SlideShare a Scribd company logo

Cloud Computing

sahil lalwani
sahil lalwani

This document discusses security risks associated with cloud computing and databases. The main security risks are data breaches, data loss, and service hijacking that can occur when sensitive data is stored in cloud databases. Two examples of past data breaches at large companies, Home Depot and Target, are described along with the steps they took to strengthen security and regain customer trust. Methods to overcome security challenges in cloud computing discussed are encrypting data, implementing strong key management practices, and giving users control over their encryption keys.

Technology
1 of 6
Download to read offline
MIS 6326: DATA MANAGEMENT 1 Research topic: CLOUD COMPUTING AND DATABASE SYSTEMS Submitted by: Research Group 6 ================================================================= Introduction: “We believe we’re moving out of the Ice Age, the Iron Age, the Industrial Age, the Information Age, to the participation age. You get on the Net and you do stuff. You IM, you blog, you take pictures, you publish, you podcast, you transact, you distance learn, you telemedicine. You are participating on the Internet, not just viewing stuff. We build the infrastructure that goes in the data center that facilitates the participation age. We build that big friggin’ Webtone switch. It has security, directory, identity, privacy, storage, compute, the whole Web services stack.” - Scott McNealy, former CEO, Sun Microsystems. This statement by the former CEO of Sun microsystems sums up pretty much what the cloud computing is. Cloud computing is not an innovation, but a means to constructing IT services that use advanced computational power and improved storage capabilities. The main focus of cloud computing from the provider's view as extraneous hardware connected to support downtime on any device in the network, without a change in the users' perspective. Also, the users' software image should be easily transferable from one cloud to another. Though cloud computing is targeted to provide better utilization of resources using virtualization techniques and to take up much of the work load from the client, it is fraught with security risks [1] . The benefits of cloud computing are hard to dispute but the vulnerabilities it possess are also hard to neglect. GTRA research showed that the most common concern about implementing cloud programs was security and privacy, a finding supported by an IDC study of 244 CIOs on cloud computing, in which 75% of respondents listed security as their number-one concern[2] . Security within cloud computing is an especially worrisome issue because of the fact that the devices used to provide services do not belong to the users themselves. Security risks of databases in the cloud The increase in popularity of cloud computing in recent years has caused a tremendous growth of the systems which also poses more security risks. Increasing the size or adding capabilities to the cloud leaves the system to be exposed to many internal and external conflicts. With many security risks, keeping the dependency on cloud computing becomes a big challenge for many firms attempting to grow their databases. The following are the most common security risk cloud databases possess: Data Breach: One of the most common security risks cloud computing faces are data breaches in the system. Data breaches are incidents where sensitive or confidential data are accessed by unauthorized parties. Once that data has been breached, whoever accesses them may view, steal, use, or even manipulate the data to their advantage. These individuals or “groups of organized criminal elements [are] looking to rapidly monetize information [or] have a social
MIS 6326: DATA MANAGEMENT 2 or other agendas” (Green, 2013). Many retail stores face this issue when storing data pertaining to customer credit cards. Dealing with the security of these databases in the cloud for many firms becomes a challenge preventing data breaches. Data loss: Another common security risk cloud computing face are data loses. Since the data is stored in a combined database on a cloud, there is a likely chance multiple authorized users can gain access to a single piece of data. With that power, one person can go in a purposely delete the piece of data making it disappear from the database permanently. Data loss can also occur externally from hackers gaining unauthorized access to the system. Once hackers have entered the cloud database, they can manually go in and change data points or wipe out data that is stored causing data loss. Service Hijacking: A third common security risk is service hijacking causing hackers to gain full control of the service and use it to their control. With advanced cloud computing and complex systems, attackers will be able to access the database and hijack the service. Intruders will be able