY
  • 2. ASPECTS OF DATA SECURITY Data security becomes more important when using cloud computing at all “levels”: infrastructure-as-a-service (IaaS), platform-as-a- service (PaaS), and software-as-a-service. Data-in-transit Data-at-rest Processing of data, including multitenancy Data lineage Data provenance Data remanence
  • 3. DATA-IN-TRANSIT: To insure the security of data in transit it is not only important to use a vetted encryption algorithm, but also it is important to ensure that the service protocol provides confidentiality as well as integrity (e.g., FTP over SSL [FTPS], Hypertext Transfer Protocol Secure [HTTPS], and Secure Copy Program [SCP])—particularly if the protocol is used for transferring data across the Internet. Encrypting data and using a non-secured protocol (e.g., FTP or HTTP) can provide confidentiality, but does not ensure the integrity of the data.
  • 4. DATA-AT-REST If you are using an IaaS cloud service (public or private) for simple storage (e.g., Amazon’s Simple Storage Service or S3), encrypting data-at-rest is possible—and is strongly suggested. However, encrypting data-at-rest that a PaaS or SaaS cloud-based application is using (e.g., Google Apps, Salesforce.com) is not always feasible. Data-at-rest used by a cloud-based application is generally not encrypted, because encryption would prevent indexing or searching of that data. In other words, data, when processed by a cloud-based application or stored for use by a cloud-based application, is commingled with other users’ data (i.e., it is typically stored in a massive data store, such as Google’s BigTable)
  • 5. PROCESSING OF DATA, INCLUDING MULTITENANCY For any application to process data, that data must be unencrypted. Until June 2009, there was no known method for fully processing encrypted data. Therefore, unless the data is in the cloud for only simple storage, the data will be unencrypted during at least part of its life cycle in the cloud—processing at a minimum
  • 6. DATA LINEAGE Whether the data of an organization has been put into the cloud is encrypted or not, it is useful and might be required (for audit or compliance purposes) to know exactly where and when the data was specifically located within the cloud. Following the path of data (mapping application data flows or data path visualization) is known as data lineage, and it is important for an auditor’s assurance. Trying to provide accurate reporting on data lineage for a public cloud service is really not possible
  • 7. DATA PROVENANCE Data provenance documents the inputs, entities, systems, and processes that influence data of interest, in effect providing a historical record of the data and its origins. Those resources are not under your physical or even logical control, and you probably have no ability to track the systems used or their state at the times you used them—even if you know some identifying information about the systems (e.g., their IP addresses) and the “general” location (e.g., a country, and not even a specific data center).
  • 8. DATA REMANENCE Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase the data. This residue may be due to data being left intact by a nominal delete operation, or through physical properties of the storage medium. Data remanence may make inadvertent disclosure of sensitive information possible. The risk posed by data remanence in cloud services is that an organization’s data can be inadvertently exposed to an unauthorized party—regardless of which cloud service you are using. Various techniques have been developed to counter data remanence. These techniques are classified as clearing, purging/sanitizing, or destruction.
  • 10. what should you do to mitigate these risks to data security? The only viable option for mitigation is to ensure that any sensitive or regulated data is not placed into a public cloud (or that you encrypt data placed into the cloud for simple storage only)
  • 11. PROVIDER DATA AND ITS SECURITY In addition to the security of customers own data, customers should also be concerned about what data the provider collects and how the CSP protects that data. What metadata does the provider have about customer data, how is it secured, and what of it is accessible to the customer? Additionally, your provider collects and must protect a huge amount of security-related data What data your CSP collects and how it monitors and protects that data is important to the provider for its own audit purposes Additionally, this information is important to both providers and customers in case it is needed for incident response and any digital forensics required for incident analysis.
  • 12. STORAGE SECURITY The same three information security concerns are associated with this data stored in the cloud (e.g., Amazon’s S3) as with data stored elsewhere: 1. confidentiality, 2. integrity, 3. availability
  • 13. CONFIDENTIALITY When it comes to the confidentiality of data stored in a public cloud, you have two potential concerns. First, what access control exists to protect the data? Access control consists of both authentication and authorization. The second potential concern is: How is the data that is stored in the cloud actually protected? For all practical purposes, protection of data stored in the cloud involves the use of encryption. So, is a customer’s data actually encrypted when it is stored in the cloud? And if so, what encryption algorithm, and with what key strength? It depends, and specifically, it depends on which CSP you are using. For example, EMC’s MozyEnterprise does encrypt a customer’s data. However, AWS S3 does not encrypt a customer’s data. Customers are able to encrypt their own data themselves prior to uploading, but S3 does not provide encryption.
  • 14. If a CSP does encrypt a customer’s data, the next consideration concerns what encryption algorithm it uses. Only symmetric encryption has the speed and computational efficiency to handle encryption of large volumes of data. It would be highly unusual to use an asymmetric algorithm for this encryption use case.
  • 15.
  • 16. The next consideration for you is what key length is used. What can be said is that key lengths should be a minimum of 112 bits for Triple DES (Data Encryption Standard) and 128-bits for AES (Advanced Encryption Standard). Another confidentiality consideration for encryption is key management. How are the encryption keys that are used going to be managed—and by whom? Are you going to manage your own keys? Hopefully, the answer is yes, and hopefully you have the expertise to manage your own keys.
  • 17. This means additional resources and capabilities are necessary. At a minimum, a customer should consult all three parts of NIST’s 800- 57, “Part 1: General” “Part 2: Best Practices for Key Management Organization” “Part 3: Application-Specific Key Management Guidance (Draft)” Because key management is complex and difficult for a single customer, it is even more complex and difficult for CSPs to try to properly manage multiple customers’ keys
  • 18. INTEGRITY Confidentiality does not imply integrity; Encryption alone is sufficient for confidentiality, but integrity also requires the use of message authentication codes. The simplest way to use MACs on encrypted data is to use a block symmetric algorithm (as opposed to a streaming symmetric algorithm) in cipher block chaining (CBC) mode, and to include a one- way hash function. Another aspect of data integrity is important, especially with bulk storage using IaaS. Once a customer has several gigabytes (or more) of its data up in the cloud for storage, how does the customer check on the integrity of the data stored there? What is needed instead is a proof of retrievability —that is, a mathematical way to verify the integrity of the data as it is
  • 19. AVAILABILITY There are currently three major threats in this regard—none of which are new to computing, but all of which take on increased importance in cloud computing because of increased risk. The first threat to availability is network-based attacks. The second threat to availability is the CSP’s own availability. No CSPs offer the sought-after “five 9s” (i.e., 99.999%) of uptime. A customer would be lucky to get “three 9s” of uptime. The third risk is absent of data backup as cloud storage does not mean the stored data is actually backed up.
  • 20. • ALL THREE OF THESE CONSIDERATIONS (CONFIDENTIALITY, INTEGRITY, AND AVAILABILITY) SHOULD BE ENCAPSULATED IN A CSP’S SERVICE-LEVEL AGREEMENT (SLA) TO ITS CUSTOMERS