- Premium Academic Help From Professionals
- +1 757 528 8682
- support@standardwriter.com
Cloud Computing Security Project
Cloud Computing Security Project
|
Order Number |
636738393092 |
|
Type of Project |
ESSAY |
|
Writer Level |
PHD VERIFIED |
|
Format |
APA |
|
Academic Sources |
10 |
|
Page Count |
3-12 PAGES |
Instructions/Descriptions
Cloud Computing Security Project
Abstract
Cloud computing technology has become the new frontier in the computing world. The technology has massively impacted individuals and business across the world. However, the technology is faced with certain challenges. This paper provides an in-depth analysis of the security challenges associated with cloud computing, including the respective threats and vulnerabilities. Additionally, the paper addresses the benefits, solutions, and recommendations of cloud computing technology. Cloud Computing Security Project
Cloud Computing Security
Introduction
Over the last half of the century, the Information and Technology field has greatly evolved. Technology is very important to the different sectors of current society. Information, communication and technology (ICT) devices are dependent on one another and when one is disrupted, the rest may also be affected. In previous years, ICT experts have expressed their concern over the protection of ICT systems and cyber-attacks which have prompted them to consider the establishment of policies for the prevention of serious cybercrimes. They expect that in the years to come, these threats to ICT systems will increase significantly and affect several organizations. Cyber security is defined as the act of providing protection to ICT systems and what is contained in them. The term is broad and ambiguous; it tends to contradict the basic nature or scope of its meaning. In some occasions, it is integrated with other concepts such as privacy, the sharing of data and information, accumulation of intelligence and surveillance. Nevertheless, cyber security can be a very vital tool in the protection of privacy and the prevention of unauthorized access and sharing of information. For instance, cyber security facilitates a secured sharing of information amongst different systems within an organization. The focus of this paper is on the theme of vulnerability analysis. It will examine recent Insecurity controls among organizations and in the ICT sector. Cloud Computing Security Project
Cloud computing technology has sparked a lot of debate in recent years. Proponents have expressed optimism with the technology, proclaiming it as the next frontier of the internet. However, critics believe the technology is short-lived because it is founded on old technologies. Cloud computing is an information technology phenomenon where computer services are provided over the internet. Additionally, cloud computing provides a number of IT solutions for businesses and therefore, significantly improves the quality of services. Cloud computing technology can be deployed in four main models: public, private, hybrid and community models. Conversely, the technology is recognized in different models that include Software as a service (SaaS), platform as a service (PaaS) and Infrastructure as a service (IaaS). SaaS, in particular, is a cloud computing model where applications are hosted remotely by a provider and accessed via the internet on a subscription basis. This paper will identify the security issues associated with the SaaS model of cloud computing. Cloud Computing Security Project
Security Issues
Initially, the SaaS software could be purchased, loaded into a device, or established on premise. As previously mentioned, SaaS offers the opportunity to access some computer services over the internet. In most cases, service providers are concerned with multiple users’ accessibility to information. Therefore, companies providing the services should ensure that multiple users do not have access to each other’s information. As advancements in internet usage have introduced a number of security issues, it becomes a challenge to migrate data from the service provider to the client successfully. The provider is presented with two options for hosting the SaaS software; the provider can independently host the application on a private server or the provider can host the application on third-party infrastructure. Below is some of the security issues associated with the SaaS model. Cloud Computing Security Project
Data Security
As previously mentioned businesses and organization employ computer services on-premise and are responsible for any security concerns. However, in the SaaS model, data is stored and managed at the provider’s location. The migration of data from the provider to the user is faced with security risk as it is done on the internet. Providers should adopt adequate security measures to ensure data protection and avert any system vulnerabilities that might compromise data security. Such security measures include strong encryptions and high-level authorization. Amazon Inc, being the biggest cloud computing company in the world, has employed a high-security feature that ensures safety for their client’s information known as Strong Secure Shell (SSH) protocol. The protocol ensures a secure remote login into the servers and provides adequate authentication through strong encryption. Amazon also allows clients to encrypt data before uploading on their servers to limit access by unauthorized users.
