The emergence of cloud computing has changed perception of all regarding software delivery, development models and infrastructure. Cloud computing has a potential of providing elastic, easily manageable, powerful and cost-effective solutions. The rapid transition to cloud computing has fueled concerns on the security issues. The migration of the user’s data and applications in a shared environment of a cloud, where there is a collocation of several users increases security related concerns. Several research efforts have been made in evaluating challenges related to security faced by the cloud computing environments, a number of solutions of such problems have also been proposed. Integrated security solutions should be devised to deal with the increasing security risks. In this paper, a detailed cloud computing survey, key services and concepts are being presented. This paper attempts to evaluate various security threats to cloud computing and a number of security solutions have also been discussed. Furthermore, a brief view of the cloud security regulatory bodies and compliance have also been presented. Despite the research efforts in cloud security field, there are still some open research problems and challenges which are discussed in this paper.
The amount of data in the world seems increasing and computers make it easy to save the data. Companies offer data storage by providing cloud services and the amount of data being stored in these servers is increasing rapidly. In data mining, the data is stored electronically and the search is automated or at least augmented by computer. As the volume of data increases, inexorably, the proportion of it that people understand decreases alarmingly. This paper presents the data leakage problem arises because the services like Facebook and Google store all your data unencrypted on their servers, making it easy for them, or governments and hackers, to monitor the data.
This document proposes a novel framework for dependable cloud computing. It discusses security risks associated with cloud computing including vulnerabilities, accessibility issues, authentication, data tampering and privacy concerns. The framework aims to address these issues by involving all stakeholders to securely store and transfer encrypted data between private clouds and cloud service providers. An encryption system was designed using Java programming to encrypt and decrypt data in transit to test the dependability of stored and transferred data from the cloud. The goal is to improve security techniques and build trust in cloud computing by preventing and detecting security flaws.
The AIRCC's International Journal of Computer Science and Information Technology (IJCSIT) is devoted to fields of Computer Science and Information Systems. The IJCSIT is a open access peer-reviewed scientific journal published in electronic form as well as print form. The mission of this journal is to publish original contributions in its field in order to propagate knowledge amongst its readers and to be a reference publication.
The literature and write report on information system security part 1 of 5 p...raufik tajuddin
1. The document discusses information system security and threats like distributed denial-of-service (DDoS) attacks. It provides details on DDoS attacks like flood attacks and logic attacks.
2. It also discusses managing airport resources and the goal of smart airport automation systems to make airports more intelligent. The system gathers data from various sources to compute safe takeoff and landing sequences.
3. In conclusion, the document states there is no fail-safe security for information systems and discusses factors like prevention, detection, and deterrence that businesses should consider when designing security controls.
This document discusses privacy and security issues related to cloud computing. It begins with an abstract that notes cloud computing presents a double-edged sword from privacy and security standpoints, as storing sensitive data in the cloud increases risks, but cloud providers may offer low-cost security. The document then provides more details on the technological and institutional challenges to privacy and security in cloud computing, such as new vulnerabilities discovered, the virtual and dynamic nature of cloud architectures reducing user control, and the lag of institutional responses compared to the fast pace of technological changes. Finally, it presents a model showing how characteristics of the cloud affect perceptions of its security and privacy, while formal and informal institutions affect perceptions of its legitimacy, and how these together influence adoption decisions
Most cited articles in academia - International journal of network security &...IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
The emergence of cloud computing has changed perception of all regarding software delivery, development models and infrastructure. Cloud computing has a potential of providing elastic, easily manageable, powerful and cost-effective solutions. The rapid transition to cloud computing has fueled concerns on the security issues. The migration of the user’s data and applications in a shared environment of a cloud, where there is a collocation of several users increases security related concerns. Several research efforts have been made in evaluating challenges related to security faced by the cloud computing environments, a number of solutions of such problems have also been proposed. Integrated security solutions should be devised to deal with the increasing security risks. In this paper, a detailed cloud computing survey, key services and concepts are being presented. This paper attempts to evaluate various security threats to cloud computing and a number of security solutions have also been discussed. Furthermore, a brief view of the cloud security regulatory bodies and compliance have also been presented. Despite the research efforts in cloud security field, there are still some open research problems and challenges which are discussed in this paper.
The amount of data in the world seems increasing and computers make it easy to save the data. Companies offer data storage by providing cloud services and the amount of data being stored in these servers is increasing rapidly. In data mining, the data is stored electronically and the search is automated or at least augmented by computer. As the volume of data increases, inexorably, the proportion of it that people understand decreases alarmingly. This paper presents the data leakage problem arises because the services like Facebook and Google store all your data unencrypted on their servers, making it easy for them, or governments and hackers, to monitor the data.
This document proposes a novel framework for dependable cloud computing. It discusses security risks associated with cloud computing including vulnerabilities, accessibility issues, authentication, data tampering and privacy concerns. The framework aims to address these issues by involving all stakeholders to securely store and transfer encrypted data between private clouds and cloud service providers. An encryption system was designed using Java programming to encrypt and decrypt data in transit to test the dependability of stored and transferred data from the cloud. The goal is to improve security techniques and build trust in cloud computing by preventing and detecting security flaws.
The AIRCC's International Journal of Computer Science and Information Technology (IJCSIT) is devoted to fields of Computer Science and Information Systems. The IJCSIT is a open access peer-reviewed scientific journal published in electronic form as well as print form. The mission of this journal is to publish original contributions in its field in order to propagate knowledge amongst its readers and to be a reference publication.
The literature and write report on information system security part 1 of 5 p...raufik tajuddin
1. The document discusses information system security and threats like distributed denial-of-service (DDoS) attacks. It provides details on DDoS attacks like flood attacks and logic attacks.
2. It also discusses managing airport resources and the goal of smart airport automation systems to make airports more intelligent. The system gathers data from various sources to compute safe takeoff and landing sequences.
3. In conclusion, the document states there is no fail-safe security for information systems and discusses factors like prevention, detection, and deterrence that businesses should consider when designing security controls.
This document discusses privacy and security issues related to cloud computing. It begins with an abstract that notes cloud computing presents a double-edged sword from privacy and security standpoints, as storing sensitive data in the cloud increases risks, but cloud providers may offer low-cost security. The document then provides more details on the technological and institutional challenges to privacy and security in cloud computing, such as new vulnerabilities discovered, the virtual and dynamic nature of cloud architectures reducing user control, and the lag of institutional responses compared to the fast pace of technological changes. Finally, it presents a model showing how characteristics of the cloud affect perceptions of its security and privacy, while formal and informal institutions affect perceptions of its legitimacy, and how these together influence adoption decisions
Most cited articles in academia - International journal of network security &...IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This document summarizes the key risks of securing a corporate cloud environment for non-technical leaders. It discusses how cloud computing works and the main types of cloud services. It then outlines the most common types of data breaches corporations face, including social engineering, technical exploits of vulnerabilities, weak third-party security, simple passwords, and brute force attacks. It emphasizes that employees must have a security mindset and companies must strictly regulate accounts, passwords, and permissions to secure collaboration in the cloud. Proper technology, culture, and policies are needed to balance security and open collaboration.
Cloud computing technology security and trust challengesijsptm
A let of exclusive features such as high functionality and low cost have made cloud computing a valuable
technology. These remarkable features give users and companies, countless opportunities to reach their
goals spending minimum cost and time. Looking at the literature of this technology, it can be claimed that
the main concerns of the users of cloud are security issues especially trust. Unfortunately these concerns
have not been tackled yet. Therefore we decided to introduce a useful and functioned way to create more
trust among consumers to use this technology .In this paper we suggest the foundation of an international
certification institute for the service providing companies in order to increase trust and enhance likeliness
of using this new and valuable technology among people. Practicality of the technology will improve it and
will make its security better by providers.
June 2020: Top Read Articles in Advanced Computingacijjournal
Advanced Computing: An International Journal (ACIJ) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the advanced computing. The journal focuses on all technical and practical aspects of high performance computing, green computing, pervasive computing, cloud computing etc. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding advances in computing and establishing new collaborations in these areas.
Authors are solicited to contribute to the journal by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the areas of computing.
This document discusses the risks, countermeasures, costs and benefits of cloud computing. It identifies key risks like cyberattacks, lack of data location control, complex trust boundaries that make investigations difficult, and privacy issues. It recommends solutions like well-defined policies, service level agreements, continuous risk assessments, encryption, and guidance from NIST. While cloud computing offers cost savings and flexibility, users are ultimately responsible for security and must approach cloud adoption with care given its immature nature and risks.