to exploit the service and weaken its security even further making it more vulnerable for other risks. Hackers can gain control of eavesdropping on users and change or delete data that can damage future records. Hijacking causes huge data breaches and data losses for any organization and can severely damage an organizations reputation. Overcoming hijacking can cause difficulty since the database is comprised and vulnerable for more attacks. Security breaches in the past and how it was overcomed  Home depot: Issue: Breach of database security leading to leakage of customer’s credit card information. Information used by hackers for malicious practices. Steps taken: “We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Frank Blake, chairman and CEO. This statement was issued by Chairman and CEO of Home depot as soon as the investigations revealed a breach in the database security. The company took few steps to regain the lost confidence by the customers. A press release by Home Depot which reads as “The company’s new payment security protection locks down payment data through enhanced encryption, which takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers. Home Depot’s new encryption technology, provided by Voltage Security, Inc., has been tested and validated by two independent IT security firms.” [3] Home depot also decided to use EMV “Chip and PIN” technology after this major breach of security which compromised the users information and lead to loss of faith in the company. EMV refers to payment chip cards that contain an embedded microprocessor, a type of small computer that provides strong security features and other capabilities not possible with traditional magnetic stripe cards [4] . EMV relies on chip present in the card and the pin supplied by the customer at the merchant purchases rather than verifying signatures to validate the transactions.
MIS 6326: DATA MANAGEMENT 3  Target: Issue: Breach in the network of Target Corporation during the timeline of thanksgiving discounts for a period of 2 weeks. It is approximated that around 70 million records were compromised leading to customers information being used by hackers for unauthentic transactions. Steps taken: The retail giant took significant actions to strengthen its network and regain the lost confidence in customers, few of the steps include [5] :  Enhancing monitoring and logging  Includes implementation of additional rules, alerts, centralizing log feeds and enabling additional logging capabilities  Installation of application whitelisting point-of-sale systems  Includes deploying to all registers, point-of-sale servers and development of whitelisting rules  Implementation of enhanced segmentation  Includes development of point-of-sale management tools, review and streamlining of network firewall rules and development of a comprehensive firewall governance process  Includes decommissioning vendor access to the server impacted in the breach and disabling select vendor access points including FTP and telnet protocols  Includes coordinated reset of 445,000 Target team member and contractor passwords, broadening the use of two-factor authentication, expansion of password vaults, disabled multiple vendor accounts, reduced privileges for certain accounts, and developing additional training related to password rotation Target also announced its initiative to shift to the chip-and-PIN enabled cards. It planned to invest around $100 million to expedite the process of transition to chip and pin enabled cards and install supporting softwares and payment devices across all its stores. How to overcome security challenges of cloud computing Despite the limitations and security vulnerabilities, cloud computing continues to be a game changer for small and big enterprises. The security challenges can be overcomed by the following methods:  Data Encryption Major cloud service providers, such as Microsoft, Yahoo and Google have implemented data encryption settings of the end-users' data that they are hosting and managing. For example, Google Cloud Storage can now realize the automatic encryption to the new data written into the disk, and this server-side encryption will soon be used in the old data stored in the Google cloud, in order to protect the security of all data. Microsoft announced they will strengthen the encryption settings of all services provided by Microsoft, including Outlook.com, Office 365,