Application Security
In the SaaS model, clients access the application through the internet. Managing and using application through the internet is faced with several security challenges, including SQL injection, among others. SaaS is based on the Application Program Interface (API) that facilitates communication of components involved with the software. Although API is associated with a lot of benefits on SaaS, it is also associated with certain challenges. For instance, insufficient coded API can be easily attacked. In most cases, SaaS uses Web Services Description Language (WDSL) to connect through the internet. WDSL is used in conjunction with SOAP and XML schema and transmitted via HTTP to describe a web service. According to Doroodchi, Iranmehr & Pouriyeh (2009), this method of describing web services is hitched to vulnerabilities. For example, WSDL scanning that can significantly affect SaaS. Additionally, certain types of malware (malicious software) may affect the system when SaaS platform is accessed through mobile devices.
Deployment Security
Currently, SaaS is based on the virtualization technology. The technology allows the creation of virtual resources and necessitates interacting of various operating systems. Vulnerabilities associated with virtualization can significantly affect the security of SaaS. For example, the Network File System (NFS) traffic can tamper with the memory and therefore allow unauthorized authentication.
Data Segregation
Cloud computing allows several users on a single server. Using the application provided by the SaaS provider, several users can store data on a common server. In such a case, users can easily intrude on other user’s data in many ways. The loop holes in the application can facilitate hacking into other user’s data. In addition, client code can be used to access information on the application.
Solutions
Although there is unlimited literature on SaaS security analysis, the solution to the security issues identified above is limited. Some of the proposed solutions are associated with factors that should be considered before being applied. Data security is a major issue in the SaaS application and involves certain elements that include confidentiality, availability, integrity, and authorization, etc. According to Wu, Ding, Winer& Yao (2010), SSL encryption and division of data can be used to achieve data confidentiality, availability, and integrity. However, SSL and data division does not address false certification. Additionally, the homomorphic token can be used to locate attacked server and therefore improving data security. (Basescu et al. 2011) present a framework that facilitates providers defines and implement security policies on the platform. The framework identifies some of the attacks and formulates them into viable policies. A violation detection engine can be developed using the policies to detect the activity of the users.
The authentication mechanism is crucial for the SaaS applications to restrict unauthorized access. Choudhury et al (2012). It proposes an authentication framework that verifies the identity of the user before granting access. This framework is advantageous because it can prevent various attacks for example replay attack. However, Shashwat, Kumar & Chanana (2017), indicate that the framework needs a formal security proofing technique. On the other hand, Greenstadt& Beal (2008), propose a framework that assists users accessing the platform using mobile devices. The framework advocates for enhancement of devices through machine learning approaches, for example, radial basis function. Malware is another major issue associated with mobile devices. However, mobile devices malware can be addressed using static analysis as proposed by Sahs & Khan (2012).
Biometric authentication can be used to secure SaaS application. This type of authentication utilizes users’ body parts, for instance, the eye, fingers and voice/speech to identify the rightful owner of device access in the SaaS application. However, the accuracy of this method of authentication can be affected by injury to the body part used. For example, injury to the finger or the eye can deny access to the user. Additional security is therefore, necessary when using the biometric technique.
The web vulnerabilities caused by the API can be solved using the procedure proposed by Jensen, Schwenk, Gruschka & Iacono (2009). The procedure provides validation required to verify SOAP request. Additionally, Rahaman, Schaad & Rits (2006), presents a framework that is based on message structure of the SOAP. The framework detects any rewriting attacks by the XML and is advantageous because it addresses the issue of SOAP. There are various types of XML attacks, for example, the injection attack. Doroodchi, Cranmer & Pouriyeh (2009), proposed a solution that can address the different types of XML attacks. The XML security standards, such as XML signature, XML encryption and key management, should be used at all times to improve the security on the internet. However, the standards are unable to deal with distributed denial of service (DDoS) attacks which can shut down internet servers. Chonka, Xiang, Zhou & Bonti (2011), proposed a solution that can deal with HTTP and XML based DDoS attack. The solution utilizes the trace back technique together with back propagation neutral network to identify, detect and eliminate the attacks.
