This document discusses cloud services and security. It begins by defining cloud computing and its key characteristics such as broad network access, rapid elasticity, and resource pooling. It then covers the different cloud service models including SaaS, PaaS, and IaaS. The document also discusses the various cloud deployment models like public, private, community, and hybrid clouds. It identifies security as the top challenge for cloud adoption and outlines threats like abuse of cloud computing, insecure interfaces, data loss or leakage, and malevolence. Finally, it summarizes the security offerings and controls of Google Apps, Google Engine, Amazon Web Services, and the services they provide.

1. CLOUD SERVICES AND
SECURITY.
Presented by: Jaspreet Kaur
Shipra Kataria
PEC UNIVERSITY OF TECHNOLOGY

2. Cloud Computing
 Cloud computing involves distributed computing over
a network, where a program or application may run on
many connected computers at the same time.
 It has been considered as one of the most promising
solutions to our increasing demand for accessing and
using resources provisioned over the Internet.
 The concept of this new trend originated in 1960 was
used by telecommunication companies

3.  A study by Gartner considered Cloud Computing as the
first among the top 10 most important technologies.
 Cloud computing exhibits the following key
characteristics.
a. Broad Network Access
b. Rapid Elasticity
c. Measured Service
d. On demand self service
e. Resource Pooling

4. Service Delivery Model
 Cloud Software as a Service(SaaS): SaaS also referred as "on-
demand software" is a software delivery model in which software
and associated data are centrally hosted in the cloud.
 Cloud Platform as a Service(PaaS): PaaS is a cloud computing
service providing computing platform and solution stack s a service. It
provides capability to consumer to deploy onto the cloud
infrastructure.
 Cloud Infrastructure as a Service(IaaS): IaaS service model
provides the consumer the efficiency to provision storage, network,
processing and other computing resources

5. Cloud Deployed models
 Public Cloud: In this type of cloud, the cloud infrastructure is
managed by an organization selling cloud services. Various service
providers like Amazon, Microsoft, Google own all infrastructure at
their data centre. Public cloud services may be free or offered on a pay
per-usage model.
 Private Cloud: In this type of cloud the infrastructure is available
only to specific customer and placed within the internal data center of
an organization. It is managed either by an organization itself or third
party service provider.

6.  Community Cloud: This type of cloud infrastructure is
controlled and shared by various organizations from the same
community with common community concerns.
 Hybrid Cloud: The cloud infrastructure is a mixture of two or
more clouds either public, private or community that are
managed centrally and circumscribed by a secure network. It
allows multiple entities to access the cloud through Internet in
a secure way than public clouds.

7. NIST Visual Model of cloud
computing

8. Cloud Computing Security
Scenario
The fame of cloud computing is due to the fact that many enterprise
applications and data are moving towards cloud platforms but lack of
security is the major obstacle for cloud adoption.
According to a recent survey by International Data Corporation (IDC)
87.5 % of the masses belonging to varied levels starting from IT
executives to CEOs have said that security is the top most challenge to
be dealt with in every cloud service. Security is the primary concern
and the greatest inhibitor in cloud computing.

9. VARIOUS THREATS
Threat is a potential cause of an incident, that may result in harm of
systems and organization. Following are the threats that illustrate
possibility of compromising an entire cloud network.
1.Abuse of cloud computing: This threat is related to shortcomings of
registration process associated with cloud. Examples includes
Info Stealer Trojan horses and downloads for Microsoft Office and
Adobe PDF exploits.
2. Insecure interfaces and API: Sometimes in cloud the information
that is not deleted could reside in insecure locations which may cause
inconsistency. Examples including flexible access controls ad improper
authorizations, limited monitoring and logging capabilities

10. Continued….
3. Data Loss or Leakage: Threats related to data loss or
leakage depends upon how data is organized or structured.
Following terms that should keep in mind while protecting
data from any loss or leakage.
 The data of organizations should reside in servers of other
nations.
 Unauthorized parties must be prevented from gaining access
to sensitive data.
 The data retained on Cloud provider should reside on
provider's server for the same duration even after it has been
deleted by client.
Examples are insufficient client authentication, authorization
and audit controls (AAA)

11. Continued..
4. Malevolence: This threat originates due to lack of transparency into
provider's process and procedures. If the factors affecting hiring of new
employee are not considered it may provide opportunity to adversary to
harvest confidential data or gain complete control over the cloud services
with little or no risk of detection.
5. Virtualization threats: It introduces some kind of risks to its applications:
 Dependency on Secure Hypervisor: The security can be
breached here as all the information is stored with a common storage
system. By gaining access to this information, adversary can launch
many attacks like VM Hijack attack.

