The use of cloud computing expands the risk of insider access not only to the staff of cloud service company but also the consumers of the cloud services. A good example can be drawn from the denial of service attack launched by a malicious insider as demonstrated by a well-known Infrastructure as a Service (IaaS) cloud infrastructure (Sense Post: , 2009). The insider access risk can be mitigated by deploying technical and administrative procedures that will monitor the activities of the users with access to the cloud infrastructure. An example of such procedures include access reviews for users with especially high risk access rights (such as execute access rights to data objects). These control procedures may be monitored by a third …show more content…
The base cloud service provider here is the provider who provides the primary cloud services with which the other service providers build their services on. The use of composite cloud services generates the risk of control over the third party services. The cloud service provider is required to disclose the relationship with other third parties and terms of service involving the third party should be clearly defined. The cloud service provider should provide an assurance of how liability and performance will be achieved in the composite cloud services. The service agreements should be developed based on the performance capabilities of all the nest cloud service providers. o Visibility – The use of cloud services requires an organization to hand over the security management procedures of the systems with which the organization’s data and applications operate on to the service provider. Management and technical security control measures of the service provider should be in alignment with that of the service consumer to ensure that the security objectives of the consumer is achieved. Research on metrics for comparing the security procedures and controls between the consumer and service provider is still underway (Jansen, Directions in Security Metrics Research, 2009). An ideal procedure for gaining visibility of security requires the service provider to disclose details about their security and privacy measures to the consumer. Service providers are however sceptical
Organizations use the Cloud in a variety of different service models (SaaS, PaaS, IaaS) and deployment models (Private, Public, Hybrid). There are a number of security issues/concerns associated with cloud computing but these issues fall into two broad categories: Security issues faced by cloud providers (organizations providing software-, platform-, or infrastructure-as-a-service via the cloud) and security issues faced by their customers.In most cases, the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the customer must ensure that the provider has taken the proper security measures to protect their information.
To understand the public cloud computing environment that is being offered by the cloud providers. The responsibilities of an organization and the cloud providers vary depending on the service model. Any organization should understand and organize the process of consuming the cloud services and also keep an eye on the delineation responsibilities over the computing environment and implicate security and privacy. Assurances or certification and compliance review entity paid by the cloud providers to support security or privacy should be well verified time to time by organization through independent assessment.
The high regard to cloud computing is on the rise due to its ability to improve flexibility, expand access to data, and lower costs. Cloud computing release organizations from being required to have their hardware and software infrastructure from being acquired and maintained (Holt, Niebuhr, Aichberger, & Rosiello, 2011). On the other hand, while there is much noise being made about the benefits of cloud computing, questions have been brought up with respect to whether cloud computing is safe especially when it comes to its privacy, security, and reliability. The purpose of this paper is to discuss the different general controls and audit approaches for software and architecture, cloud computing, service-oriented architecture, and virtualization. This paper gives a summary analysis of the recent research that is available. Additionally, risks and vulnerabilities associated with public clouds, private clouds, and hybrids have also been researched. Within the research conducted, there are important examples provided. Recommendations are shown on how organizations could implement and mitigate these risks and vulnerabilities. This paper even outlines a list of IT audit tasks that focuses on a cloud computing environment due to the results of the analysis, the risks and vulnerabilities, and the mitigation controls.
1. Security Policy First. At the very least, your security strategy should include procedures to prevent and detect abuse, as well as guidelines for conducting internal investigations. It should explain the potential consequences of abuse. First read the existing security policy, in particular the security policy on event handling. Rework depends in part on trusting insiders. For example, your event handling plan should not require your team to contact the administrator of the suspicious system to gain access - he or she may be the culprit. Next, make sure that your policies detail restrictions on access and dissemination of your employees, temporary workers, and other personal data that may be surveyed. Handling such data can have serious consequences, including legal action. Specify who is allowed to access which
Cloud services: The organizations have been highly dependent on the cloud services. The cybercriminals have been seeking ways to exploit corporate security policies for protecting cloud services. The cloud services have been providing immense risk of data being disclosed deliberately or accidentally. The hosting companies have a greater ease of control over the private data and information and can even communicate between the end user and access his user data even without his permission. Therefore this threat has to be placed at the highest priority. Additionally, the cloud providers have the authority to the share information with any of the third parties even without any warrant. All these activities poses privacy concerns as the data can be access on the cloud anywhere and anytime where the information can be deleted, or even altered. All these activities have further left a room for potential unwanted disclosure of data and information on the cloud. Thus using cloud services in an organization poses a threat to exploitation and stealing of confidential data by their competitors, cybercriminals and vigilante justice seekers (Shaikh, F. B., & Haider, S., 2011).