According to Li et al (2012), a solution to address security issues related to virtualization, known as cyberguard, provides two distinct services that include virtual machine and virtual network services. The virtual machine service, for example, controls and manages the various aspects involved in hypervisor virtualization. The security issues presented by the virtualization technology can be addressed with deployment mechanism approach. The approach intercepts calls and process behavior on the system. Additionally, the approach necessitates the isolation of virtual machine and virtual network, therefore protecting cloud services. Pearce, Zeadally & Hunt (2013) proposed hardening of the virtual systems as a way of securing virtualization for example secured hypervisor, etc. Packet sniffing and spoofing are major threats to virtualization. Wu, Ding, Winer & Yao (2010), indicate that the threats can be eliminated by a novel virtual network model. The model provides firewall protection to the routing layer.
Cloud-based antivirus is another solution to SaaS security challenges. The antivirus is only compatible with certain products that cannot detect malware adequately. However, the antivirus method can be enhanced by using other techniques, such as server-side malware detection or a proxy server which can be used to record the user’s traffic on the application.
Recommendations
Certain security measures should be utilized to protect data during storage and transmission. Servers can group data into different categories based on the user’s confidentiality. The categories can include highly encrypted data, light encrypted data, and plain data. Grouping the data minimizes massive data in case the security is compromised. Forward error correction code can be used to make data into longer files especially where data is stored on various servers. Homomorphic encryption is a security features that ensures verification of every access to the databases and therefore, averting attacks such as SQL injection, can ensure confidentiality when a third party is involved.
The service providers should ensure that the information under their custody can only be accessed by authorized users. A log management system should be used to capture any attempt to access the database. Additionally, the log system should be checked often and have adequate security controls in place employed to prevent interference with the system. Cloud service providers should provide adequate backup systems; for example, the RAID storage system. Additionally, adequate backup systems should secure from any leakage.
Effective encryption and mutual authentication should be used to address security issues during transmission of data from the provider to the user. Public key infrastructure is one of most effective authentication mechanism that can be used. There are several mechanisms, such as transport layer security and internet protocol security that can be used to provide security during communication between the provider and the user. SaaS security issues can also be addressed from the application viewpoint which can be very helpful in addressing some of the common security issues. Additionally, the SaaS application can be designed in such a way as to avoid common security issues. Some of the ways of designing the SaaS applications include:
- In the Stateless design, data is stored either on the client side or in the database. In doing so, single transactions can be handled at two different instances simultaneously.
- Asynchronous operations- in this method, the SaaS application can still run while input and output are in the process.
- Resources pooling- this method allows cloud services providers to forecast the user’s utilization rate. Additionally, pooling of resources maximizes the resources available for provisioning.
Benefits of Cloud Computing Security
Protection against DDoS
Distributed denial of service (DDoS) occurs when a different application is used in the same server as in the case of cloud computing. Georgiev&Nikolova (2017), indicate that the attack is on the rise in the recent past. A website attacked by DDoS is unable to adequately respond to the user’s request. The attack can temporarily incapacitate the website for hours or even days. Adequate security measures can help to identify, monitor and analyze the attack.
Data security
Data is an essential element in cloud computing. Several major breaches have occurred in the past affecting big corporations. However, a sufficient security plan can identify and control any data breaches and therefore prevent unauthorized access and tampering of data.
Compliance with regulations
Data security is very strict is certain industries, for example, the banking industry. Organizations in such industries are expected to adhere to strict regulations and guidelines. Quality security solutions, therefore, help organizations in such industries comply with the regulations.