The AIRCC's International Journal of Computer Science and Information Technology (IJCSIT) is devoted to fields of Computer Science and Information Systems. The IJCSIT is a open access peer-reviewed scientific journal published in electronic form as well as print form. The mission of this journal is to publish original contributions in its field in order to propagate knowledge amongst its readers and to be a reference publication.
The AIRCC's International Journal of Computer Science and Information Technology (IJCSIT) is devoted to fields of Computer Science and Information Systems. The IJCSIT is a open access peer-reviewed scientific journal published in electronic form as well as print form. The mission of this journal is to publish original contributions in its field in order to propagate knowledge amongst its readers and to be a reference publication.
Most viewed article for an year in academia - Advanced Computing: An Internat...acijjournal
Advanced Computing: An International Journal (ACIJ) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the advanced computing. The journal focuses on all technical and practical aspects of high performance computing, green computing, pervasive computing, cloud computing etc. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding advances in computing and establishing new collaborations in these areas.
May 2021: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.
The document provides an overview of cyber risks and proposes a governance framework to manage those risks. It defines key concepts like cyber, security, threats and governance. It then presents a meta-model and framework with four core concepts: risks, response, reputation and resources that revolve around an organization's cyber ecosystem. The framework is intended to provide high-level guidance for executives on continuously governing cyber risks through a strategic approach.
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
Wayne Peterson, the CISO of Kroll Associates, believes that the first priority for any organization should be to identify and shut down attacks before they threaten the business. Peterson's first action as CISO was to build out an incident response team to enable early detection and quick response to any incidents. Peterson notes that in the past, organizations focused on building firewalls and perimeter security, but today the greatest vulnerability is at the endpoint level due to remote and mobile workers. Effective endpoint security solutions can provide greater visibility into true threats and help organizations make smarter security decisions. Peterson advises starting any security strategy with a focus on solid endpoint protection rather than trying to purchase one's way into complete security.
June 2021 - Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
The document proposes a framework to improve security for digital libraries in cloud environments. It discusses security issues when storing data in clouds, including confidentiality, integrity, and availability. The proposed model aims to provide multi-level security for information in clouds and resistance against various attacks. It covers threats like unauthorized access, session hijacking, denial of service attacks, and cross-site scripting. The goal is to present a solution to prevent security threats and hackers on digital library systems using cloud computing.
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organization’s assets is not enough; there is a need to consider the
human factor by raising users’ security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of users’ security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organization’s website through the process of development
life cycle.
A systematic mapping study of security, trust and privacy in cloudsjournalBEEI
This document summarizes a systematic mapping study of publications related to security, trust, and privacy in cloud computing. The study categorized publications based on topic (e.g. privacy issues), contribution (e.g. models), and type of research (e.g. evaluation research). The results showed the most publications were on privacy issues and challenges, with frameworks and techniques also common topics. Shortcomings in cloud security, trust, and privacy research areas were identified to motivate further work. In under 3 sentences, this summary provides the objective, methodology, and high-level findings of the systematic mapping study described in the document.
Fog computing is a decentralized architecture that processes data and applications closer to end users and IoT devices than cloud computing does. It helps address issues with cloud computing like high latency and low capacity for IoT applications. Fog nodes can be devices like routers, switches and hubs that have some computing and storage capabilities. The paper discusses security and privacy issues with fog computing and possible solutions. It outlines threats like denial of service attacks, eavesdropping, spoofing and man-in-the-middle attacks. Authentication, authorization, and virtualization are identified as areas with security issues, and solutions like public key infrastructure, intrusion detection and certification authorities are proposed.
This document discusses security and privacy issues related to cloud computing. It begins by defining cloud computing and describing the four broad categories of cloud services: IaaS, PaaS, DSaaS, and SaaS. It then discusses general security issues faced by both cloud service providers and consumers. Specific issues are organized by governance domain, operational domain, and computer network domain for providers, and by governance, architecture, identity and access management, and availability for consumers. The document also summarizes security challenges related to each type of cloud service and issues regarding virtualization and legal concerns in cloud computing.
This document summarizes information security in cloud computing. It begins by introducing cloud computing and noting that information security is a critical risk for organizations moving to the cloud. It then classifies cloud security based on the three cloud service models of SaaS, PaaS, and IaaS. For each type of security, attributes are identified and some of the world's major cloud service providers are compared. Infrastructure security, application security, and information security like data storage and privacy security are discussed. Several tables provide comparisons of cloud service providers for different security areas. Recommendations are made for organizations choosing cloud providers regarding information security.
This document summarizes the key risks of securing a corporate cloud environment for non-technical leaders. It discusses how cloud computing works and the main types of cloud services. It then outlines the most common types of data breaches corporations face, including social engineering, technical exploits of vulnerabilities, weak third-party security, simple passwords, and brute force attacks. It emphasizes that employees must have a security mindset and companies must strictly regulate accounts, passwords, and permissions to secure collaboration in the cloud. Proper technology, culture, and policies are needed to balance security and open collaboration.
Cloud computing technology security and trust challengesijsptm
A let of exclusive features such as high functionality and low cost have made cloud computing a valuable
technology. These remarkable features give users and companies, countless opportunities to reach their
goals spending minimum cost and time. Looking at the literature of this technology, it can be claimed that
the main concerns of the users of cloud are security issues especially trust. Unfortunately these concerns
have not been tackled yet. Therefore we decided to introduce a useful and functioned way to create more
trust among consumers to use this technology .In this paper we suggest the foundation of an international
certification institute for the service providing companies in order to increase trust and enhance likeliness
of using this new and valuable technology among people. Practicality of the technology will improve it and
will make its security better by providers.
June 2020: Top Read Articles in Advanced Computingacijjournal
Advanced Computing: An International Journal (ACIJ) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the advanced computing. The journal focuses on all technical and practical aspects of high performance computing, green computing, pervasive computing, cloud computing etc. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding advances in computing and establishing new collaborations in these areas.
Authors are solicited to contribute to the journal by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the areas of computing.
This document discusses the risks, countermeasures, costs and benefits of cloud computing. It identifies key risks like cyberattacks, lack of data location control, complex trust boundaries that make investigations difficult, and privacy issues. It recommends solutions like well-defined policies, service level agreements, continuous risk assessments, encryption, and guidance from NIST. While cloud computing offers cost savings and flexibility, users are ultimately responsible for security and must approach cloud adoption with care given its immature nature and risks.
The AIRCC's International Journal of Computer Science and Information Technology (IJCSIT) is devoted to fields of Computer Science and Information Systems. The IJCSIT is a open access peer-reviewed scientific journal published in electronic form as well as print form. The mission of this journal is to publish original contributions in its field in order to propagate knowledge amongst its readers and to be a reference publication.
The AIRCC's International Journal of Computer Science and Information Technology (IJCSIT) is devoted to fields of Computer Science and Information Systems. The IJCSIT is a open access peer-reviewed scientific journal published in electronic form as well as print form. The mission of this journal is to publish original contributions in its field in order to propagate knowledge amongst its readers and to be a reference publication.
Most viewed article for an year in academia - Advanced Computing: An Internat...acijjournal
Advanced Computing: An International Journal (ACIJ) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the advanced computing. The journal focuses on all technical and practical aspects of high performance computing, green computing, pervasive computing, cloud computing etc. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding advances in computing and establishing new collaborations in these areas.
May 2021: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.
The document provides an overview of cyber risks and proposes a governance framework to manage those risks. It defines key concepts like cyber, security, threats and governance. It then presents a meta-model and framework with four core concepts: risks, response, reputation and resources that revolve around an organization's cyber ecosystem. The framework is intended to provide high-level guidance for executives on continuously governing cyber risks through a strategic approach.
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
Wayne Peterson, the CISO of Kroll Associates, believes that the first priority for any organization should be to identify and shut down attacks before they threaten the business. Peterson's first action as CISO was to build out an incident response team to enable early detection and quick response to any incidents. Peterson notes that in the past, organizations focused on building firewalls and perimeter security, but today the greatest vulnerability is at the endpoint level due to remote and mobile workers. Effective endpoint security solutions can provide greater visibility into true threats and help organizations make smarter security decisions. Peterson advises starting any security strategy with a focus on solid endpoint protection rather than trying to purchase one's way into complete security.