Security of data has reliably been a noteworthy issue in information technology. In the cloud computing environment, it turns out to be especially genuine on the grounds that the data is situated in better places even in all the globe. Information security and protection assurance are the two primary elements of client 's worries about the cloud technology. In spite of the fact that numerous strategies on the subjects in cloud computing have been examined in both scholastics and commercial enterprises, data security and protection assurance are turning out to be more imperative for the future advancement of cloud computing technology in government, industry, and business. Data security and privacy protection issues are applicable to both hardware and software in the
Cloud computing is a novel tool that provides an opportunity for large or small business owners based on an entirely new business model. The term cloud computing itself is a familiar term, however, the specific meaning can be difficult to define. This paper discusses several facets of cloud computing topics to include cloud benefits, characteristics, as well as service models.
In common usage, the term " cloud " is basically a metaphor for the Internet . Marketers have popularized the phrase " in the cloud " to refer to the software , platform and infrastructure that are sold " as a service" , ie remotely over the Internet . Typically , the seller has actual server energy-consuming products and services that host from a remote location , so the end user does not need to ; they can simply log on to the network without installing anything . The flagship model of cloud computing service , known as software as a service , platform as a service , and infrastructure as a service . Cloud services can be offered in a range of public,
ABSTRACT: Cloud computing is nothing but an internet based connection to remote servers which allows to store data and access to all services. These services are provided by the third party who owns the infrastructure. Cloud computing is classified into public, private or hybrid. It is a kind of grid computing. It is flexible and easy to adapt. Apart from advantages organizations are very slow in processing the customer resources because it has some security issues and challenges associated with it. Security is the main issue which is becoming a big hurdle for the growth of cloud computing. The companies are worrying to handle some important data to other companies due to these security challenges. This paper is going to give brief
As depicted in figure 3, the technical details, arrangements and management of the cloud service providers’ network is transparent to the cloud user. From the end of the cloud user, the service from the provider comes in the form of SaaS, PaaS or IaaS where the cloud user has no intention or worry about what goes on in the internal arrangement of the cloud service providers’ network. Any disruption of any form for whatever is the reason, deem to the cloud users either as service unavailability or quality deterioration – its affect and ways to counter this disruption is a critical part for the cloud infrastructure. Security issues might play a stimulating role as a driving factor for any aforementioned disruption.
Reaching the point where computing functions as a utility has great potential, promising innovations we cannot yet imagine. Customers are both excited and nervous at the prospects of Cloud Computing. They are excited by the opportunities to reduce capital costs. They are excited for a chance to divest themselves of infrastructure management, and focus on core competencies. Most of all, they are excited by the agility offered by the on-demand provisioning of computing and the ability to align information technology with business strategies and needs more readily. However, customers are also very concerned about the risks of Cloud Computing if not properly secured, and the loss of direct control over systems for which they are nonetheless accountable. To aid both cloud customers and cloud providers, CSA developed “Security Guidance for Critical Areas in Cloud Computing”, initially released in April 2009, and revised in December 2009. This guidance has quickly become the industry standard catalogue of best
The cloud era has evolved to become the engine of enterprise technology innovation but, this advancement has also made us vulnerable to security issues related to cloud. Although moving to cloud has provided us with benefits like reduced IT costs, Scalability, access to automatic updates, collaboration efficiency and many more, yet it also requires business level security policies. And in the absence of these policies, companies become susceptible to security or data breaches.
Transparency is often looked over when it comes to system security and privacy by an organization. The service arrangements should include ways the organization can have insight on the security controls and processes the cloud provider and their performance over time. For example, the service agreement could tell how the organization can perform audit controls via a third party, to validate control aspects that are accessible or assessable by the consumer.
cloud computing means to deliver services in rapid speed on demand at any time and from any location. Access can be reached from any device. Could computing covers both office based surface and also the out-sourced platform. A lot of survey has been taken place to determine the benefits of cloud computing. As one survey postulate that based on written statement from CIO chief information officers. They reported in their survey that nearly 50 countries in year 2014 the greater number of information technologies’ survives were operating in the cloud computing platform. Also
The cloud infrastructure is generally owned and managed by the service provider. Multiple customers share the computing resources provides by a single service provider, customers can quickly access these resources and only pay for the operating resources. The customer has no visibility over the location of the cloud computing infrastructure and infrastructure is shared between organizations. Public clouds are shared