12. RISKS INVOLVED
 Risk is an expose to danger, harm, or loss. Their are
certain risks in residing data at providers
infrastructure which are as follows:
 Shared Access
 Vulnerabilities
 Virtual Exploits
 Authentication, Authorization & Access Control
 Availability
 Ownership

13. Service & Security Offerings and
Compliance
 Google apps & Google Engine
 Amazon Web Services

15. Google Apps & Google
Engine
 Google Apps is a service from Google that
provides independently customizable versions
of several Google products using a domain
name provided by the customer.
 Features several Web applications with similar
functionality including Gmail, Google Calendar,
Docs, Drive, Groups, News, Play, Sites, Talk.
 Google Apps has passed FISMA certification
meaning that they are compliant with federal law
for holding data for government agencies.

16. Google Apps controls &
Protocols
 Logical security
 Privacy
 Data center physical security
 Incident management and availability
 Change management
 Organization and administration

17. Two factor authentication
 First Step: login using the username and
password. This is an application of the
knowledge factor.
 Implementation of second step:
 Phone's IMEI International Mobile Station
Equipement Identity
 Access to their services is HTTPS enabled so
data can be protected in transit.

18. Continued…
 Data stored on Google’s servers is replicated
to several data centers so even a major outage
to a data center does not destroy the data.
 Google also performs internal audits of their
application code, as well as having external
audits.
 Physical access to data centers is restricted to
an as-needed basis and the data centers
themselves have network and power
redundancies.

20. Geographical Location

21. Control Environment
 Amazon Web Services abbreviated as AWS is
a collection of remote computing services that
together make up a cloud computing platform.
 Amazon Elastic compute cloud is meant for
providing a complete rented computer that can
be used by users for its computer utility.
 Goal is to protect data against unauthorized
systems or users and to provide Amazon EC2
instances

22. Amazon Elastic Compute Cloud

23. Multiple levels of security
 Host Operating system
 Guest Operating system
 Firewall

24. Services
 Well known services are Amazon EC2, S3 and
Amazon SimpleDB
 Elastic Compute Cloud(EC2): It provides a virtual
rented computer with the help of Xen.
 Simple Storage Service: It provides storage to
various applications so that users can do
computations and developments onto that space
and store them for further use.
 Amazon Virtual Private Cloud: It creates a
logically isolated set of Amazon EC2 instances
which can be connected to an existing network
using a VPN connection.

25. Hypervisor
 It is conceptually one level higher than a
supervisory program.
 The hypervisor presents to the guest operating
systems a virtual operating platform and manages
the execution of the guest operating systems.
 Multiple instances of a variety of operating
systems may share the virtualized hardware
resources
 Amazon EC2 currently utilizes a highly
customized version of the Xen hypervisor, taking
advantage of paravirtualization

26. Instance Isolation
 Different instances running on the same
physical machine are isolated from each other
via the Xen hypervisor.
 AWS firewall resides within the hypervisor
layer, between the physical network interface
and the instance's virtual interface
 All packets must pass through this layer, thus
an instances neighbors have no more access
to that instance

27. Instance Isolation

28. Countermeasures
 Authentications and ID
Management
 Workload analysis and allocation
 Use of Data Encryption
 Better Enterprise Infrastructure

29. Conclusion & Future Scope
 The classification of various threats discussed
in this paper helps the cloud users to make out
proper choice and also help cloud providers to
handle such threats efficiently.
 Various Cloud Providers like Amazon, Google
& Windows Azure are liable to users in their
services.
 The future work done by authors would
comprise developing a model to detect and
prevent the most common Virtualization
related threats various risks.

30. Please Ask…