June 2021 - Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
The document proposes a framework to improve security for digital libraries in cloud environments. It discusses security issues when storing data in clouds, including confidentiality, integrity, and availability. The proposed model aims to provide multi-level security for information in clouds and resistance against various attacks. It covers threats like unauthorized access, session hijacking, denial of service attacks, and cross-site scripting. The goal is to present a solution to prevent security threats and hackers on digital library systems using cloud computing.
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organization’s assets is not enough; there is a need to consider the
human factor by raising users’ security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of users’ security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organization’s website through the process of development
life cycle.
A systematic mapping study of security, trust and privacy in cloudsjournalBEEI
This document summarizes a systematic mapping study of publications related to security, trust, and privacy in cloud computing. The study categorized publications based on topic (e.g. privacy issues), contribution (e.g. models), and type of research (e.g. evaluation research). The results showed the most publications were on privacy issues and challenges, with frameworks and techniques also common topics. Shortcomings in cloud security, trust, and privacy research areas were identified to motivate further work. In under 3 sentences, this summary provides the objective, methodology, and high-level findings of the systematic mapping study described in the document.
Fog computing is a decentralized architecture that processes data and applications closer to end users and IoT devices than cloud computing does. It helps address issues with cloud computing like high latency and low capacity for IoT applications. Fog nodes can be devices like routers, switches and hubs that have some computing and storage capabilities. The paper discusses security and privacy issues with fog computing and possible solutions. It outlines threats like denial of service attacks, eavesdropping, spoofing and man-in-the-middle attacks. Authentication, authorization, and virtualization are identified as areas with security issues, and solutions like public key infrastructure, intrusion detection and certification authorities are proposed.
This document discusses security and privacy issues related to cloud computing. It begins by defining cloud computing and describing the four broad categories of cloud services: IaaS, PaaS, DSaaS, and SaaS. It then discusses general security issues faced by both cloud service providers and consumers. Specific issues are organized by governance domain, operational domain, and computer network domain for providers, and by governance, architecture, identity and access management, and availability for consumers. The document also summarizes security challenges related to each type of cloud service and issues regarding virtualization and legal concerns in cloud computing.
This document summarizes information security in cloud computing. It begins by introducing cloud computing and noting that information security is a critical risk for organizations moving to the cloud. It then classifies cloud security based on the three cloud service models of SaaS, PaaS, and IaaS. For each type of security, attributes are identified and some of the world's major cloud service providers are compared. Infrastructure security, application security, and information security like data storage and privacy security are discussed. Several tables provide comparisons of cloud service providers for different security areas. Recommendations are made for organizations choosing cloud providers regarding information security.
The Sunland-Tujunga Neighborhood Council Land Use Committee will hold a meeting on June 4, 2012 at 7:00 PM to discuss several land use and zoning issues in the neighborhood. The agenda includes discussions on the Verdugo Hills Golf Course development, community care facilities, homeless issues, medical marijuana regulations, and potential development proposals for vacant properties along Foothill Boulevard. Public comments will be taken and future committee meetings will be announced.
This deck talks about everything an advertiser on Twitter would need to know. Starting from basic understanding of Twitter as a social platform to campaign creation and management, this deck covers it all.
Research Paper TopicITS835 – Enterprise Risk Managemen.docxaudeleypearl
Research Paper Topic
ITS835 – Enterprise Risk Management
Dr. Jerry Alsay
University of the Cumberlands
Introduction
All research reports begin with an introduction. (1 – 2 Pages)
Background
Provide your reader with a broad base of understanding of the research topic. The goal is to give the reader an overview of the topic, and its context within the real world, research literature, and theory. (3 – 5 Pages)
Problem Statement
This section should clearly articulate how the study will relate to the current literature. This is done by describing findings from the research literature that define the gap. Should be very clear what the research problem is and why it should be solved. Provide a general/board problem and a specific problem (150 – 200 Words)
Literature Review
Using your annotated bibliography, construct a literature review. (3-5 pages)
Discussion
Provide a discussion about your specific topic findings. Using the literature, you found, how do you solve your problem? How does it affect your general/board problem?
References
Running Head: CLOUD COMPUTING AND DATA SECURITY1
Cloud Computing and Data Security
Naresh Rama
Professor Dr.Jerry Alsay
07/14/2019
Cloud Computing and Data Security
Introduction
In today's world, the movement of data is from a store that is severe and it is located centrally to the storage of cloud, services in the cloud offer the flexibility, scalability, and concerns that are proportionate that concerns the issue of security. Safety is an aspect that is important and it associated with the computing of cloud because information can be stored on the cloud by the users with the help of providers that works in the service of the cloud. In the security f data and computing of the cloud, there are some problems that are available. They include backups of data that is improper and inadequate that have caused organizations been among those that are vulnerable to threats that re-associated with security measures.
Data that is found in an organization and is stored in files that are encrypted are interfered by these threats. Problem found under these investigations is significant to this study and these show that the threats that emerge because of backups concerning data that is improper lead to an issue that is significant in the security of data in the computing cloud and also security concerning data.
The study tends to shows that security of data and computing of data leads to the provision of ways that helps in the protection of data that is private and also information that is classified away from such threats. That may include attacks in the cyber sector and losses that occur in case of disasters (Strategic Cyber Security, 2011). This study has limitations that state that assurance of security to the computing of cloud is not available and that there is no protection of data that is vital in an organization to a hundred percent.
Background
Hacke ...
7/13/2019 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=ed81c06e-b4f4-426c-9cee-f04b1533665… 1/6
%34
%9
%3
%3
SafeAssign Originality Report
Summer 2019 - Application Security (ISOL-534-50) (ISOL-534-51) - Co… • Week 4 -Annotated Bibliography
%50Total Score: High riskNaresh Rama
Submission UUID: 83163885-57ee-26aa-181e-67ee890ed175
Total Number of Reports
1
Highest Match
50 %
AnnotatedBibliography.docx
Average Match
50 %
Submitted on
05/31/19
04:46 PM CDT
Average Word Count
2,482
Highest: AnnotatedBibliography.docx
%50Attachment 1
Global database (6)
Student paper Student paper Student paper
Student paper Student paper Student paper
Institutional database (4)
Student paper Student paper Student paper
Student paper
Scholarly journals & publications (1)
ProQuest document
Internet (2)
journals archives-ouvertes
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 2,482
AnnotatedBibliography.docx
4 1 12
7 10 5
3 13 2
9
8
6 11
4 Student paper 1 Student paper 12 Student paper
Running head: DATA SECURITY AND CLOUD COMPUTING
DATA SECURITY AND CLOUD COMPUTING
DATA SECURITY AND CLOUD COMPUTING
Naresh Rama
University of the Cumberland’s
Chang, V., & Ramachandran, M. (2015). Towards achieving data security with the cloud computing adoption framework. IEEE Transactions on Services
Computing, 9(1), 138-151. The author of the article describes the various ways through which we can achieve cloud computing and adoption substructure, the author
of the article describes real-time data security for big units of data which is among the most essential for cloud computing. Cloud computing and Data security are
essential because it can be achieved throughan approach which is well-structured, adoptable and systematic. The author says that CCAF is usually demonstrated by
the design of the system which is usually based on the implementation and requirements and illustrated by the CCAF securitywhich has several layers. The targeted
audience of the author is the organizations which rely cloud computing for the purposes of storing information. Almorsy, M., Grundy, J., & Müller, I. (2016). An
1
2 3
4
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport?attemptId=ed81c06e-b4f4-426c-9cee-f04b15336656&course_id=_109656_1&download=true&includeDeleted=true&print=true&force=true
7/13/2019 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=ed81c06e-b4f4-426c-9cee-f04b1533665… 2/6
analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107. Almorsy alludes that cloud computing is among the latest computational patterns
which provides an innovative business model for entities so that they can adopt Information Technology without upfront expenditure. Notwithstanding the probable
gains which are obtaine.
