1

UNIT - III

Security in the Cloud

Understanding Cloud Security / Securing the cloud

Cloud Security - Definition

A set of policies, technologies used to protect data,
information and application is called Cloud Security.
 2

Cloud security has 5 parts

1) Compliance :- It meets the security standards.

2) Identity and access :- Checking the identity and then allow them to

access.

3) Data security :- Keeping the data safely.

4) DR/BC planning :- Planning for

DR – Disaster Recovery

BC - Business Continuity

5) Availability :- It should have backup and recovery methods.

6) Governance :- It is about policies for security.

 3

Security service boundary :-

 4

Security service boundary :-

Definition :-
Boundary between
Responsibilities of Service provider
and
Responsibilities of Customer

 Least security is given by – IaaS

 Most security is given by – SaaS

 IaaS is the lowest level.

 PaaS is the next level.

 SaaS is the highest level.

CSA Cloud reference model :-

 CSA – Cloud Security Alliance

 It is a not-for-profit association.

 CSA advices about cloud security

 This model shows how cloud computing works.

 5

Securing the data :-

Securing the data is the biggest problem in cloud computing.

 Securing the following data

 Sending data

 Receiving data

 Stored data

All the data are encrypted.

Methods for securing the data are

1. Access control

2. Auditing

3. Authentication

4. Authorization
 6

Brokered cloud storage access :-

Broker :

 Full access to storage

 No access to client

Proxy :

 No access to storage
 Full access to client and broker
 7

Cloud storage with broker service :-

Working :
1) Client wants data.
2) Proxy to broker.
3) Broker to Cloud storage.
4) Cloud storage to Broker.
5) Broker to Proxy.
6) Client receives data.
Cloud storage with encrypted keys :-
 8

Working :
1) Client wants data.
2) Proxy to broker.
3) Key 1 match
4) Broker to Cloud storage.
5) Key 2
6) Cloud storage to Broker.
7) Broker to Proxy.
8) Client receives data.
 9

Storage location and Tenancy :-

Storage Location :

 Service provider stores the data in different locations.

 Data is stored in

--- Multiple copies

--- Multiple servers

--- Multiple locations

 If one system fails , then data is available from other places.

Tenancy :
 10

Single Tenancy :

 Customer is called a Tenant.

 Separate Application and Separate Database.

 SaaS uses Single Tenancy.

Multiple Tenancy :
 Same Application and Separate Database.

 Sharing the same resources.

 Example : Bank
 Many people use Bank. But every customer account is
different.
 11

Encryption :-

Definition :-

Customer’s data to Cipher text

Plain Text to Unreadable Text

Uses of Encryption:-

 Unauthorized user can not read the data.

Types of Encrypted data :

1. Data – in – Transit >>> in motion

2. Data - in – Rest >>> stored

Types of Encryption :

1. Symmetric Algorithm

2. Asymmetric Algorithm

1. Symmetric Algorithm :
 12

Encryption Key Same

Decryption Key

2. Asymmetric Algorithm :

Encryption Key Different

Decryption Key

 Strong encryption is needed for private information.

Cloud security challenges :-

 13

Five (5) cloud security challenges are,

1) Data protection :-

 Data protection of

i. Data – in – Transit >>> in motion

ii. Data - in – Rest >>> stored

2) User authentication :-
 14

 User authentication is very important for accessing the data.

3) Portability :-

 It can be moved from one cloud to another cloud without any

change.

4) Interoperability :-

 It should work properly in any cloud.

5) Contingency planning :-

 It should have an emergency planning.

Security policy implementation :-

 15

Definition :- Procedures, guidelines and standards are called as

Policies.

 Security policies are needed for good security.

 A policy is very useful during

 a disaster

 a loss due to employee’s action

 Security for trade secret
 Requirement of government

Security policy types :-

 16

There are four (4) security policy types

1) Senior management statement of policy

 This is the first policy.

 This is a high level policy.

 This tells the importance of computer resources.

2) Regulatory policy

 This policy covers regulation and legal requirements.

 This policy is usually very detailed.

 This policy is specific to the industry.

3) Advisory policy

 This policy is not compulsory, but strongly advised.

 If this policy is not followed serious damage will happen.

4) Informative policy

 This policy simply informs.

 If this policy is not followed serious damage will not happen.

Virtualization Security Management :-

 17

Definition :-

It is the method for protecting a virtualization infrastructure.

 A Virtual machine ( VM ) is an operating system or application

installed on software.

 It works like a hardware.

 Its parts are

o Virtual Machine ( VM )

o Virtual Memory Manager ( VMM )

o Hypervisor

Virtualization Types :

i. Type 1—Full Virtualization

ii. Type 2--- Full Virtualization

iii. Para Virtualization

Virtualization Management Roles

1) Virtual Server Administrator

2) Virtual Machine Administrator

3) Guest Administrator

Virtual Threats
 18

Definition :-
Threats which are unique to virtual machines are called as Virtual
Threats.

Some of the virtual threats are,

 19

1) Shared clip board

Data will be transferred between VMs and the host.

2) Keystroke logging

Keystroke logging will be captured.

3) VM monitoring from the host

Host will affect VM by the following

–Starting, stopping, pausing and restart

– Viewing, copying and modifying

4) VM monitoring from another VM

VM monitoring from another VM is dangerous.

5) Virtual Machine backdoors

A backdoor communication between the guest and host is very

dangerous.
20