This document discusses data security in cloud computing. It defines cloud computing and describes the types including SaaS, PaaS, and IaaS. It also covers deployment types such as private, public, and hybrid clouds. While cloud computing provides security advantages through data centralization and logging, it also poses security disadvantages regarding data location and regulatory compliance. Major security threats in the cloud include abuse of cloud services, insecure APIs, and data loss. Risk analysis approaches are needed to estimate security risks and ensure customer data protection in the cloud.

1. Data Security in the cloud :
Tactics and Practices
INSPIRON-2011
Bangalore , Karnataka
Kashyap Kunal(BE-ISE)
SAMBHRAM INSTITUTE OF TECHNOLOGY
BANGALORE

2. What is Cloud Computing?
 According to AT&T ,CLOUD is:
Common
Location-independent
Online
Utility
available on-Demand Service.
 Cloud Computing is internet -based computing where shared resources,
software and information are provided to the computer.
 It promises not just cheaper IT, but also faster, easier, more flexible, and
more effective IT . It is also versatile and flexible application of internet.
 Cloud Computing is not immune to risks and ethical objections,
but the fact is that it promises big changes.
 Consider an example of Hotmail.com , Yahoo.com or Gmail.com where no
installation of server or software is required. All you need to acess them is an
internet connection .These are simple examples of Cloud Computing.

3. Terminology:
Types of Cloud:
 SaaS
(Software as a Service)
 PaaS
(Platform as a Service )
 IaaS
(Infrastructure as a
service)

4. Deployment Type:
 Private Cloud (Low Security Risk):
-Typically owned by the respective
Enterprise.
-Functionalities are not directly exposed to
customers.
 Public Cloud(More Security Risk):
-Enterprises may use Cloud functionalities
from others.
-Scope of functionalities may differ.
 Hybrid Cloud(High Security Risk):
-Mixed employment of private & Public
cloud.
-Provide highly customized, enhanced
offerings to local
companies & world class application

5. Security Advantages in Cloud Computing:
 Data Centralization
 Password Assurance Testing
 Improve the state of Security Software
 Security Testing
 Incident Response
 Forensic Image verification time
 Logging
Security Disadvantages in Cloud Computing:
 Data Location
 Investigation
 Data Segregation
 Long-term Viability
 Compromised Servers
 Regulatory Compliance
 Recovery

6. Major security Issues(Threats) & Challenges:
Two Question arise??
 How secure is the Data??????
 How secure is the Code??????
Top Threats in Cloud Environment according to CSA(Cloud Security Alliance):
 Abuse and Nefarious Use of Cloud Computing
 Insecure Application Programming Interfaces
 Malicious Insiders
 Shared Technology Vulnerabilities
 Data Loss/Leakage
 Account, Service & Traffic Hijacking
 Unknown Risk Profile

7. Security issues in Virtualization:
Virtualization is an essential technological characteristic of
clouds which hides the technological complexity from the user
and enables enhanced flexibility (through Aggregation, Routing
and Translation).
Types of Virtualization:
 Full Virtualization: Entire H/W Architecture Replicated Virtually.
 Para Virtualization: Modified OS that can run concurrently with other OS.
More concretely, virtualization supports the following features:
 Ease of Use
 Infrastructure Independency
 Flexibility & Adaptability
 Location Independence

9. RISK ANALYSIS APPROACH:
The cloud computing service providers use various security mechanisms to ensure that
all the security risks are fully taken care of.
However, there are two broad questions:???
 How to estimate the risk to data security before putting a job into the cloud?
 How to ensure customers that their data and programs are safe in provider’s
premises?
If a cloud service user is able to estimate the risk of his data security then he can have a
level of trust with the service provider. If there is a high risk about the data security
then it leads to a decrease in trust and vice-versa.
Current security technology provides us with some capability to build a certain level of
trust in cloud computing in order to analyze Security risks.
For example, SSL (Secure Socket Layer), digital signatures, and authentication
protocols for proving authentication and access control methods for managing
authorization.

10. CONCLUSION:
 Data security dimensions will continuously increase.
 The security analysis approach will help service providers to ensure their
customers about the data security.
 Risk analysis can be performed.
 At present, there is a lack of structured analysis approaches .
And hence, The security problem in cloud paradigm can be
handled frequently and effectively.

11. THANK
YOU