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docxjeanettehully
Running head: SECURITY RISKS IN DATABASE MIGRATION 1
SECURITY RISKS IN DATABASE MIGRATION 3
Security Risks in Database Migration
Name
Institutional Affiliation
Security Risks in Database Migration
As organizations become more reliant on database applications, companies may require to migrate their databases allowing for cheaper running which can then replicated to the consumers with reduced charges. This can be demonstrated with the recent move of Apple Inc.’s iCloud user data to Chinese servers. The move by the company was to reduce the expense of running the severs “inhouse,” however, brought about questions regarding data security for people using smart devices. Nevertheless, data migration can be daunting particularly when the event is unplanned or unwanted (Fisch, White, & Pooh, 2017). When companies migrate, they experience some risks and challenges as servers are moved from one location to another. Among the first issues is the loss of data or information (Fisch, White, & Pooh, 2017). In a recent study, it was estimated that this problem accounts for approximately fifty percent of all problems that occur during this process. The outcomes of this problem are viewed as damaging for both businesses and individuals using the services (Fisch, White, & Pooh, 2017).
Though this problem is common during database migration, it is not the only one, another issue is semantics risk (Malik & Patel, 2016). The term semantic risk is given or used in database security when data or information is imprecisely, or improperly stored resulting in misinterpretations that quickly escalate to adverse outcomes due to computation errors. Therefore, even if the data transfer to the new location was completely efficient some errors may occur when recompiling the data. There are possibilities that information can be unintentionally saved in the wrong location or folder. This can be especially harmful to organizations that deal with numbers or currency such as the various stock exchange organizations globally. In other words, sematic risk can be described as when misunderstanding results in misallocation (Malik & Patel, 2016). This can allow hackers to easily access data that should be properly secured by the various protocols in place. The final security issue with data migration is the risk of incompatibility, though compatibility can be tested, not all the data being sent will be compatible in some cases exemplifying them from security measures thus offering a breach or point of attack (Yunis, Yunus, Nawi, & Surin, 2017).
Overall, data security is important as demonstrated by the recent attacks and breaches that resulted in data leaks of high-profile companies for example Facebook. When migrating data from one server to another as done by Apple Inc. In the example offered, corporate data has to be accessed and for this reason, security cannot be left to chance as the information is both sensitive and critical (K ...
A Review On Data Security In Cloud ComputingYolanda Ivey
This document provides a review of approaches for ensuring data security in cloud computing. It summarizes 31 research papers on this topic published between 2007-2014. The key findings are:
1) The majority of approaches (45%) ensured data security through encryption methods like RSA encryption, merging Playfair and Vigenere ciphers with DES, and using SSL encryption.
2) Other common approaches included proposing guidelines (21%) and frameworks (16%) for data security, and using homomorphic tokens (7%) to enable encrypted data comparisons.
3) The approaches were categorized based on the technique used, with encryption being the most frequent, followed by guidelines, frameworks, homomorphic tokens, and other methods like harmonizing
Week 1 Answer It is important to understand human beings and t.docxjessiehampson
Week 1 Answer :
It is important to understand human beings and technology interact in all information systems. This is important because when humans understand their interaction with technology, they will embrace its importance and help in managing and controlling their use(Mjolsnes, 2011). In addition to that, this knowledge helps humans to come up with innovative means to make sure that their interaction with technology is profitable to them.
It is important and necessary for businesses to educate their employees on security matters. This is because when employees understand the security of systems, they will avoid behaviors that might risk the safety of their systems (Seigneur, 2009). They will avoid sharing passwords of the systems to unauthorized people.
References
Mjolsnes, S. F. (2011). A Multidisciplinary Introduction to Information Security. Boca Raton, FL: CRC Press.
Seigneur, J. (2009). Collaborative Computer Security and Trust Management. IGI Global.
Week 2 answer :
Just give me 4 sentences. Not able to find prev. answer.
Week 3 Answer :
A secure system needs a good and effective antivirus program. Some antivirus is free so you do not need any cash to get the protection. The antivirus programs are active each moment on your computer to protect your files and your personal information is always private and confidential. It also helps in the scanning of documents. It is also not a must you log in to windows for you to install the antivirus tool you can use a computer that is functioning and use the antivirus tool that is free to boot and then run on the computer that is infected. An antivirus program with the scanning option is very good, very important and very secure to your computer because the scanning option helps identify a problem or a virus and stops it before it erodes the computer. There are different types of free antivirus programs: Some includes Aviva’s free software, Smadav free software, Avast free software, and Bit defender free software Antivirus (Ariwa & El-Qawasmeh, 2011).
The antivirus known as Bit defender provides protection to your computer instantly against threats, worms, and virus among others. It protects against anti-fraud and this helps to provide security to your computer when using the internet to browse and also during setting the computer. Bit defender antivirus can perform many functions at the same time. These functions include raging files and folders directly into the program, Scan those programs (Studio, 2018).
In conclusion, the antivirus program helps to scan existing files in the programs, email database, files that are achieved, files that are executable, sectors that are bootable. It also helps in identifying files that are bootable (Naumann, 2012). It also helps in identifying files that have viruses. It is advisable to scan and update your computer scanning software on a daily basis or once it expires to ensure the protection of your computer. To ensure that your ...
Cloud Security: Techniques and frameworks for ensuring the security and priva...IRJET Journal
This document discusses techniques and frameworks for ensuring security and privacy of data in cloud environments. It highlights the importance of data encryption, access controls, security monitoring, and compliance with frameworks. The document provides an overview of these topics, including common encryption techniques, access control models, and identity management solutions used in cloud computing. It also examines security monitoring and the role of logging and intrusion detection. Real-world examples of implementing encryption, access controls, and identity management at AWS, Azure, and GCP are discussed.
Cloud computing has sweeping impact on the human productivity. Today it’s used for Computing, Storage, Predictions and Intelligent Decision Making, among others. Intelligent Decision-Making using Machine Learning has pushed for the Cloud Services to be even more fast, robust and accurate. Security remains one of the major concerns which affect the cloud computing growth however there exist various research challenges in cloud computing adoption such as lack of well managed service level agreement (SLA), frequent disconnections, resource scarcity, interoperability, privacy, and reliability. Tremendous amount of work still needs to be done to explore the security challenges arising due to widespread usage of cloud deployment using Containers. We also discuss Impact of Cloud Computing and Cloud Standards. Hence in this research paper, a detailed survey of cloud computing, concepts, architectural principles, key services, and implementation, design and deployment challenges of cloud computing are discussed in detail and important future research directions in the era of Machine Learning and Data Science have been identified.
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
This document discusses cyber security threats and their impact. It provides an overview of some growing cyber risks and how they can threaten the development of the information society. It argues that increased cooperation and information sharing between cyber security groups is needed to effectively address these challenges. Senior executives and governments must play a leading role in overseeing cyber security and minimizing risks through effective IT governance and strategic alignment of security systems. Overall cyber threats are increasing and declining trust in internet users, so concerted efforts are needed from all stakeholders to promote a more secure information environment.
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...ijccsa
This document summarizes a research paper on privacy-preserving techniques for IoT data in cloud environments. It introduces two differential privacy algorithms: 1) Generic differential privacy (GenDP) which provides generalized privacy protection for homogeneous and heterogeneous IoT metadata through data portioning. 2) Cluster-based differential privacy which groups similar data into clusters before defining classifiers to validate privacy. The paper evaluates these techniques and finds the cluster-based approach offers better security than customized interactive algorithms while maintaining data utility. Overall, the study presents new differential privacy methods for anonymizing IoT metadata stored in the cloud.
Methodologies for Resolving Data Security and Privacy Protection Issues in Cl...AJASTJournal
Because of its accessibility and flexibility, cloud technology is among the most notable innovations in today's world. Having many service platforms, such as GoogleApps by Google, Amazon, Apple, and so on, is well accepted by large enterprises. Distributed cloud computing is a concept for enabling every-time, convenient, on-demand network access to processing resources including servers, storage devices, networks, and services that may be mutually configured. The major security risks for cloud computing as identified by the Cloud security alliance (CSA) have been examined in this study. Also, methods for resolving issues with cloud computing technology's data security and privacy protection were systematically examined
Because of its accessibility and flexibility, cloud technology is among the most notable innovations in today's world. Having many service platforms, such as GoogleApps by Google, Amazon, Apple, and so on, is well accepted by large enterprises. Distributed cloud computing is a concept for enabling every-time, convenient, on-demand network access to processing resources including servers, storage devices, networks, and services that may be mutually configured. The major security risks for cloud computing as identified by the Cloud security alliance (CSA) have been examined in this study. Also, methods for resolving issues with cloud computing technology's data security and privacy protection were systematically examined.