MIS 6326: DATA MANAGEMENT 4 SkyDrive and Windows Azure, etc. This method is extremely important for the security of data which is transmitted between enterprise users and suppliers.  The key management and data ownership Only if key management system is safe, the data encryption will be safe. When the cloud service provider uses encryption method, the user needs to know: If the cloud supplier leaks user’s data, or give the keys over to someone else, their data will be stolen. This concern has stimulated one method to protect the security of the cloud, which has enabled business users who are making use of cloud services to own their data key, and understand key management procedures when data is being used or transferred. More and more cloud providers, such as Vaultive, CipherCloud, TrendMicro and HyTrust have provided appropriate tools that allow business users to have greater control in the use of cloud services. For example, CipherCloud provides a gateway technology that allows business users to encrypt data when in transmission or storage. Meanwhile, the gateway allows enterprises to store the key and manage encrypted data stored in the cloud. The merge of this technique means that any departments can only get the data by the owner of the data, its purpose is to eliminate the behaviour that cloud service providers reveal the key to the third party.  Regionalization People have been always worrying about the server in the United States or other foreign countries because these suppliers are too far away from those enterprises. This concern caused many business users, especially those non-US business users prefer to use the cloud service suppliers in the local area in order to avoid the risk brought by the long distance. In Asia and Africa, especially in China, Many companies are very worried about the technology of these providers. They are now choosing cloud service suppliers outside the United States. Now the global cloud computing providers are distributed everywhere. In the past few years, in different parts of the world, there are hundreds of small public cloud service providers have sprung up, to serve in the local market. Many cloud service providers implement regionalization in order to improve the agility and performance. Conclusion: One of the biggest security worries with the cloud computing model is the sharing of resources. Cloud service providers need to inform their customers on the level of security that they provide on their cloud. Data security is major issue for Cloud Computing. There are many security risks that are associated with the implementation of cloud computing as a software service [6] . Risks can severely damage an organizations reputation and tarnish their cloud databases from recovering. Many organizations have already faced major security breaches and had to strategically overcome those barriers to strengthen their security. As cloud computing systems become more advanced and complex, there needs to be an increase on attention when scanning for possible attacks on those servers. Using different techniques and investing the skills to forecast future attacks will help organizations overcome security challenges and benefit from the database in cloud computing.
MIS 6326: DATA MANAGEMENT 5 References:  [1]: Vahid Ashktorab, , Seyed Reza Taghizadeh. (October 2012).Security threats and countermeasures in Cloud computing. Retreived from International Journal of Application or Innovation in Engineering & Management (IJAIEM)  [2]: “IT Cloud Services User Study,” IDC, Inc., October 2008.  [3]: Press release. (September 2014). Retrieved from Press release for home depot https://corporate.homedepot.com/MediaCenter/Documents/Press%20Release.pdf  [4]: About EMV. Retrieved from http://www.emvco.com/about_emv.aspx  [5]: Press release. (April 2014). Retrieved from “Target Appoints New Chief Information Officer, Outlines Updates on Security Enhancements”, http://pressroom.target.com/news/target-appoints-new-chief-information-officer- outlines-updates-on-security-enhancements  [6]: Rabi Prasad Padhy, Manas Ranjan Patra, Suresh Chandra Satapathy. (December 2011). Cloud Computing: Security Issues and risk challenges. Retrieved from IRACST - International Journal of Computer Science and Information Technology & Security (IJCSITS).  Green, S. (2013, March 12). The Companies and Countries Losing Their Data. Retrieved November 1, 2014, from http://blogs.hbr.org/2013/03/the-companies-and- countries-lo/  Neumann, P. G. (2014). Risks and Myths of Cloud Computing and Cloud Storage. Communications of the ACM, 57(10), 25-27. doi:10.1145/2661049  Phil Kernick, Chief Technology Officer , Balkanization of the Internet, Retrieved NOVEMBER ,15, 2013 from http://cqraustralia.blogspot.com/2013/11/balkanization- ofinternet.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed% 3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29  Ten ways to protect the data in cloud.(2013).In TechTargetChina. Retrieved August,23,2013,fromhttp://www.searchcloudcomputing.com.cn/showcontent_75964. htm
MIS 6326: DATA MANAGEMENT 6 Questions to audience  Do you think the cost of implementing new security measures will increase as the complexity of the database in the cloud increases?  Do you know any other major breach in security in the past and how did they tackle?  What are your methods for backing up our data? What offerings are available to back up data?

