Recommended
More Related Content
What's hot
What's hot (18)
Similar to Cloud computing 10 cloud security advantages and challenges
Similar to Cloud computing 10 cloud security advantages and challenges (20)
More from Vaibhav Khanna
More from Vaibhav Khanna (20)
Recently uploaded
Recently uploaded (20)
Cloud computing 10 cloud security advantages and challenges
- 1. Cloud Computing: 10 Cloud Security Advantages and Challenges Prof Neeraj Bhargava Vaibhav Khanna Department of Computer Science School of Engineering and Systems Sciences Maharshi Dayanand Saraswati University Ajmer
- 2. Cloud Security Advantages • Data Fragmentation and Dispersal • Dedicated Security Team • Greater Investment in Security Infrastructure • Fault Tolerance and Reliability • Greater Resiliency • Hypervisor Protection Against Network Attacks • Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds) 2
- 3. Cloud Security Advantages (Cont.) • Simplification of Compliance Analysis • Data Held by Unbiased Party (cloud vendor assertion) • Low-Cost Disaster Recovery and Data Storage Solutions • On-Demand Security Controls • Real-Time Detection of System Tampering • Rapid Re-Constitution of Services • Advanced Honeynet Capabilities 3
- 4. Cloud Security Challenges • Data dispersal and international privacy laws – EU Data Protection Directive and U.S. Safe Harbor program – Exposure of data to foreign government and data subpoenas – Data retention issues • Need for isolation management • Multi-tenancy • Logging challenges • Data ownership issues • Quality of service guarantees 4
- 5. Cloud Security Challenges (Cont.) • Dependence on secure hypervisors • Attraction to hackers (high value target) • Security of virtual OSs in the cloud • Possibility for massive outages • Encryption needs for cloud computing – Encrypting access to the cloud resource control interface – Encrypting administrative access to OS instances – Encrypting access to applications – Encrypting application data at rest • Public cloud vs internal cloud security • Lack of public SaaS version control 5
- 6. Additional Issues • Issues with moving PII and sensitive data to the cloud – Privacy impact assessments • Using SLAs to obtain cloud security – Suggested requirements for cloud SLAs – Issues with cloud forensics • Contingency planning and disaster recovery for cloud implementations • Handling compliance – FISMA – HIPAA – SOX – PCI – SAS 70 Audits 6
- 9. Security and Privacy Challenges • Authentication and Identity Management – interoperability – password-based: inherited limitation – How multi-tenancy can affect the privacy of identity information isn’t yet well understood. – multi-jurisdiction issue – integrated with other security components. 9
- 10. Security and Privacy Challenges • Access Control and Accounting – Heterogeneity and diversity of services, as well as the domains’ diverse access requirements – capture dynamic, context, or attribute- or credential-based access requirements – integrate privacy-protection requirements – interoperability – capture relevant aspects of SLAs 10
- 11. Security and Privacy Challenges • Trust Management and Policy Integration – compose multiple services to enable bigger application services – efficiently capturing a generic set of parameters required for establishing trust and to manage evolving trust and interaction/sharing requirements – address challenges such as semantic heterogeneity, secure interoperability, and policy- evolution management. 11
- 12. Security and Privacy Challenges • Secure-Service Management – WSDL can’t fully meet the requirements of cloud computing services description – issues such as quality of service, price, and SLAs – automatic and systematic service provisioning and composition framework that considers security and privacy issues 12
- 13. Security and Privacy Challenges • Privacy and Data Protection – storing data and applications on systems that reside outside of on-premise datacenters – shared infrastructure, risk of potential unauthorized access and exposure. – Privacy-protection mechanisms must be embedded in all security solutions. – Provenance – Balancing between data provenance and privacy 13
- 14. Security and Privacy Challenges • Organizational Security Management – shared governance can become a significant issue if not properly addressed – Dependence on external entities – the possibility of an insider threat is significantly extended when outsourcing data and processes to clouds. 14
- 15. 15
- 16. Security and Privacy Approaches • Authentication and Identity Management – User-centric IDM – users control their digital identities and takes away the complexity of IDM from the enterprises – federated IDM solutions – privacy-preserving protocols to verify various identity attributes by using, for example, zero- knowledge proof-based techniques 16
- 17. Security and Privacy Approaches • Access Control Needs – RBAC – policy-integration needs – credential-based RBAC, GTRBAC,8 location-based RBAC 17
- 18. Security and Privacy Approaches • Secure Interoperation – Multi-domain – centralized approach – decentralized approaches – specification frameworks to ensure that the cross- domain accesses are properly specified, verified, and enforced – Policy engineering mechanisms 18
- 19. Security and Privacy Approaches • Secure-Service Provisioning and Composition – Open Services Gateway Initiative (OSGi) – Declarative OWL-based language can be used to provide a service definition manifest, including a list of distinct component types that make up the service, functional requirements, component grouping and topology instructions 19
- 20. Security and Privacy Approaches • Trust Management Framework – trust-based policy integration – Delegation – must be incorporated in service composition framework 20
- 21. Security and Privacy Approaches • Data-Centric Security and Privacy – shifts data protection from systems and applications – documents must be self-describing and defending regardless of their environments. 21
- 22. Security and Privacy Approaches • Managing Semantic Heterogeneity – semantic heterogeneity among policies – Use of an ontology is the most promising approach – policy framework and a policy enforcement architecture – inference engines 22
- 23. Assignment • What are the cloud security advantages and Challenges • Discuss the cloud security approaches