Review of Business Information Systems – Fourth Quarter 2013 V.docxmichael591
This document discusses security threats in cloud computing based on a case study interview with an IT manager. The interviewee's company uses both private and public clouds. The document identifies 41 security threats from literature and classifies them from technical and business perspectives. Based on the interview, the major drivers for using cloud computing were improving business continuity, reducing costs through virtualization and disaster recovery, and utilizing high bandwidth. The interview helped explore the dimensions of security threats in cloud computing beyond what is described in existing research.
The document summarizes various technologies used for cloud computing security. It discusses three main methods: data splitting, data anonymization, and cryptographic techniques.
Data splitting involves separating confidential data into fragments that are stored in different locations. Data anonymization irreversibly hides data to protect sensitive information while still allowing analysis. Cryptographic techniques like encryption can be used to encrypt data before outsourcing, but limit cloud capabilities unless advanced encryption methods are used.
The document compares the advantages and disadvantages of each method for security, overhead, functionality, and key criteria. It provides an overview of approaches for maintaining data security in cloud computing.
HYBRIDIZED MODEL FOR DATA SECURITY BASED ON SECURITY HASH ANALYSIS (SHA 512) ...IJNSA Journal
High-profile security breaches and attacks on many organization’s database have been on the increase and the consequences of this, are the adverse effect on the organizations in terms of financial loss and reputation. Many of the security breaches has been ascribed to the vulnerability of the organization’s networks, security policy and operations. Additionally, the emerging technology solutions like Internet-ofThings (IoT), Artificial Intelligence, and Cloud Computing, has extremely exposed many of the organizations to different forms of cyber-threats and attacks. Researchers and system designers have made attempts to proffer solution to some of these challenges. However, the efficacy of the techniques remains a great concern due to insufficient control mechanisms. For instance, many of the techniques are majorly based on a single mode encryption techniques which are not too robust to withstand the threats and attacks on organization’s database. To proffer solution to these challenges, the current research designed and integrated a hybridized data security model based on Secured Hash Analysis (SHA 512) and Salting Techniques to enhance the adeptness of the existing techniques. The Hash Analysis algorithm was used to map the data considered to a bit string of a fixed length and salt was added to the password strings essentially to hide its real hash value. The idea of adding salt to the end of the password is basically to complicate the password cracking process. The hybridized model was implemented in Windows environment using python 3.7 IDE platform and tested on a dedicated Local Area Network (LAN) that was exposed to threats from both internal and external sources. The results from the test show that the model performed well in terms of efficiency and robustness to attacks. The performance of the new model recorded a high level of improvement over the existing techniques with a recital of 97.6%.
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...IJNSA Journal
Computers are crucial instruments providing a competitive edge to organizations that have adopted them. Their pervasive presence has presented a novel challenge to information security, specifically threats emanating from privileged employees. Various solutions have been tried to address the vice, but no exhaustive solution has been found. Due to their elusive nature, proactive strategies have been proposed of which detection using Machine Learning models has been favoured. The choice of algorithm, datasets and metrics are cornerstones of model performance and hence, need to be addressed. Although multiple studies on ML for insider threat detection have been done, none has provided a comprehensive analysis of algorithms, datasets and metrics for development of Insider Threat Detection models. This study conducts a comprehensive systematic literature review using reputable databases to answer the research questions posed. Search strings, inclusion and exclusion criteria were set for eligibility of articles published in the last decade.
This document summarizes 10 research papers related to privacy and security aspects of big data. It discusses the key challenges around big data privacy including how large amounts of consumer data collected by companies may be misused and how securely storing and analyzing this information is critical. Various papers propose mechanisms for encrypting data and complying with data privacy laws. Overall, the review finds that big data brings important security and privacy issues given its scale, and continued research is needed to develop solutions that balance data needs with individual privacy.
Security and Privacy of Big Data in Mobile DevicesIOSRjournaljce
Presently, the volume of data generated via mobile devices is at an exponential rate due to the rapid advancement in internet-enabled mobile devices, which makes it complex to ensure the privacy and security of this data. Cloud-based server is currently considered one of the most reliable solutions to address these issues. Nevertheless, the increasing uncertainties of storing useful and sensitive big data in a public cloud have suppressed the exploration of this option. In our paper, we meticulously reviewed the drawbacks in the current adopted solutions for security and privacy of big data within mobile devices. As the utilization of mobile platforms is increasingly generating large data, the current traditional methods of cryptography will not be able to efficiently ensure the security and privacy of this big data. Therefore, this paper will propose the utilization of Federated Identity Management that is Openstack cloud-based as an effective solution that can ensure the privacy and security of big data within mobile device ecosystem.
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGijsptm
In the digital world using technology and new technologies require safe and reliable environment, and it also requires consideration to all the challenges that technology faces with them and address these challenges. Cloud computing is also one of the new technologies in the IT world in this rule there is no exception. According to studies one of the major challenges of this technology is the security and safety required for providing services and build trust in consumers to transfer their data into the cloud. In this paper we attempt to review and highlight security challenges, particularly the security of data storage in a cloud environment. Also, provides some offers to enhance the security of data storage in the cloud
computing systems that by using these opinions can be overcome somewhat on the problems.
Cloud Storage is a branch of Cloud Computing, which plays an important role in IT world. Cloud providers are providing a huge volume of storage space as per the user needs. Due to wide usage of this, it also increases data security issues and threats. Hence efforts are being made to encrypt the data stored in the cloud. In this paper, we are going to look at different encryption and auditing techniques that are used to avoid data breaching in cloud storage. Nikhil Sreenivasan ""Data Storage Issues in Cloud Computing"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-2 , February 2020,
URL: https://www.ijtsrd.com/papers/ijtsrd30194.pdf
Paper Url : https://www.ijtsrd.com/computer-science/computer-network/30194/data-storage-issues-in-cloud-computing/nikhil-sreenivasan
The AIRCC's International Journal of Computer Science and Information Technology (IJCSIT) is devoted to fields of Computer Science and Information Systems. The IJCSIT is a open access peer-reviewed scientific journal published in electronic form as well as print form. The mission of this journal is to publish original contributions in its field in order to propagate knowledge amongst its readers and to be a reference publication.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
1. International Journal of Scientific and Research Publications, Volume 6, Issue 4, April 2016 69
ISSN 2250-3153
www.ijsrp.org
Possible Solutions for the Drawbacks of Data Center
Security Mechanisms
V.S.P Vidanapathirana, M.S.T.J Nanayakkara, A.M.S.D Attanayake, V.Abenayan, Pubudu Dhanushka, Dhishan
Dhammearatchi
Department, Institute Name, if any Faculty of Information Technology, Sri Lanka Institute of Information Technology, Colombo, Sri Lanka
Abstract- As the place that stores the brain in an organization, a
Data Center centralizes the operations of the company, its
equipment and stores, maintains, propagate the data that runs
through the company. Data Centers may have a physical or
virtual infrastructure and data which are stored in them provides
the base for the successiveness of an organization since they are
much valuable when making decisions in the business processes.
In simple terms, the past, present and the future of an
organization relies on the outcome of the analyzed data. Due to
these reasons, it is one of the top priorities of a company to
ensure the security and reliability of data centers and their
information. With the advancement of the technology, securing
the data centers to its best level has become a complicated task,
due to the various possible attacks. Making an attack on a data
center becomes easier when there are loopholes in the security
mechanisms that are used in data centers. In this paper the
authors describe about the existing security mechanisms which
are specific to the physical data centers. Furthermore, this paper
has discussed the possible solutions that can be used to ensure
the security of data centers as a perspective to the current
Information Technology (IT) industry.
Index Terms- Data Center, Data, Data Center Security, Security
Mechanism, Physical Data Center
I. INTRODUCTION
he complexity of the world increases by the minute of the
day, due to the effects of globalization which is a
combination of the improvements made on information
technology and telecommunication. The potential of
globalization has generated a huge advancement in the industry
of information technology and it has made the world a universal
ground which keep people connected from all corners of the
world. In simple terms, this rapid growth in the field of
Information technology is a worldwide phenomenon experienced
today.
The emergence of computer networking methodologies
plays a key role in the global IT boost, unfolding a new era of
communication technology. The global private sector was the
first to explore the endless opportunities and networking by
residing the business processes with the integration with data
centers to have the competitive advantages in the business world.
Today, the ability to achieve the organizational goals relies
purely on the availability, efficiency and authenticity of the
information. It is a well-known fact that such information should
be protected by all means because in the present business world,
it can be defined as one of the most valuable assets in an
organization since some of the future decisions that are to be
made totally rely on them. Therefore, the security of the data
centers falls to the topics that get the major attention and the
concern in an organization.