Recommended

Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Ulf Mattsson
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
Ulf Mattsson
 
IRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET- Medical Big Data Protection using Fog Computing and Decoy TechniqueIRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET Journal
 
ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010
Ulf Mattsson
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
Ulf Mattsson
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
IOSR Journals
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computing
ijtsrd
 

Recommended

Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Ulf Mattsson
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
Ulf Mattsson
 
IRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET- Medical Big Data Protection using Fog Computing and Decoy TechniqueIRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET Journal
 
ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010
Ulf Mattsson
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
Ulf Mattsson
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
IOSR Journals
 
Data Storage Issues in Cloud Computing
Data Storage Issues in Cloud ComputingData Storage Issues in Cloud Computing
Data Storage Issues in Cloud Computing
ijtsrd
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challenges
Iaetsd Iaetsd
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
technext1
 
Security and privacy approach of cloud computing
Security and privacy approach of cloud computingSecurity and privacy approach of cloud computing
Security and privacy approach of cloud computing
Jahangeer Qadiree
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
Editor IJMTER
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Ulf Mattsson
 
Towards Achieving Efficient and Secure Way to Share the Data
Towards Achieving Efficient and Secure Way to Share the DataTowards Achieving Efficient and Secure Way to Share the Data
Towards Achieving Efficient and Secure Way to Share the Data
IRJET Journal
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Hossam Al-Ansary
 
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
cscpconf
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous Authentication
IRJET Journal
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
Peter Wood
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for Governments
CloudMask inc.
 
Secure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudSecure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted Cloud
IJERA Editor
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Ad4502189193
Ad4502189193Ad4502189193
Ad4502189193
IJERA Editor
 
Cloud Auditing
Cloud AuditingCloud Auditing
Cloud Auditing
Jonathan Sinclair
 
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET Journal
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
Karla Sasser, CPA CITP, CIA, CGMA
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Arunvignesh Venkatesh
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 

More Related Content

What's hot

Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challenges
Iaetsd Iaetsd
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
technext1
 
Security and privacy approach of cloud computing
Security and privacy approach of cloud computingSecurity and privacy approach of cloud computing
Security and privacy approach of cloud computing
Jahangeer Qadiree
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
Editor IJMTER
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Ulf Mattsson
 
Towards Achieving Efficient and Secure Way to Share the Data
Towards Achieving Efficient and Secure Way to Share the DataTowards Achieving Efficient and Secure Way to Share the Data
Towards Achieving Efficient and Secure Way to Share the Data
IRJET Journal
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Hossam Al-Ansary
 
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
cscpconf
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous Authentication
IRJET Journal
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
Peter Wood
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for Governments
CloudMask inc.
 
Secure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudSecure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted Cloud
IJERA Editor
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Ad4502189193
Ad4502189193Ad4502189193
Ad4502189193
IJERA Editor
 
Cloud Auditing
Cloud AuditingCloud Auditing
Cloud Auditing
Jonathan Sinclair
 

What's hot (18)

Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challenges
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Security and privacy approach of cloud computing
Security and privacy approach of cloud computingSecurity and privacy approach of cloud computing
Security and privacy approach of cloud computing
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
 
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
 
Towards Achieving Efficient and Secure Way to Share the Data
Towards Achieving Efficient and Secure Way to Share the DataTowards Achieving Efficient and Secure Way to Share the Data
Towards Achieving Efficient and Secure Way to Share the Data
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
 
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...
 
Employment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous AuthenticationEmployment Feedback by Securing Data using Anonymous Authentication
Employment Feedback by Securing Data using Anonymous Authentication
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for Governments
 
Secure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted CloudSecure Data Sharing In an Untrusted Cloud
Secure Data Sharing In an Untrusted Cloud
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Ad4502189193
Ad4502189193Ad4502189193
Ad4502189193
 
Cloud Auditing
Cloud AuditingCloud Auditing
Cloud Auditing
 

Similar to Cloud Computing

IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET Journal
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
Karla Sasser, CPA CITP, CIA, CGMA
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Arunvignesh Venkatesh
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
Cloud Security Challenges, Types, and Best Practises.pdf
Cloud Security Challenges, Types, and Best Practises.pdfCloud Security Challenges, Types, and Best Practises.pdf
Cloud Security Challenges, Types, and Best Practises.pdf
manoharparakh
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
H017155360
H017155360H017155360
H017155360
IOSR Journals
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
IOSR Journals
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud Application
IJSRD
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
sarah david
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
sarah david
 
F017414853
F017414853F017414853
F017414853
IOSR Journals
 
DATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDS
DATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDSDATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDS
DATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDS
IRJET Journal
 
Enhanced security framework to ensure data security
Enhanced security framework to ensure data securityEnhanced security framework to ensure data security
Enhanced security framework to ensure data security
eSAT Publishing House
 
Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...
eSAT Journals
 
1784 1788
1784 17881784 1788
1784 1788
Editor IJARCET
 
1784 1788
1784 17881784 1788
1784 1788
Editor IJARCET
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
LindaWatson19
 

Similar to Cloud Computing (20)

IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in CloudIRJET- Security Enhancement for Sharing Data within Group Members in Cloud
IRJET- Security Enhancement for Sharing Data within Group Members in Cloud
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Cloud Security Challenges, Types, and Best Practises.pdf
Cloud Security Challenges, Types, and Best Practises.pdfCloud Security Challenges, Types, and Best Practises.pdf
Cloud Security Challenges, Types, and Best Practises.pdf
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
 
H017155360
H017155360H017155360
H017155360
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud Application
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
F017414853
F017414853F017414853
F017414853
 
DATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDS
DATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDSDATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDS
DATA SECURITY ON VIRTUAL ENVIRONMENT USING ENCRYPTION STANDARDS
 
Enhanced security framework to ensure data security
Enhanced security framework to ensure data securityEnhanced security framework to ensure data security
Enhanced security framework to ensure data security
 
Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...
 
1784 1788
1784 17881784 1788
1784 1788
 
1784 1788
1784 17881784 1788
1784 1788
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
 

Recently uploaded

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 

Recently uploaded (20)