Flexibility
A viable solution to the challenges affecting cloud computing, providing security for operations. Security ensures flexibility during high and low traffic on the application.
Threats and Vulnerability of Cloud Computing Security
Data Breaches
Most enterprises are storing their data in the cloud. A breach happens when a malicious person or unauthorized entry into a server occurs, thus compromising the data. Data breaches are one of the biggest threats to cloud computing. Data breaches can lead to fines, lawsuits, and significant losses.
Solution
The data breach can be avoided by isolating virtual machines wiping of data after use. Amazon Web Services have successfully used the technique to avert data breaches.
Data loss
Cloud services providers are faced with inefficiencies in preventing data loss. Although a lot of people are trusting cloud platforms for data security, data loss is inevitable. Data can be lost in many ways including suspicious deletion or virus attack. An increasing number of companies have lost sensitive and/or proprietary data in the cloud due to inadequate security measures.
Solution
Loss of data can be managed by the Data Loss Prevention tool; used to trail active and sensitive data in the cloud. Additionally, enterprise rights management is a technology that manages access to delicate information.
Hacking
Hacking is a threat facing many internet platforms including cloud computing. A malicious intruder can hack into the servers and interfere with cloud operations. Such individuals can insert false information or steal valuable information.
Solution
Two-factor authentication techniques can be used to detect and identify unauthorized users in the system. Strong Firewall protection can also be used to restrict access.
Insecure API
Application programming interface (API) provides the communication channel between the provider and the user. Weak and insecure API can provide a doorway for malicious attackers to access the platform and compromise the integrity and confidentiality of the services provided.
Solution
Proper evaluation of the API codes and systems can help avert the security challenge.
Data transmission
The channel of data transmission from the provider to the user can result in loss or breach if adequate security measures are not addressed. However, the situation can be avoided by the use of encrypted channels such as SSL, etc.
Solution
The service provider should provide a secure and encrypted transmission of data.
Cloud Provisioning
Cloud provisioning refers to the process of providing cloud services and resources to the user within a defined infrastructure. The provisioning is done in three main ways that include advance, dynamic, and self-provisioning. In advance provisioning, the user enters in agreement with the provider for use of services rendered. In return the user is either charged a flat rate fee or billed on a regular basis. In dynamic provisioning, services are provided on a need-to-need basis. The provider bills the user for services on a pay-per-use basis. Finally, in self-provisioning, a user creates an account with the provider for clouding services. In this case, services only last longer than the other provisioning methods.
Certain security measures should be utilized to protect data during storage and transmission. Servers can group data into different categories based on the user’s confidentiality. The categories can include highly encrypted data, light encrypted data, and plain data. Grouping the data minimizes massive data in case the security is compromised. Forward error correction code can be used to make data into longer files especially where data is stored on various servers. Homomorphic encryption is a security features that ensures verification of every access to the databases and therefore, averting attacks such as SQL injection, can ensure confidentiality when a third party is involved.
Conclusion
Although cloud services provide a number of benefits to individuals and businesses, many issues are yet to be resolved. Some of the major issues that are not fully addressed include security and privacy. Even though cloud services providers are trying to address these issues, a number of individuals and organizations have suffered due to breach of private information from several threats and vulnerabilities including hacking and security breaches. Individuals may not realize the full potential of cloud computing until security and privacy issues are addressed. This paper has identified some of the security challenges associated with SaaS application, a particular cloud computing model. Some of the identified security challenges associated with SaaS application include data and application security. The paper has also provided solutions to the challenges identified. Biometric identification and application authentication are some of the solutions to address the security challenges. Homomorphic encryption and a log system are some of the security features recommended to improve cloud services. Addressing security issues in cloud computing has certain benefits, including the detection and prevention of certain attacks that can be detrimental to the Saas application. Finally, the paper identifies ways in which cloud services are provided to the user. Cloud Computing Security Project
Cloud Computing Security Project