As a highly dynamic and technical field, data center security
deals with all the aspects of securing the data centers from
intrusions. Hacking, Distributed Denial of Service (DDoS)
attacks, physical attacks are some of the common issues that
threatens the security of data centers and sometimes, well-
designed, fully protective security mechanisms may not have
what it takes to prevent such attacks. Confronted with this
particular scenario, the authors has chosen to indicate a great
diversity of data center security, more specifically the draw backs
in the data center security mechanisms in the current IT industry.
Same as in every other concepts in life, globalization has its
pros and cons. It bring the whole world together under one roof
but at the same time it makes them vulnerable by exposing the
sensitive data to unauthenticated, unauthorized parties who are
eager to abduct, change or use those data in an unwanted manner.
Ultimately, such acts can increase corruption, extortion,
racketeering and violence and can be abused to launder money,
to commit fraud and to enable illicit activity and irregular
movement for organized crime purposes [1]. This is much
dangerous than it is in the real world since the cyberspace is a
borderless realm that anybody with an internet facility can put
hands on.
Therefore, throughout this paper it is the intention of the
team to discuss and present a perspective on the possible
solutions that can be used to avoid these threats and
vulnerabilities that data centers are facing in the current industry
of IT while briefly going through the existing data center security
mechanisms.
The rest of this paper is organized as follows. Section II has
provided the existing related work. Section III describes the
objectives of conducting this research and the Discussion of is
given in Section IV. The Conclusion is presented in Section V.
Literature Review
Kumar S. and Padmapriya S (2014) has presented a survey
based conclusion regarding the varieties of clouds, common
drawbacks of cloud storages, more specifically about the security
threats that cloud storages face and its vulnerabilities [2]. It has
described about the top nine security threats as identified by the
Cloud Security Alliance (CSA) in 2013. According to that, Data
Breaches, Data Loss, Account Hijacking, Insecure application
programming interfaces (APIs), Denial of Service, Malicious
insiders, Abuse and Nefarious Use, Insufficient Due Diligence,
and Shared Technology Issues are the nine major security issues
T
2. International Journal of Scientific and Research Publications, Volume 6, Issue 4, April 2016 70
ISSN 2250-3153
www.ijsrp.org
that can threaten the cloud storages. Apart from that, it has
mentioned several solutions to each and every security threat
mentioned previously.
Juels A. and Oprea A. (2013) has provided a set of
techniques that can be used to secure the cloud data [3]. It has
proposed an auditing framework that gives the tenant visibility in
to the correct operation of the cloud, which can help the cloud to
enhance the security. At the end they have discussed about the
remaining issues of cloud computing as directions to new
research areas, such as performing computations over tenants
‘encrypted data, ensuring tenant isolation and geo-location of
data.
Barroso L. Clidaras J. et al (2013) has lengthily discussed
about the data centers and how it can be used as a computer [4].
It has stated that the large data centers that can be seen in the
industry nowadays differs from traditional hosting facilities in
the past. Such data centers are complex than the traditional data
centers of earlier times and therefore they cannot be considered
as a set of co-located servers and the security mechanisms that
work on this kind of large data centers are critical and should be
stronger as well.
Barron C. and Yu H. et al (2013) has mentioned about some
of the cases happened regarding real world companies, who
became victims of cloud storage attacks [5]. Under that they have
vividly discussed about social engineering attack, Extensible
Markup Language (XML) signature wrapping attack, malware
injection, data manipulation, account hijacking, Synchronization
(SYN) flood, and wireless local area network attacks. The
solutions or the steps that the companies have been taken has
also been stated in here, such as presenting an algorithm to detect
malicious packets, and another algorithm to prevent such
malicious packets spreading through the cloud network.
Kumar V. and Swetha M. et al (2012) has presented a
survey based idea about the data security mechanisms in cloud
computing [6]. It has described about the possible security issues
that can combatively threat the cloud data, which may delay its
adoption. It has high-lightened the security mechanisms that are
enforced or invoked by the major cloud service providers such as
International Business Machines (IBM), Institute of Electrical
and Electronics Engineers (IEEE), Amazon etc. It has concluded
that it is a need in a cloud service to analyze the data security risk
before putting the sensitive or critical data in to a cloud storage
environment.
Meixner F. and Buettner R. (2012) has provided an
overview regarding the trust in cloud computing [7]. When
surfing the online world, security and trust are mapped together
and it states that those two components are integral parts in cloud
computing which are needed for its adoption as well as the
growth. It also has shown that using the existing technologies in
the best manner can build the trust measuring tools and in the
bottom line of this state, using such tools with the means of
technologies can improve the security in cloud computing.
Ayoleke I. (2011) has mentioned that even though the
concept and the practical aspect of cloud data storages seems
enthusiastic, there are much facts to be cautious about [8]. It has
vividly described about the security issues that Cloud
Deployments Models, Private cloud, Public cloud, and Hybrid
cloud could face, and the possible challenges against cloud
computing regarding security, costing model, charging model
etc. in a detailed manner. At the end, it also has stated that cloud
computing has the potential to become a prime-runner in the IT
industry, as a secure, virtual and financially feasible IT solution.
Shaikh F. and Haider S. (2011) has mentioned that the only
drawback of the cloud data storages is the lack of security [9].
The safety and security of the cloud data storages can be assured
by the mutual interest and effort of the clients and the service
providers. It has identified that the top security concerns of cloud
data storages are Data loss, Leakage of Data, Client‘s trust,
User‘s Authentication, and Malicious users handling. The
researchers has proposed a new governance, risk management,
and compliance stack for cloud computing called Cloud
Security Alliance (CSA). These security tools can be
downloaded by the organizations for free of charge and lead
them to develop public and private clouds according to the
industry standards in a secured approach.
Wang C. and Wang Q. et al (2010) has discussed about
ensuring the data storage security in Cloud Computing, which is
fundamentally a distributed storage system [10]. It has proposed
an efficient and flexible distributed scheme that includes an
accurate dynamic data support extending to block append,
update, and delete in a secure manner. It relies on the eradication
revising code in the file distribution preparation to give repetition
equality vectors and grant the data perseverance. By using the
homomorphic token with distribution verification of erasure
coded data, the described scheme accomplishes and ensures the
reconciliation of the accuracy in the storage, and data error
localization. With the use of a descriptive and effective security
and performance analysis they have showed that the schema
presented is highly capable and strong towards the Byzantine
failure, malicious data modification attack, as well as server
intriguing attacks.
Zhang Q. and Cheng L. et al (2010) has surveyed about the
state-of-art in Cloud Computing its most important concepts,
characteristics, architectural designs, key technologies, security
mechanisms as well as the research areas [101]. Those facts are
presented in a lengthy descriptive manner, providing the
opportunity of better understanding about Cloud computing.
Gong C. and Liu J. et al (2010) has discussed about the
characteristics of cloud computing including the methodologies
that can be used to design, develop and adopt a cloud computing
system [12]. The loose coupling and strong fault tolerant have
given as the major technical characteristics. Briefly it describes
about the security of cloud storages as well as how it can be used
for an organization in their business processes.
Okuhara M. and Shiozaki T. et al (2010) has explained how
the customers can get the full benefit of cloud computing without
worrying, by implementing the proper security measures [13]. It
also has mentioned about the security issues that threatens the
well-being of the cloud storages and defined about the Fujitsu’s
security architectures that can be used to solve those issues.
Fujitsu security architecture has the ability to support for drafting
security policies and as a part of consulting menu for businesses
which are moving on to cloud computing it has given the
capability to develop the security strategies as well.
Yuefa D. and Bo W. et al (2009) has presented a security
model for cloud computing while analyzing and describing the
data security issues that matters to cloud data storages, and the
importance of enhancing the security in data storages as well
3. International Journal of Scientific and Research Publications, Volume 6, Issue 4, April 2016 71
ISSN 2250-3153
www.ijsrp.org
[14]. By utilizing the Hadoop Distributed File System ( HDFS )
the researchers have gotten the requirements of the security of
the data stored in cloud data storages and they have suggested a
mathematically provable data model for cloud computing.