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 

Cloud Computing

  • 1. MIS 6326: DATA MANAGEMENT 1 Research topic: CLOUD COMPUTING AND DATABASE SYSTEMS Submitted by: Research Group 6 ================================================================= Introduction: “We believe we’re moving out of the Ice Age, the Iron Age, the Industrial Age, the Information Age, to the participation age. You get on the Net and you do stuff. You IM, you blog, you take pictures, you publish, you podcast, you transact, you distance learn, you telemedicine. You are participating on the Internet, not just viewing stuff. We build the infrastructure that goes in the data center that facilitates the participation age. We build that big friggin’ Webtone switch. It has security, directory, identity, privacy, storage, compute, the whole Web services stack.” - Scott McNealy, former CEO, Sun Microsystems. This statement by the former CEO of Sun microsystems sums up pretty much what the cloud computing is. Cloud computing is not an innovation, but a means to constructing IT services that use advanced computational power and improved storage capabilities. The main focus of cloud computing from the provider's view as extraneous hardware connected to support downtime on any device in the network, without a change in the users' perspective. Also, the users' software image should be easily transferable from one cloud to another. Though cloud computing is targeted to provide better utilization of resources using virtualization techniques and to take up much of the work load from the client, it is fraught with security risks [1] . The benefits of cloud computing are hard to dispute but the vulnerabilities it possess are also hard to neglect. GTRA research showed that the most common concern about implementing cloud programs was security and privacy, a finding supported by an IDC study of 244 CIOs on cloud computing, in which 75% of respondents listed security as their number-one concern[2] . Security within cloud computing is an especially worrisome issue because of the fact that the devices used to provide services do not belong to the users themselves. Security risks of databases in the cloud The increase in popularity of cloud computing in recent years has caused a tremendous growth of the systems which also poses more security risks. Increasing the size or adding capabilities to the cloud leaves the system to be exposed to many internal and external conflicts. With many security risks, keeping the dependency on cloud computing becomes a big challenge for many firms attempting to grow their databases. The following are the most common security risk cloud databases possess: Data Breach: One of the most common security risks cloud computing faces are data breaches in the system. Data breaches are incidents where sensitive or confidential data are accessed by unauthorized parties. Once that data has been breached, whoever accesses them may view, steal, use, or even manipulate the data to their advantage. These individuals or “groups of organized criminal elements [are] looking to rapidly monetize information [or] have a social
  • 2. MIS 6326: DATA MANAGEMENT 2 or other agendas” (Green, 2013). Many retail stores face this issue when storing data pertaining to customer credit cards. Dealing with the security of these databases in the cloud for many firms becomes a challenge preventing data breaches. Data loss: Another common security risk cloud computing face are data loses. Since the data is stored in a combined database on a cloud, there is a likely chance multiple authorized users can gain access to a single piece of data. With that power, one person can go in a purposely delete the piece of data making it disappear from the database permanently. Data loss can also occur externally from hackers gaining unauthorized access to the system. Once hackers have entered the cloud database, they can manually go in and change data points or wipe out data that is stored causing data loss. Service Hijacking: A third common security risk is service hijacking causing hackers to gain full control of the service and use it to their control. With advanced cloud computing and complex systems, attackers will be able to access the database and hijack the service. Intruders will be able to exploit the service and weaken its security even further making it more vulnerable for other risks. Hackers can gain control of eavesdropping on users and change or delete data that can damage future records. Hijacking causes huge data breaches and data losses for any organization and can severely damage an organizations reputation. Overcoming hijacking can cause difficulty since the database is comprised and vulnerable for more attacks. Security breaches in the past and how it was overcomed  Home depot: Issue: Breach of database security leading to leakage of customer’s credit card information. Information used by hackers for malicious practices. Steps taken: “We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Frank Blake, chairman and CEO. This statement was issued by Chairman and CEO of Home depot as soon as the investigations revealed a breach in the database security. The company took few steps to regain the lost confidence by the customers. A press release by Home Depot which reads as “The company’s new payment security protection locks down payment data through enhanced encryption, which takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers. Home Depot’s new encryption technology, provided by Voltage Security, Inc., has been tested and validated by two independent IT security firms.” [3] Home depot also decided to use EMV “Chip and PIN” technology after this major breach of security which compromised the users information and lead to loss of faith in the company. EMV refers to payment chip cards that contain an embedded microprocessor, a type of small computer that provides strong security features and other capabilities not possible with traditional magnetic stripe cards [4] . EMV relies on chip present in the card and the pin supplied by the customer at the merchant purchases rather than verifying signatures to validate the transactions.
