6.4. Additional Considerations This section provides a diverse checklist of issues and guidelines that relate to cloud security. The listed considerations are in no particular order. Flawed Implementations The substandard design, implementation, or configuration of cloud service deployments can have undesirable consequences, beyond runtime exceptions and failures. If the cloud provider’s software and/or hardware have inherent security flaws or operational weaknesses, attackers can exploit these vulnerabilities to impair the integrity, confidentiality, and/or availability of cloud provider IT resources and cloud consumer IT resources hosted by the cloud provider. Figure 6.15 depicts a poorly implemented cloud service that results in a server shutdown. Although in this scenario the flaw is exposed accidentally by a legitimate cloud service consumer, it could have easily been discovered and exploited by an attacker. Figure 6.15. Cloud Service Consumer A’s message triggers...

6.3. Cloud Security Threats This section introduces several common threats and vulnerabilities in cloud based environments and describes the roles of the aforementioned threat agents. 1.Traffic Eavesdropping Traffic eavesdropping occurs when data being transferred to or within a cloud (usually from the cloud consumer to the cloud provider) is passively intercepted by a malicious service agent for illegitimate information gathering purposes (Figure 6.8). The aim of this attack is to directly compromise the confidentiality of the data and, possibly, the confidentiality of the relationship between the cloud consumer and cloud provider. Because of the passive nature of the attack, it can more easily go undetected for extended periods of time. Figure 6.8. An externally positioned malicious service agent carries out a traffic eavesdropping attack by intercepting a message sent by the cloud service consumer to the cloud service. The service agent makes an unauthorized copy of...

6.2. Threat Agents A threat agent is an entity that poses a threat because it is capable of carrying out an attack. Cloud security threats can originate either internally or externally,from humans or software programs. Corresponding threat agents are described in the upcoming sections. Figure 6.3 illustrates the role a threat agent assumes in relation to vulnerabilities, threats, and risks, and the safeguards established by security policies and security mechanisms. Figure 6.3. How security policies and security mechanisms are used to counter threats, vulnerabilities, and risks caused by threat agents 1.Anonymous Attacker An anonymous attacker is a non-trusted cloud service consumer without permissions in the cloud. It typically exists as an external software program that launches network-level attacks through public networks. When anonymous attackers have limited information on security policies and defenses, it can inhibit their ability to formulate effective ...

8.1. Automated Scaling Listener The automated scaling listener mechanism is a service agent that monitors and tracks communications between cloud service consumers and cloud services for dynamic scaling purposes. Automated scaling listeners are deployed within the cloud, typically near the firewall, from where they automatically track workload status information. Workloads can be determined by the volume of cloud consumer-generated requests or via back-end processing demands triggered by certain types of requests. For example, a small amount of incoming data can result in a large amount of processing. Automated scaling listeners can provide different types of responses to workload fluctuation conditions, such as: • Automatically scaling IT resources out or in based on parameters previously defined by the cloud consumer (commonly referred to as auto-scaling). • Automatic notification of the cloud consumer when workloads exceed current thresholds or fall below allocated resou...

6.1. Basic Terms and Concepts Information security is a complex ensemble of techniques, technologies,regulations, and behaviors that collaboratively protect the integrity of and access to computer systems and data. IT security measures aim to defend against threats and interference that arise from both malicious intent and unintentional user error. The upcoming sections define fundamental security terms relevant to cloud computing and describe associated concepts. 1.Confidentiality Confidentiality is the characteristic of something being made accessible only to authorized parties. Within cloud environments, confidentiality primarily pertains to restricting access to data in transit and storage. The message issued by the cloud consumer to the cloud service is considered confidential only if it is not accessed or read by an unauthorized party. Figure 6.1. The message issued by the cloud consumer to the cloud service is considered confidential only if it is not a...