Greenberg A. and Hamilton J. et al (2008) has provided an
approach to significantly improve data center efficiency in a cost
effective manner [15]. The cost of a data center are concerned
with the servers, infrastructure, power requirements, security
methodologies and networking, and since the costs are steep, the
use of a data center can be low. Due to this reason, the
researchers have been provided a simple set of steps that can be
taken, as a solution for this issue. Increasing the quickness of the
internal data center network, in order to fight the resource
fragmentation has given as the first step in that procedure. As a
method of reducing costs it also plans to get more work from less
number of servers. Secondly, the design of algorithms and
market mechanisms should be considered to increase the
efficiency of data centers. In order to improve the reliability in
the event of failures, Geo-diversifying data centers can improve
end to end performance which can be described as the third and
the final step. To retrieve the financial profits from the Geo-
diversity new systems should be built to manage its state, as well
as the joint optimization of data center and network resources.
Yaar A. and Perrig A et al (2003) has described about a path
identification mechanism called “Pi”, which can be specifically
used as a security mechanism against the DDoS attacks [16].
This mechanism has the components of IP Traceback methods
which is concerned with marking the victim to attacker paths
with unique markings rather than reconstructing that path. In that
manner, the victim will be given the capability to identify and
filter on a per-packet basis, any incoming packets that is similar
to the pre-defined attacker marks.
II. OBJECTIVES
The following can be considered as the objectives that the
authors are trying to achieve via this research.
− Identify the definition and the usage or the importance
of data centers.
− Recognize the security mechanisms that are currently in
use to ensure the security of the data centers.
− Analyze the drawbacks in the existing security
mechanisms.
− Discuss the possible solutions that can used to overcome
the issues identified.
III. DISCUSSION
Data Centers are typically large facilities that takes a huge
space in a dedicated building (server farm) or else in a space that
company paid for. Unlike cloud, it is in a physical surface, which
makes it vulnerable to both internal and external attacks.
Therefore it can be clearly stated that the security of them can be
at a risk, along with the data that company stored in them.
Understanding the possible solutions to assure the security of the
data centers can be an aid to minimize that risk. In the following
content the authors have vividly described such techniques that
can be used to ensure the security of the data centers.
Stage-wise provisioning
Network provisioning systems can be defined as
intermediary tools that is useful when performing tasks like
customer services, log transactions, carry out requests, and
update files [17]. Implementing such provisioning system in a
data center can give the permission to the customers to install the
hardware before the connectivity of the network become to the
state ‘available’, which means that the providers have enough
time execute any initiations as the desire before they are given
the capability to interact with different hardware from all corners
of the world. A person who might try to dispatch this kind of
assault would most likely do as such with the ambition of
executing remotely. This brings the conclusion that the contracts
that are being made for customers to facilitate the data centers
should be defined in a manner which allows them to use it in a
one or two weeks of provisioning period. During the given
period, initiation of the hardware materials, and background
checks can be carried out without any issue.
Facilitating in the tier-level
It is a known fact that the new clients who are at the very
beginning of their business do not have range of requests as the
large business owners do. The requirement of the volume of rack
space varies from one to another but according to that,
facilitating can be done in a separate manner. Due to that
manner, the low-tier clients will be able to host the data center in
a place that includes a less-critical framework. This gives the
low-tier clients to host the data center in a low-profiled manner,
or in other words outside the critical areas where there is a high
possibility of commencing attacks.
Proper Maintenance Process
Proper maintenance is one of the significance methods that
can be used to improve the security of the data centers. This
evolves with several steps.
One is, providing the authentication levels to all the
documents, telephone calls and other identification mechanisms
related to the data center maintenance. It is necessary for the
company to record all the telephone calls as a log, which allows
them the opportunity to trace back in an event of suspicion.
When interacting with the vendors, it is essential to ensure it is
possible to reach the particular vendor using the number which is
already on the file. It is true that reaching out via cellular is
easier, but when it comes to security it is always better to accept
maintenance requests unless it is a land line that can be traced
back. When authenticating the documents, such documents
should be checked with the formal documentations which will
give them the opportunity to compare or check whether that it is
already on the file.
The maintenance of the data centers should be done in a
centralized manner. The maintenance appointments should be
checked properly and should go through the data center manager
to further clarification. The vendors who are in the supplement of
maintenance services should be checked with the telephone, to
4. International Journal of Scientific and Research Publications, Volume 6, Issue 4, April 2016 72
ISSN 2250-3153
www.ijsrp.org
ensure whether they are already registered under the maintenance
appointments. These teams should be provided with a unique
identification mechanism such as a password or face recognition
method to verify themselves before entering the data center.
Each and every entering to the data center should be
scanned deeply, to ensure that there is no any entering of an
explosive. This can be done by a well-trained K-9 or using a
portable detection device that is capable of detecting the
explosives. The people who are responsible to detect such should
have a sharp eye that does not miss any entering that happens
with a suspicious looking device or tool. The bomb radiation
detecting devices can come in handy in a situation like this,
which have the ability to scan all the incoming tools or devices.
If the equipment come in a box they it should be unpacked and
scanned in an internal manner and it is essential to note that the
regular chasses usually has only a simple latch which can be
easily opened.
The data center maintenance should be done in a supervised
manner. A small group of people can be allocated for this
purpose. It does not matter that the members in that group is rich
with technical knowledge related to data centers but they should
have the basics like the components of the data centers and the
tools and equipment that is being utilized when there is a
maintenance. The instinct of identifying unusual acts happen
during the maintenance is the key qualification in this kind of
role.
Relationships that comes in an informal manner should not
be trusted, and also should not be encouraged. Avoiding such
situations is always better when it comes to ensuring the security
of the data centers. Being familiarized with the vendors is fine,
but allowing vendors to bring guests is not a good idea unless the
vendor has cleared them. As mentioned previously, the unique
credentials given to each and every vendor should be check at
each appearance they make.
Continuous Monitoring Process
Keeping the data centers monitored is another way to ensure
that they work in their best manner, and also detect if there is an
anomaly that works irregularly. When something goes off the rid
of the regular pattern, it should be checked deeply. For an
example, if a customer is pulling a little amount of data and if it
shows a high traffic, it is something to be suspicious about. On
the other hand if it displays an unusual traffic pattern in an
irregular hour it is also something needs to be checked out. The
common sense and the instinct is important in this task as well.
Investigating the traffic in Internet Protocol (IP) level has the
ability to recognize the number of unique hosts that are
interacting with the tools and equipment of the customer. If there
is a less number of hosts in comparison to the number of
equipment, it is nothing to worry about.
Being Aware of the Customers
The company or the responsible parties should be aware of
the customers who are attempting to enter to the data center
facilities. The authority of entering or accessing the data centers
should only be given to the regular customers, not just because
their name is already in the file, but because the company
received positive results regarding the profile of the customer
during the background check that was carried out. The
relationship between the company front and the customer must
always be conducted in an official manner, because it will avoid
the attempts of the customers who are attackers behind the mask
to build long term relationships in order to reach their targets.
The new customers should be interviewed properly, and
their history must be reviewed as well. It is necessary to find out
whether the customer company’s need for this data center, not
just in a general manner but in a specific manner. The company
should go in to the root of that particular customer to realize
whether the customer does not seem to be aware of the business,
and ongoing projects it automatically sends an alert to the
company that this customer should be examined thoroughly. The
company should get an idea about the customer website, whether
it exists or not, how they are willing to do the payments for the
necessary services, whether the customer is a registered
company, or whether they have a valid business license, and how
long has it been from the first opening day of the company. If
these questions are answered positively or if it is a known
company for several years, with multiple branches or staffs
instead of being a company that runs virtually or in the residence
address, the risk can be considered somewhat lower. Even after
giving the authority to access the data center, it is important to
check them often and it is company’s authority to dismiss the
permission that is being given to the customer if they are making
attempts to broadcast pornography, send spams etc. Justifying the
customer as a responsible business is one way to accept the new
customers.
Assessing the Company Externally
There is a pretty good chance that some of the issues that
lies within the relationship between the data center facilities and
the customers cannot be seen internally. As a solution for this
scenario, the company can hire an external party, which they
analyze the interaction that the customers and data center has, as
well as how effectively does the management of the data centers
takes place in the company. Apart from that, to inspect the
strength or to evaluate the robustness of the defense mechanisms
that is being used on the data centers, the company can hire
another trusted party to send them a mock attack to check how
adequately does the data center defense themselves, and the level
of survival. This kind of assessments done by external parties
with some misdirection will help the company to enhance the
security of the data centers, as well as to recognize the weak
areas of them which gives them the opportunity to apply new
security techniques that were not there before.
