The Security of Cloud Services
Essay by vincen mathai • June 15, 2019 • Research Paper • 3,945 Words (16 Pages) • 806 Views
[pic 1] The Security of Cloud Services | Vincen Arivannoor, Chaitanya Midsala, Narasimha Murty & Rishab Dhariwal BCO6672-The Information Systems Profession |
Table of Contents
Introduction 1
Cloud Architecture and Cloud Security 1
Characteristics of Cloud services 2
Cloud services Security 2
Cloud Security threats 2
Cloud security services 3
Benefits 3
Stakeholder benefits of cloud security 5
Challenges faced by ISP 6
Internal Challenge: Compliance issues 6
External Challenge- Advanced Persistent Threats (APTs) 7
Evolution of Security Model-Security as a Service (SecaaS) 7
User vs. Cloud Service- User’s Responsibility 8
Conclusion 10
Introduction
Cloud computing is increasing its momentum as it gains in critical mass of adoption, because of both market and technology related factors. Rapidly evolving business environment is driving a pivot in the digital infrastructure of many companies and that is enabling many firms to make the move to the cloud. Therefore, cloud services are becoming a key factor contributing towards achieving competitive advantage in a global scale for companies aiming to succeed in the age of digitisation.
In a business context, Cloud services provide a large variety of services through internet which are accessible globally. Cloud services are usually provided by trusted third party providers which arises security threats to the cloud services. However, inspite of cloud computing being seen as a major driver of growth for companies in the coming years, the migration of IT assets, such as virtualized IP, data, applications, services and the associated infrastructure from physical to the cloud is marred by security concerns of the users. For instance, financial services companies are still laggards when it comes to adopting the cloud, despite the deep interest seen, because of lack of confidence in securing the data of customers and financial transactions. Recent attacks such as the hack in 2014 of the premier cloud storage solution provider, Dropbox, where around 60 million user accounts were compromised (Conger & Lynley, 2019), prove that cloud security has become a matter of concern for companies that aim to become more digital. Therefore, as the relevance of cloud computing increases throughout society in general, it is now paramount that cloud service providers and users keep security and privacy safeguards of the cloud assets as a major concern.
The literature will explore in-depth how the prevalence of cloud, results in more emphasis on the security of the data stored in the cloud. In this report we will discuss the cloud architecture of cloud services, security threats and challenges in implementing cloud security.
Cloud Architecture and Cloud Security
To understand how cloud security operates, one needs to understand how the cloud computing architecture is framed. The National Institute of Standards and Technology (NIST) defines cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction (Puthal et al., 2015).
Characteristics of Cloud services
One major characteristic of Cloud is that services are self-accessed by the user from multiple devices through internet without the need of network administrators. This feature lets users to access services without being physically present in the infrastructure. Another aspect is that cloud enables organizations to migrate resources from one cloud to another, providing cost effective resource pooling. Aside from ease of migration, cloud also enables elasticity where resources are to be scaled up and down rapidly as per the demand and eliminating the infrastructure implementation cost for the client (A. Jula, 2014).
Another important aspect cloud has is that the users can pick and choose services as per its needs by selecting on demand, for example processing speed, storage memory level, networking protocols, access control and any additional new feature as needed for the user to achieve its personal or business objectives (Fotiou et al., 2015). Finally, the cloud exhibits multi-tenancy where the same cloud infrastructure and services are shared among different tenants.
Cloud services Security
Having an understanding of the characteristics of the cloud, one becomes aware of the context of cloud security as it is the same characteristics that are misused to compromise the security of the assets in the cloud. The threats and attacks directly or indirectly on cloud assets as well as breach of services will affect the integrity, availability and confidentiality of these assets, raising concerns of security among the users and companies (Singh and Chatterjee, 2017). With this in mind, cloud security therefore describes a set of policies, technology, and controls that aims to protect digital assets of the users.
Cloud Security threats
To analyse the types of threats to the cloud, a threat model called STRIDE that classifies threats into six categories (Docs.microsoft.com, 2019) is used and the types are:
- Spoofing identity: Gaining users authentication information such as passwords illegally.
- Tampering with data: Unauthorized changes to data which damages the data held in databases.
- Repudiation: Unauthorized action performed in the system which do have any traces.
- Information disclosure: Disclosing confidential information to unauthorized individuals.
- Denial of service: Servers are flooded with service requests till the point where servers crash. These types of attacks are targeted at availability.
- Elevation of privilege: Unauthorized individual gaining privileged access to damage and compromise the system defenses.
Cloud security services
Cloud security services are the different solutions that are deployed by the service providers to make cloud services secure and reliable and are currently used to ensure the above-mentioned types of threats are under control. On benchmarking existing solutions against the STRIDE model, we see that different solutions are targeted at different types of threats (Halabi & Bellaiche, 2018). In our research, we find that certain solutions are more capable than the other by virtue of resolving at least 4 types of cloud threats.
...
...