This document discusses information security for cloud providers and end users of cloud services. It outlines the key concepts of confidentiality, integrity and availability (CIA triad) and describes common problems and mitigation strategies. For cloud providers, mitigations include data encryption, access controls, backups and disaster recovery plans. For end users, maintaining privacy, complying with regulations, controlling data location and access are important. Overall the presentation aims to explain how both cloud providers and users can help ensure the CIA of data stored in the cloud.

1. INFORMATION SECURITY
 WELCOME TO THE GROUP PRESENTATION
1

2. Topic Name and details
Mitigations to ensure the confidentiality, integrity and
availability of the data stored on these providers? Discuss
mitigations for both the cloud providers and also the end
users.
 Vaishal Shah(30129756)
 Kawalpreet Kaur(30116373)
 Vidit Darji(30309034)
 Gagandeep Kaur(30129485)
2

3. Introduction of Cloud Providers
 It is a firm which delivers cloud computing that relies
on services and solution to individuals and business. It
is also known as utility computing provider.
 Based on the business model. There are many
solutions
 Infrastructure as a Service(IAAS)
 Software as service(SAAS)
 Platform as service(PAAS)
3

4. What is Confidentiality, integrity,
availability
 is also known as CIA triad
 structure made to guide policies for information
security within an organization.
 Are considered to be crucial elements components of
society.
4

5. Confidentiality, integrity,
availability
 Confidentiality is a set of rules or procedures that
restricts the boundary to use or access to information.
 Integrity is the assurance that the information
gathered is trustworthy and reliable.
 Availability is a guarantee of accurate access to the
information by authorized people.
5

6. Dropbox, Google docs
 Dropbox is a cloud storage service, sometimes
referred to as an online backup service, that is
frequently used for file sharing and collaboration. It is
increasingly being used in enterprises.
 This service is as a warehouse used by government
organizations, banks, post offices, video stores and
libraries to allow people to drop items.
6

7. Diagrammatical representation of
Dropbox, Google Drive
7

8. Figures about Dropbox, Google
Drive
8

9. Problems or Issues related to ensure Confidentiality,
Availability, Integrity by cloud providers
 Malicious behaviour of insiders.
 Incomplete or insecure data completion.
 Management interface vulnerability.
9

10. Issues contd.
 Loss of Governance.
 Isolation of failure.
 Compliance and legal risks.
10

11. Mitigations to ensure confidentiality, integrity and
availability of cloud providers
 The cloud is still new so
the push for effective
controls over the
protection of information
in the cloud is also
nascent. But every
problem comes with a
solution so there are
fewer security solutions
for the cloud providers
than there are for securing
physical devices in a
traditional infrastructure.
 CIA Triad
11

12. Confidentiality
 Data encryption
 User IDs and passwords
 Biometric verification and security tokens, key fobs
and soft tokens.
 Data confidentiality may involve special training for
those privy to such documents
 Storing Information only on air gapped computers,
disconnected storage devices or, for highly sensitive
information, in hard copy form only
12

13. Integrity
 Maintaining consistency, accuracy and trustworthiness
 Ensuring data from unauthorized access
 EMP(electromagnetic pulse) or server crash.
 Some data might include checksums,
even cryptographic checksums for verification of
integrity.
 Back ups or redundancies must be available to restore
the affected data to its correct state.
13

14. Availability
 Maintaining all hardware, performing hardware
repairs
 Providing adequate communication bandwidth
 Preventing occurrence of bottlenecks
 Back up copy must be stored in a geographically
isolated location
 Use of firewalls and proxy servers
 Fast and adaptive disaster recovery
14

15. Mitigations Cont..
 Cloud Access Security Brokers(CASBs) : Niche
market has been trying to reduce the severity of
information shared on cloud providers so this market
came up with Cloud Access Security
Brokers(CASBs) defined as a strategy to mitigate this
problem.
 Context Awareness also allows the CASB providers to
employ heuristic analysis on Cloud bound traffic, to do
some form of anomaly detection to identify malicious
or erroneous traffic. This is an area that they are all
investing heavily in today.
15

16. Problems for cloud providers
 Data integrity
 Data theft
 Privacy issue
 Data loss
 Data location
16

17. Data integrity
 User can access the data from any where
 Lack of data integrity in cloud
Data Theft
 Cost affective and flexible for operation
 High possibility of data stolen from other user
17

18. Privacy issue
 Make sure that customer’s private information secure
 Keep watching who is access the data
Data Loss
 Due to financial problem when vendor closes,
customer will loss data
 Customer can not be able to access the data because
vendor shut down
18

19. Data location
 Anyone don’t know the location of data
 Vendor not reveal the location of data
19

20. Mitigation of cloud providers
 Identify the assets
 Analyze the risk
 Apple security countermeasure
 Conduct post-run
20

21. Problems faced by users of cloud
services
 Privacy
 Security
 Data breaches
 Data protection
21

22. Mitigations for users of cloud services
• Privileged user Access
• Regulatory Compliance
• Data Location
22

23. Mitigations Cont..
• Data Segregation
• Recovery
• Investigative support/Search ability
• Long-term viability
23

24. References
 https://www.techopedia.com/definition/133/cloud-provider
 http://www.cloud-
council.org/Security_for_Cloud_Computing-
Final_080912.pdf
 https://www.google.com.au/search?q=image+of+dropbox,+go
ogle+docs
 http://www.slideshare.net/pcalcada/apresentao-cm-1524115
 http://www.cloudcouncil.org/Security_for_Cloud_Computing
-Final_080912.pdf
 http://whatis.techtarget.com/definition/Confidentiality-
integrity-and-availability-CIA
24

25. ANY QUESTIONS
??????
25

26. THANK YOU
26