Hardware Inspection Policies
The most fundamental policies should be added to the data
centers, especially the ones specified for the hardware and
equipment. Such policies must be introduced and stored in the
data centers to prevent customers from suggesting harmful
explosives and other devices. This should be added as a sector to
the contract that company presents to the customer and it is
important to note that the company owns the authority of
checking the external devices or the hardware equipment that
customer is attempting to introduce to the data center facility.
This situation also extends towards the behavior of the
customer when they are utilizing the data center facility. The
customer should treat the facility with care and responsibility,
5. International Journal of Scientific and Research Publications, Volume 6, Issue 4, April 2016 73
ISSN 2250-3153
www.ijsrp.org
and they are obliged to take the blame for any physical damage
they cause. The customers cannot leave the data center with
loose power cables, broken devices or with any other cause that
brings physical damage to it. The policy should justify all of
these matters.
As mentioned previously, there are many tools that can be
used to detect the explosives and also a team can be given the k-9
training to detect 11 types of explosives separately. The close
and continuous monitoring is the key to assure that the customer
do their duty up to the hardware policy mentioned in the contract.
Preventing the Unauthorized Building Access
The office building should be protected by its all cost,
therefore only the authorized parties should be allowed to walk
in. It is always better to accompany them with some trusted
officers of the company while the customers carry out their work
because that may make the attacker behind the mask of a
customer hesitate from doing something harmful.
In most companies, the rooftop is where all those antennas
and satellite machineries are located. These areas should not be
allowed to customers to simply walk in and make use of. If
access given under some circumstance, it should be during the
regular working hours and under the close supervision of a
member in the company. Using this kind of technique will avoid
the data center from being an easy target.
IV. CONCLUSION
Data Centers are one of the finest pieces of technology that
takes the responsibility of storing the data in a company in an
efficient manner. It is one place that a company can rely on when
it comes to making decisions to the future, and that is what
makes it critical as well. Due to the speediness of the technology
around the world, these data centers has become another place
that an authorized personal can attack, steal and utilize those data
in an unnecessary manner. It is true that there are many security
mechanisms that guard the data centers but, there are plenty of
drawbacks in them as well. Therefore, it is important to be aware
of the attacks that threatens the security of the data centers and
the techniques or the possible solutions that can be taken to avoid
such threats. Throughout this paper, the authors have explained
about the existing security mechanisms in a descriptive manner
and stated down the possible solutions that can be done to avoid
their drawbacks as well.
REFERENCES
[1] "Emerging Crimes", Unodc.org, 2016. [Online]. Available:
https://www.unodc.org/unodc/en/organized-crime/emerging-crimes.html.
[Accessed: 13- Feb- 2016].
[2] S. Kumar, and S.Padmapriya, “A Survey on Cloud Computing Security
Threats and Vulnerabilities", International Journal of Innovative Research
in Electrical, Electronics, Instrumentation and Control Engineering, 2014.
[Online].Available: http:
//www.ijireeice.com/upload/2014/january/IJIREEICE3C___a_padma_A_su
rvey.pdf. [Accessed: 09- Feb- 2016].
[3] A. Juels and A. Oprea, "New approaches to security and availability for
cloud data", Communications of the ACM, vol. 56, no. 2, p. 64, 2013.
[Online]. Available: https://www.emc.com/collateral/white-papers/h12759-
wp-security-availability-cloud-data.pdf. [Accessed: 10- Feb- 2016].
[4] C. Barron, H. Yu and J. Zhan, Cloud Computing Security Case Studies
and Research, 1st ed. London, 2013. [Online]. Available:
http://www.iaeng.org/publication/WCE2013/WCE2013_pp1287-1291.pdf.
[Accessed: 12- Feb- 2016].
[5] L. Barroso and U. Hölzle, The datacenter as a computer. [San Rafael,
Calif.]: Morgan & Claypool Publishers, 2009. [Online].Available:
http://www.morganclaypool.com/doi/pdf/10.2200/S00193ED1V01Y200905
CAC006. [Accessed: 08- Feb- 2016].
[6] V. Kumar, S. M.S, M. M. S. and P. S, Cloud Computing: Towards case
study of Data Security mechanism, 1st ed. 2012. [Online]. Available:
http://www.ijater.com/Files/IJATER_05_01.pdf. [Accessed: 08- Feb-
2016].
[7] F. Meixner and R. Buettner, Trust as an Integral Part for Success of Cloud
Computing, 1st ed. 2012.
[8] I. Ayoleke, "A survey on security issues in service delivery models of cloud
computing", Journal of Network and Computer Applications, vol. 34, no. 1,
pp. 1-11, 2011.
[9] F. Shaikh and S. Haider, "Security threats in cloud computing", Internet
Technology and Secured Transactions (ICITST), 2011 International
Conference for, pp. 214-219, 2011. [Online] Available:
http://fs3.dajie.com/2012/08/13/031/13448264310678702.pdf. [Accessed:
12- Feb- 2016].
[10] C. Wang, Q. Wang, K. Ren and W. Lou, "Privacy-Preserving Public
Auditing for Data Storage Security in Cloud Computing", 2010 Proceedings
IEEE INFOCOM, 2010. [Online]. Available:
https://eprint.iacr.org/2009/579.pdf. [Accessed: 11- Feb- 2016].
[11] Q. Zhang, L. Cheng and R. Boutaba, "Cloud computing: state-of-the-art and
research challenges",Journal of Internet Services and Applications, 2010.
[Online]. Available: http://Cloud computing: state-of-the-art and research
challenges. [Accessed: 09- Feb- 2016].
[12] C. Gong, J. Liu, Q. Zhang, H. Chen and Z. Gong, "The Characteristics of
Cloud Computing", 2010 39th International Conference on Parallel
Processing Workshops, 2010. [Online]. Available:
http://www.mashad.post.ir/_ITCenter/Documents/TheCharacteristicsofClou
dComputing_20140722_154207.pdf. [Accessed: 10- Feb- 2016].
[13] M. Okuhara, T. Shiozaki and T. Sazuki, Security Architectures for Cloud
Computing, 1st ed. FUJITSU Sci.Tech, 2010. [Online] Available:
http://www.fujitsu.com/global/documents/about/resources/publications/fstj/
archives/vol46-4/paper09.pdf. [Accessed: 13- Feb- 2016].
[14] Yuefa, W. Bo, G. Yaqiang, Z. Quan and T. Chaojing, Data Security Model
for Cloud Computing, 1st ed. 2009. [Online]. Available:
http://www.academypublisher.com/proc/iwisa09/papers/iwisa09p141.pdf.
[Accessed: 13- Feb- 2016].
[15] A. Greenberg, J. Hamilton, D. Maltz and P. Patel, "The cost of a cloud",
ACM SIGCOMM Computer Communication Review, vol. 39, no. 1, p. 68,
2008.
[16] D. Abraham Yaar, "Pi: A Path Identification Mechanism to Defend against
DDoS Attacks", In IEEE Symposium on Security and Privacy, 2003.
[17] "What is provisioning? - Definition from WhatIs.com", SearchSOA, 2016.
[Online]. Available: http://searchsoa.techtarget.com/definition/provisioning.
[Accessed: 01- Mar- 2016].
AUTHORS
First Author – V.S.P Vidanapathirana, Faculty of Information
Technology, Sri Lanka Institute of Information Technology,
Colombo, Sri Lanka
Second Author – M.S.T.J Nanayakkara, Faculty of Information
Technology, Sri Lanka Institute of Information Technology,
Colombo, Sri Lanka
Third Author – A.M.S.D Attanayake, Faculty of Information
Technology, Sri Lanka Institute of Information Technology,
Colombo, Sri Lanka
Fourth Author – V.Abenayan, Faculty of Information
Technology, Sri Lanka Institute of Information Technology,
Colombo, Sri Lanka
6. International Journal of Scientific and Research Publications, Volume 6, Issue 4, April 2016 74
ISSN 2250-3153
www.ijsrp.org
Fifth Author – Pubudu Dhanushka, Faculty of Information
Technology, Sri Lanka Institute of Information Technology,
Colombo, Sri Lanka
Sixth Author – Dhishan Dhammearatchi, Faculty of Information
Technology, Sri Lanka Institute of Information Technology,
Colombo, Sri Lanka