Quick Contact


    Security

    With cloud computing security has always been a big concern. Cloud data should be processed in an encrypted way. Certain services such as Proxy and brokerage should be used as these prevent clients from directly accessing shared data.

    Planning security

    Before deploying a specific resource to the cloud, it is important to evaluate several resource attributes, such as:

    • Choose which tools he would pass to the cloud and assess his risk sensitivity.
    • Consider models of cloud services such as IaaS, PaaS, and SaaS. These models enable customers, at different levels of service, to be responsible for protection.
    • Consider what sort of cloud, such as public, private, group or hybrid.
    • Understand the framework of the cloud service provider on how data is transmitted, where it is processed, and how data is transferred into and out of the cloud.
    • In cloud implementation, the risk mainly depends on the service models and types of cloud.
    Understanding Cloud Protection
    Boundaries

    The boundary between the obligations of the service supplier and the customer is established by a particular service model. The stack model of the Cloud Security Alliance (CSA) describes the boundaries between each model of service and demonstrates how different functional units communicate with each other. The CSA stack model is shown in the following diagram:

    Security

    >

    CSA model key points:
    • IaaS forms the base of the cloud service model pyramid with PaaS and SaaS building on the foundational layer below.
    • Each of the services going upwards inherits the underlying model’s capabilities and safety issues.
    • The infrastructure is provided by IaaS, the platform development environment is provided by PaaS, and the operating environment is provided by SaaS.
    • IaaS has the lowest level of integrated features and integrated security, while SaaS has the highest level.
    • This model defines the protection limits at which the duty of the cloud service provider ends and the obligations of the customer begin.
    • Mechanisms for security below a security boundary needs to be integrated into the system and should be sustained by the level above.

    Security needs are often dependent on the type of cloud that is being utilized i.e. on private, public, hybrid or community clouds even though every service model has security mechanisms, based on where these services are located.

    Data Security

    Since all data is transmitted through the Internet, data protection in the cloud is a major concern. Here are the main data security mechanisms listed below:

    • Access Control
    • Authorization
    • Authentication
    • Auditing

    Security processes functioning in all of the above areas should be integrated into all service models.

    Isolated data access

    A methodology needs to be defined to ensure that clients are unable to access data directly. Since access to data over the cloud is location independent, direct access needs to be curtailed so as to safeguard data.

    Brokered Cloud Storage Access is one of the methodologies used to isolate cloud storage. Two services are generated within this approach:

    • A broker with no client access but total storage access.
    • A proxy with both client and broker access but no access to storage
    Brokered cloud storage framework functioning

    When requests to access data are issued by the client:

    • The Proxy’s external service interface receives the client data request
    • The application is advanced to the broker by the Proxy.
    • The broker demands data from the device for cloud storage.
    • The broker receives details sent back to it by the cloud storage system.
    • The data is then reverted back to the proxy by the broker.
    • The proxy eventually sends the data to the device.

    The following diagram illustrates all of the steps mentioned above:

    Security

    >

    Encryption

    Encryption helps safeguard information from being compromised. It protects both the information that is being transmitted and the data stored in the cloud. While loss of data cannot be prevented, data protection is enhanced via encryption as unauthorized access to data is curtailed.

    Copyright 1999- Ducat Creative, All rights reserved.