2. 1. A cloud database is a database that typically runs on
a cloud computing platform, such as Amazon EC2
and Rackspace.
2. The cloud database was conceived for the purpose
of online data management by using a variety of
distributed servers .
3. There are two common deployment models: users
can run databases on the cloud independently, using
a virtual machine image, or they can purchase
access to a database service, maintained by a cloud
database provider.
3.
4. 1. The cloud database system makes information
sharing simple and convenient.
2. Easy access to files and data is what a cloud database
actually emphasizes. If freak accidents happen, there is no
reason for you to worry since all pieces of information are
safely kept.
3. A cloud database is far cheaper than that of maintaining an
actual server, wherein a lot of other applications are
necessary.
4. Being a virtual data storage location, you get every single
opportunity of manipulating data wherever you may be.
5. Identify Assets
• Which assets are we trying to protect?
• What properties of these assets must be maintained?
Identify Threats
• What attacks can be mounted?
• What other threats are there (natural disasters, etc.)?
Identify Countermeasures
• How can we counter those attacks?
Appropriate for Organization-Independent Analysis
• We have no organizational context or policies
6. Failures in Provider Security
Attacks by Other Customers
Availability and Reliability Issues
Legal and Regulatory Issue
7. Explanation
• Provider controls servers, network, etc.
• Customer must trust provider’s security
• Failures may violate CIA principles
Countermeasures
• Verify and monitor provider’s security
Notes
• Outside verification may suffice
• For SMB, provider security may exceed customer
security
8. Threats
• Provider resources shared with untrusted parties
• CPU, storage, network
• Customer data and applications must be separated
• Failures will violate CIA principles
Countermeasures
• Hypervisors for compute separation
• MPLS, VPNs, VLANs, firewalls for network separation
• Cryptography (strong)
• Application-layer separation (less strong)
9. Threats
• Clouds may be less available than in-house IT
• Complexity increases chance of failure
• Clouds are prominent attack targets
• Internet reliability is spotty
• Shared resources may provide attack vectors
• BUT cloud providers focus on availability
Countermeasures
• Evaluate provider measures to ensure availability
• Monitor availability carefully
• Plan for downtime
• Use public clouds for less essential applications
11. 1. Middleware is the technology that facilitates integration of
components in a distributed system..
2. It is software that allows elements of applications to
interoperate across network links, despite differences in
underlying communications protocols, system architectures,
other application services.
3. Middleware makes it possible to develop architectural
patterns that represent innovative design solutions
for specific system design problems.
12. 4. Managers report that unwanted middleware access to the database
causes security breaches.
5. To avoid this hassle, security and database administrators must
stop unauthorized database access from middleware components,
including the application server, which can be treated as a
middleware in this scenario..
6. Also, you can cement database security by using trusted/secured
connections and communications between middleware and the
database and proven/standardized authentication mechanisms.
13. 1. Authentication is the process of confirming a user or computer’s
identity.
2. The process normally consists of four steps:
1. The user makes a claim of identity, usually by providing a
username. For example, I might make this claim by telling a
database that my username is “mchapple”.
2. The system challenges the user to prove his or her identity. The
most common challenge is a request for a password.
3. The user responds to the challenge by providing the requested
proof. In this example, I would provide the database with my
password
4. The system verifies that the user has provided acceptable proof
by, for example, checking the password against a local password
database or using a centralized authentication server
14. 1. Despite these notable anticipated benefits, commercial
acceptance of cloud databases their growth has been
somewhat slower than many expected.
2. An important factor behind this apparent reluctance to
embrace cloud computing is uncertainty regarding
regulatory compliance issues associated with activities in
the cloud.
3. There is uncertainty as to the specific regulatory
requirements applicable to the cloud.
15. 4. In the cloud environment, location matters, especially from a
legal standpoint.
5. Cloud computing contracts should include many data protection
provisions, but cloud computing service providers may not agree to
them.
6. The use of cloud services could sacrifice an entity’s ability to
comply with several laws and regulations and could put sensitive
data at risk.