6.4 additional considerations (Fundamental Cloud Security U2C2) Cloud computing concept(chapter 6)

6.4. Additional Considerations

This section provides a diverse checklist of issues and guidelines that relate to cloud security.
The listed considerations are in no particular order.
Flawed Implementations
The substandard design, implementation, or configuration of cloud service deployments can have undesirable consequences, beyond runtime exceptions and failures.
If the cloud provider’s software and/or hardware have inherent security flaws or operational weaknesses, attackers can exploit these vulnerabilities to impair the integrity, confidentiality, and/or availability of cloud provider IT resources and cloud consumer IT resources hosted by the cloud provider.
Figure 6.15 depicts a poorly implemented cloud service that results in a server shutdown. Although in this scenario the flaw is exposed accidentally by a legitimate cloud service consumer, it could have easily been discovered and exploited by an attacker.
Figure 6.15. Cloud Service Consumer A’s message triggers a configuration flaw in Cloud Service A, which in turn causes the virtual server that is also hosting Cloud Services B and C to crash.


Security Policy Disparity
When a cloud consumer places IT resources with a public cloud provider, it may need to accept that its traditional information security approach may not be identical or even similar to that of the cloud provider.
This incompatibility needs to be assessed to ensure that any data or other IT assets being relocated to a public cloud are adequately protected.
Even when leasing raw infrastructure based IT resources, the cloud consumer may not be granted sufficient administrative control or influence over security policies that apply to the IT resources leased from the cloud provider.
This is primarily because those IT resources are still legally owned by the cloud provider and continue to fall under its responsibility.
Furthermore, with some public clouds, additional third parties, such as security brokers and certificate authorities, may introduce their own distinct set of security policies and practices, further complicating any attempts to standardize the protection of cloud consumer assets.


Contracts
Cloud consumers need to carefully examine contracts and SLAs put forth by cloud providers to ensure that security policies, and other relevant guarantees, are satisfactory when it comes to asset security.
There needs to be clear language that indicates the amount of liability assumed by the cloud provider and/or the level of indemnity the cloud provider may ask for.
The greater the assumed liability by the cloud provider, the lower the risk to the cloud consumer.
Another aspect to contractual obligations is where the lines are drawn between cloud consumer and cloud provider assets. A cloud consumer that deploys its own solution upon infrastructure supplied by the cloud provider will produce a technology architecture comprised of artifacts owned by both the cloud consumer and cloud provider.
If a security breach (or other type of runtime failure) occurs, how is blame determined? Furthermore, if the cloud consumer can apply its own security policies to its solution, but the cloud provider insists that its supporting infrastructure be governed by different (and perhaps incompatible) security policies, how can the resulting disparity be overcome?
Sometimes the best solution is to look for a different cloud provider with morecompatible contractual terms.

Risk Management
When assessing the potential impacts and challenges pertaining to cloud adoption, cloud consumers are encouraged to perform a formal risk assessment as part of a risk management strategy.
A cyclically executed process used to enhance strategic and tactical security, risk management is comprised of a set of coordinated activities for overseeing and controlling risks.
The main activities are generally defined as risk assessment, risk treatment, and risk control (Figure 6.16). • Risk Assessment – In the risk assessment stage, the cloud environment is analyzed to identify potential vulnerabilities and shortcomings that threats can exploit.
The cloud provider can be asked to produce statistics and other information about past attacks (successful and unsuccessful) carried out in its cloud.
The identified risks are quantified and qualified according to the probability of occurrence and the degree of impact in relation to how the cloud consumer plans to utilize cloud-based IT resources.

Figure 6.16. The on-going risk management process, which can be initiatedfrom any of the three stages.

• Risk Treatment – Mitigation policies and plans are designed during the risk treatment stage with the intent of successfully treating the risks that were discovered during risk assessment.
Some risks can be eliminated, others can be mitigated, while others can be dealt with via outsourcing or even incorporated into the insurance and/or operating loss budgets.
The cloud provider itself may agree to assume responsibility as part of its contractual obligations.
• Risk Control – The risk control stage is related to risk monitoring, a three step process that is comprised of surveying related events, reviewing these events to determine the effectiveness of previous assessments and treatments, and identifying any policy adjustment needs.
Depending on the nature of the monitoring required, this stage may be carried out or shared by the cloud provider.

Cloud computing concept Book Link
CLOUDCOMPUTING THEORY PLAYLIST
CLOUD COMPUTING PRACTICAL PLAYLIST
Subscribe the Channel Link
IF any #Query or #Doubt #DM on #Instagram :- #bansode_ajay_2102
#bansode_tech_solution

Comments

Post a Comment

Popular posts from this blog

Load Data From Excel To Grid View in Asp.net C#

Image
Load Data From Excel To Grid View in Asp.net C# This is very easy to load data from excel sheet to grid view in asp.net web page using c#. In this tutorial you can learn how to Load excel sheet data to Grid View easily using asp.net C# code. This tutorial also covers how to get data from any excel file to Grid View dynamically in c# using file Upload control. Follow this steps 1. Create an asp.net project. 2. design asp.net page with file Upload, button control and a Grid View control. 3. create an excel connection string in the web config file. 4. Write code to load data from excel sheet to Grid View asp.net using C#. code:- using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.IO; using System.Collections; using System.Configuration; using System.Data.OleDb; using System.Data; public partial class _Default : System.Web.UI.Page {     protected void Page_Load(...
Read more

Advance Web Programming | TYIT | Mumbai University | Practical 1A | Product of 4 Value

Image
Advance Web Programming | TYIT | Mumbai University | Practical 1A | Product of 4 Value ASP.net Design :- csharp Code :- #using System; namespace WebApplicationpractical1 { public partial class WebForm1practical1A : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } protected void Button1_Click(object sender, EventArgs e) { int value1, value2, value3, value4, Product; value1 = Convert.ToInt32( TextBoxvalue1.Text); value2 = Convert.ToInt32( TextBoxvalue2.Text); value3 = Convert.ToInt32( TextBoxvalue3.Text); value4 = Convert.ToInt32( TextBoxvalue4.Text); Product = value1 * value2 * value3 * value4; FinalProduct.Text = Product.ToString(); } } }
Read more

10.5. Identity and Access Management (IAM) in Cloud Computing

Image
10.5. Identity and Access Management (IAM) The identity and access management (IAM) mechanism encompasses the components and policies necessary to control and track user identities and access privileges for IT resources, environments, and systems. Specifically, IAM mechanisms exist as systems comprised of four main components: • Authentication – Username and password combinations remain the most common forms of user authentication credentials managed by the IAM system, which also can support digital signatures, digital certificates, biometric hardware (fingerprint readers), specialized software (such as voice analysis programs), and locking user accounts to registered IP or MAC addresses. • Authorization – The authorization component defines the correct granularity for access controls and oversees the relationships between identities, access control rights, and IT resource availability. • User Management – Related to the administrative capabilities of the system, the user manag...
Read more