  • 3. MIS 6326: DATA MANAGEMENT 3  Target: Issue: Breach in the network of Target Corporation during the timeline of thanksgiving discounts for a period of 2 weeks. It is approximated that around 70 million records were compromised leading to customers information being used by hackers for unauthentic transactions. Steps taken: The retail giant took significant actions to strengthen its network and regain the lost confidence in customers, few of the steps include [5] :  Enhancing monitoring and logging  Includes implementation of additional rules, alerts, centralizing log feeds and enabling additional logging capabilities  Installation of application whitelisting point-of-sale systems  Includes deploying to all registers, point-of-sale servers and development of whitelisting rules  Implementation of enhanced segmentation  Includes development of point-of-sale management tools, review and streamlining of network firewall rules and development of a comprehensive firewall governance process  Includes decommissioning vendor access to the server impacted in the breach and disabling select vendor access points including FTP and telnet protocols  Includes coordinated reset of 445,000 Target team member and contractor passwords, broadening the use of two-factor authentication, expansion of password vaults, disabled multiple vendor accounts, reduced privileges for certain accounts, and developing additional training related to password rotation Target also announced its initiative to shift to the chip-and-PIN enabled cards. It planned to invest around $100 million to expedite the process of transition to chip and pin enabled cards and install supporting softwares and payment devices across all its stores. How to overcome security challenges of cloud computing Despite the limitations and security vulnerabilities, cloud computing continues to be a game changer for small and big enterprises. The security challenges can be overcomed by the following methods:  Data Encryption Major cloud service providers, such as Microsoft, Yahoo and Google have implemented data encryption settings of the end-users' data that they are hosting and managing. For example, Google Cloud Storage can now realize the automatic encryption to the new data written into the disk, and this server-side encryption will soon be used in the old data stored in the Google cloud, in order to protect the security of all data. Microsoft announced they will strengthen the encryption settings of all services provided by Microsoft, including Outlook.com, Office 365,
  • 4. MIS 6326: DATA MANAGEMENT 4 SkyDrive and Windows Azure, etc. This method is extremely important for the security of data which is transmitted between enterprise users and suppliers.  The key management and data ownership Only if key management system is safe, the data encryption will be safe. When the cloud service provider uses encryption method, the user needs to know: If the cloud supplier leaks user’s data, or give the keys over to someone else, their data will be stolen. This concern has stimulated one method to protect the security of the cloud, which has enabled business users who are making use of cloud services to own their data key, and understand key management procedures when data is being used or transferred. More and more cloud providers, such as Vaultive, CipherCloud, TrendMicro and HyTrust have provided appropriate tools that allow business users to have greater control in the use of cloud services. For example, CipherCloud provides a gateway technology that allows business users to encrypt data when in transmission or storage. Meanwhile, the gateway allows enterprises to store the key and manage encrypted data stored in the cloud. The merge of this technique means that any departments can only get the data by the owner of the data, its purpose is to eliminate the behaviour that cloud service providers reveal the key to the third party.  Regionalization People have been always worrying about the server in the United States or other foreign countries because these suppliers are too far away from those enterprises. This concern caused many business users, especially those non-US business users prefer to use the cloud service suppliers in the local area in order to avoid the risk brought by the long distance. In Asia and Africa, especially in China, Many companies are very worried about the technology of these providers. They are now choosing cloud service suppliers outside the United States. Now the global cloud computing providers are distributed everywhere. In the past few years, in different parts of the world, there are hundreds of small public cloud service providers have sprung up, to serve in the local market. Many cloud service providers implement regionalization in order to improve the agility and performance. Conclusion: One of the biggest security worries with the cloud computing model is the sharing of resources. Cloud service providers need to inform their customers on the level of security that they provide on their cloud. Data security is major issue for Cloud Computing. There are many security risks that are associated with the implementation of cloud computing as a software service [6] . Risks can severely damage an organizations reputation and tarnish their cloud databases from recovering. Many organizations have already faced major security breaches and had to strategically overcome those barriers to strengthen their security. As cloud computing systems become more advanced and complex, there needs to be an increase on attention when scanning for possible attacks on those servers. Using different techniques and investing the skills to forecast future attacks will help organizations overcome security challenges and benefit from the database in cloud computing.
  • 5. MIS 6326: DATA MANAGEMENT 5 References:  [1]: Vahid Ashktorab, , Seyed Reza Taghizadeh. (October 2012).Security threats and countermeasures in Cloud computing. Retreived from International Journal of Application or Innovation in Engineering & Management (IJAIEM)  [2]: “IT Cloud Services User Study,” IDC, Inc., October 2008.  [3]: Press release. (September 2014). Retrieved from Press release for home depot https://corporate.homedepot.com/MediaCenter/Documents/Press%20Release.pdf  [4]: About EMV. Retrieved from http://www.emvco.com/about_emv.aspx  [5]: Press release. (April 2014). Retrieved from “Target Appoints New Chief Information Officer, Outlines Updates on Security Enhancements”, http://pressroom.target.com/news/target-appoints-new-chief-information-officer- outlines-updates-on-security-enhancements  [6]: Rabi Prasad Padhy, Manas Ranjan Patra, Suresh Chandra Satapathy. (December 2011). Cloud Computing: Security Issues and risk challenges. Retrieved from IRACST - International Journal of Computer Science and Information Technology & Security (IJCSITS).  Green, S. (2013, March 12). The Companies and Countries Losing Their Data. Retrieved November 1, 2014, from http://blogs.hbr.org/2013/03/the-companies-and- countries-lo/  Neumann, P. G. (2014). Risks and Myths of Cloud Computing and Cloud Storage. Communications of the ACM, 57(10), 25-27. doi:10.1145/2661049  Phil Kernick, Chief Technology Officer , Balkanization of the Internet, Retrieved NOVEMBER ,15, 2013 from http://cqraustralia.blogspot.com/2013/11/balkanization- ofinternet.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed% 3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29  Ten ways to protect the data in cloud.(2013).In TechTargetChina. Retrieved August,23,2013,fromhttp://www.searchcloudcomputing.com.cn/showcontent_75964. htm
  • 6. MIS 6326: DATA MANAGEMENT 6 Questions to audience  Do you think the cost of implementing new security measures will increase as the complexity of the database in the cloud increases?  Do you know any other major breach in security in the past and how did they tackle?  What are your methods for backing up our data? What offerings are available to back up data?