Downloaded 14 times
More Related Content
Cloud security
- 1. CLOUD SECURITY BY PURVADUBLAY
- 2.
- 3. THIS ILLUSTRATION SHOWSTHE POSSIBLE COMMUNICATION PATHS BETWEEN FIVE ACTORS.
- 4. RISK ASSESSMENT INCLOUD COMPUTING TOPMOST THREATS IN CLOUD COMPUTING – DATA BREACHES - DATA LOSS - ACCOUNT OR SERVICE TRAFFIC HIJACKING - INSECURE INTERFACE AND APIS – DENIAL OF SERVICE – MALICIOUS INSIDERS - INSUFFICIENT DUE DILIGENCE - ABUSE OF CLOUD SERVICES - SHARED TECHNOLOGY VULNERABILITIES -
- 5. VIRTUAL MACHINE VULNERABILITIES DRAWBACKS OF VIRTUAL MACHINE : - VM ATTACKS - CLOUD SERVER CONTAINS MORE THAN ONE VMS. ONCE VM IS COMPROMISED, VMS ON THE SAME PHYSICAL SERVER CAN ATTACK EACH OTHER AS THEY SHARE THE SAME RESOURCES. MULTITENANCY - BY DESIGN, CLOUD SHARE THE SAME SOFTWARE AND HARDWARE SOURCE TO RUN THEIR VMS. AS A RESULT, INFORMATION LEAKAGE AND INCREASE IN THE ATTACK SURFACE CAN OCCUR. HYPERVISOR ATTACKS - ATTACKER OFTEN CONSIDER HYPERVISOR AS A POTENTIAL TARGET BECAUSE OF ITS ABILITY TO CONTROL OVER ALL INSTALLED VMS, THE PHYSICAL SYSTEM AND THE HOSTED APPLICATIONS. EX. HYPER JACKING, VM ESCAPE.
- 6. SECURITY STANDARDS RECOMMENDATIONS SIEM - Identity Access Management (IAM) – Data Dispersion – Data Leakage Prevention (DLP) – Bit Splitting – Cloud-watch - Load Balancer – Ensure Effective Exit Process – Disaster Recovery Plan -
- 7. REFRENCES Guidelines onSecurity and Privacy in Public Cloud Computing - http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800- 144.pdf Cloud Security Alliance - https://cloudsecurityalliance.org/group/security- as-a-service/#_downloads Cloud standards Customer Council - http://www.cloud-council.org/ Security and Privacy Controls for Federal Information Systems and Organizations - http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf