Comparison Of Threats And Measures For Cloud Security Policies

DOI : 10.17577/NCRTCA-PID-412

Download Full-Text PDF Cite this Publication

Text Only Version

Comparison Of Threats And Measures For Cloud Security Policies

COMPARISON OF THREATS AND MEASURES FOR CLOUD SECURITY POLICIES

Parikshit V Mulay

Department of MCA Surana College, Kengeri

parikshitvmulay@gmail.com

Gayathri V B

Department of MCA Surana College, Kengeri vallika.gaye@gmail.com

K Keerthi Yadav

Department of MCA Surana College, Kengeri

yadavkeerthi2000@gmail.com

Chandan Hegde Assistant professor Department of MCA

Surana College, Kengeri

AbstractCloud computing has certainly been useful upgrades to information technology. The growing popularity of cloud computing has led to many questions about the infrastructure, software and network security. The risk related to cloud safety precautions is one of the most significant safety risks. The document examines safety policies and illustrates the methods and solutions implemented to safeguard them. In recent years, there have been plenty of developments in the area of cloud security, as well as many improvements to privacy laws. The security of data in cloud computing is covered in this paper. This is an analysis of security issues connected to cloud data and associated topics. Worldwide protection techniques and strategies are employed to guarantee the highest level of data protection by lowering risks and threats. Similar to this, using virtualization for cloud computing may put data at danger when a guest OS is run atop a hypervisor without knowledge of the guest OSs dependability and potential security flaw. The study is based on all the levels of services like SaaS, PaaS, IaaS.

Index TermsCloud Computing, Service models, Security principles, Security challenges, Security Threats, Security Poli- cies.

  1. INTRODUCTION

    Cloud computing will be crucial in the Internet of Ser- vices and computer infrastructure. In the cloud computing environment, both programmers and resource are given to the Internet as Service only on demand. Security and privacy are important concerns with cloud data adoption. Cloud security refers to comprehensive range of rules, tools, and controls used to safeguard the data, applications and the cloud computing infrastructure. Cloud computing network concerns fall into two broad categories : security issues faced by cloud providers and security issues faced by their customers. It is proposed to create a data security architecture for cloud computing networks. The privacy will be utilised to examine the tangible and intangible risks. Some difficulties in data security includes data privacy, data protection and data availability and so on. The many security challenges includes data loss, data threats and severe attacks from outsiders. Chen and Zhao used cloud security methodologies and data segregation to examine and describe difficulties in the cloud computing environment related to data privacy and security

    1. Services of Cloud Computing

      Cloud computing services are divided into three classes, according to the abstraction level of capability provided and

      the service model of providers namely: Infrastructure as a Service (IaaS), Software as a Service(SaaS), Platform as a Service(PaaS). The abstraction level is viewed as the layered architecture in which services of higher level can be build from services of underlying layer[4]

      • In addition to these service models, there are various special- ized services and technologies, including: Storage as a Service, Database as a Service, Serverless Computing, Big Data and Analytics and Internet of Things(IoT).

    2. Cloud Delivery Models

      They define how cloud services are made available to customers by cloud delivery models. There are three primary models for Cloud Delivery Models :

      • to the general public or a large number of customers in addition to managing and owning the infrastructure. Few examples of are Amazon Web Services(AWS), Microsoft Azure and Google Cloud Platform(GCP).

  2. LITERATURE REVIEW

    Gartner (Jay Heiser, 2009) defines cloud computing as a style of computing where massively scalable IT-enabled capabilities are delivered as a service to external customers using Internet technologies [1] Moiz, Venkata, and Srinivas offer a clear understanding of cloud computings fundamental ideas. In this paper, a number of essential ideas are explored by using instances of Applications that can be created with cloud computing, as well as how they can aid the developing world, are discussed. Nabil Giwali put up a solution-based strategy known as the Data Centric Security strategy in 2013. This method seeks to provide security at the data level, so along the course of their existence in cloud environments, the data are self-protecting. With this method, it is only the data owners responsibility to establish and oversee data privacy and security safeguards. This suggested solution makes us of both symmetric and encryption methods and is based on the Chinese Remainder Theorem (CRT). The proposed strategy is shown to be very effective in this study since it eliminates the need for several encryptions of the data file and does not necessitate the use of complicated key derivation techniques[9] The three main categories of Cloud Computing are application, storage and connectivity. Each section has a distinct function and provides various goods to companies all around the world. Software as a Service (SaaS) had been used to describe the services themselves. Cloud-creating architecture was developed to help computer users who are pressed for time solve problems with hardware, software and resource availability. A simple and effective solution for daily computing is offered by cloud computing. The main issue

    with Cloud Computing are cloud security and properly imple- menting the cloud over a network, according to International Journal of Computer. Users can improve the data security of Cloud Computing by using various encrypting techniques, such as Data Encryption Standard(DES)[11] According to Shaikh and Modak, Data Security in the Cloud is always a top priority from the perspectives of both consumers and CSPs. They also discussed some of the most pressing security vulnerabilities in the cloud, according to a thorough analytical assessment produced by CSA. It is suggested to use a model with different data security parameters. These parameters are given certain numerical weights and the customers can use them as a guide for choosing CSP[11] Where Data Sanitization is the process of concealing sensitive information in a test and development of databases by overwriting it with realistic- looking but fictious data of a similar type. An effort has been made to offer solutions that will improve the clouds current capabilities while hiding the display of sensitive data, helping both cloud users and cloud providers by enhancing business intelligence.[12]

  3. SECURITY CHALLENGES

    Cloud computing improvements two influential concerns that is security and the other one is privacy. The virtual environment in the cloud delivers customers to access tech- nology that exceeds that locked their physical world. Cloud also provides various benefits, including versatility, flexibility, cost savings and improved communications.

  4. SECURITY PRINCIPLES FOR CLOUD COMPUTING

    The International Standards Organization(ISO) establishes information security concerns that can also be uses as guide in

    relation to the major security requirements for cloud comput- ing for an eficient and safe technology. The following defines them :

  5. SECURITY POLICIES IN CLOUD COMPUTING The set of guidelines and procedures for safeguarding data

    and other information properties against security risks, human error, and other security threats are defined by cloud security policies. Here, only authorised people have access to your data and applications. Even though cloud service providers (CSPs) typically create cloud security policies, businesses using the cloud also have the option to do so. Example : Data backup and recovery, Data Encryption. Cloud security policies stipulates that :

      • Data kinds that can and cannot be moved to the cloud.

      • How the teams manage the risks associated with each data type.

      • Who makes the choice to move workloads to the cloud?

      • Who has permission to view or move the data?

    1. CREATING A CLOUD SECURITY POLICY

      Creating a cloud security policy for an organization involves considering specific requirements and challenges unique to the specific sector. Heres an example of how to create a cloud security policy for an educational organization:

    2. Advantages of Cloud Security Policies:

      • Improved Data Protection : By specifying encryption criteria, data protection measures, access controls and

        cloud security rules help us to protect delicate information stored in the cloud.

      • Regulatory and Quality Alignment : Cloud security poli- cies ensures that the company ensures with relevant rules and standards.

      • Uniform Security practises : The company may imple- ment regular practises across their cloud environments by establishing cloud security policies.

      • Improved incident responses : These processes are in- cluded I cloud security policies, making sure that the companies have an structured planning for detecting, responding to and reducing security problems.

      • Vendor management : Cloud security policies establishes rules for selecting and managing cloud service providers, so that vendors can satisfy the security objectives of the organizations.

    3. Disadvantages of Cloud Security Policies

      • Complexity and Resource requirements : Creating, im- plementing and maintaining robust cloud security rules may be time-consuming and costly. To maintain policy effectiveness, significant time and constants efforts are required.

      • Potential impact on User experience : Strict security precautions are necessary for additional authentication processes or access limitations, which may impact on user experience. Balancing security with consumer ease can be difficult.

      • Dynamic threat Landscape : Cloud security rules must be updated as an ongoing schedule to handle emerging security threats and vulnerabilities.

      • Balancing security and Flexibility : Strict security reg- ulations may limit the flexibility and agility of cloud services. The organizations must find a balance between security precautions and the advantages of cloud comput- ing, such as scalability and rapid deployment.

        Its a vital role to remember that the advantage and disadvan- tage will differ depending on the companys specific demands, the nature of its activities and the cloud environment being used. When developing and implementing cloud security poli- cies, organization should carefully consider these factors[19]

  6. SECURITY THREATS IN CLOUD COMPUTING In addition to the benefits that cloud computing provides,

    there are several security risks that prevent users from taking

    advantage of these benefits. Security threats that have been acknowledged and a widely accepted are defined in this section.

      • inadequate authentication methods, flaws in cloud infras- tructure or apps. Microsoft, Yahoo, Apples, iClouds and others are businesses that have experienced this problem. Data breaches can be used for financial fraud, identity theft.

      • Other risks are less serious than above mentioned but nev- ertheless present in the cloud environment include lost of governance, acquisitions of cloud providers, threats to trust, failures in isolation and data segregation.

  7. THREATS AND SOLUTIONS TO CLOUD SECURITY POLICY

      • : Exploiting software or infrastructure flaws in cloud service providers. Solution : Keep your software and security patches up to date, perform penetration tests and

        vulnerability analyses, and choose trustworthy and secure cloud service providers.

  8. POPULAR PRACTICES AND METHODS FOR A STRONG SECURITY POLICY

    The success of cloud security policies is ensured by address- ing these threats and putting into place the necessary remedies. This helps to improve the overall security posture of cloud environments. Its critical to adhere to accepted procedures and techniques that support the efficacy of the policy in order to build a solid security policy. Here are some key practices and methods to consider:

  9. CONCLUSION

The Internet of Services and computer infrastructure will rely heavily on cloud computing. Cloud data use raises sig- nificant security and privacy concerns. Cloud security refers to a comprehensive set of rules and methods used to protect

data, apps and cloud infrastructure like Azure. As a result, it is clear that the cloud environment has a particular difficulties and risks when comparing the threats and policies for cloud security. Because of the increasing reliance on cloud services, effective cyber threats targeting sensitive data and infrastruc- ture have increased. Organizations, on the other hand have realized the need of deploying complete security measures to successfully defend their cloud environments. Unauthorized access and data breaches are serious dangers in the cloud. To summarize, while cloud computing poses new data security dangers, firms can effectively minimize these risks using a mix of technical safeguards, operational strategies. Organizations must use multi-factor authentication, storage access controls and encryption measures to secure data in transit and at rest to mitigate these threats. In the cloud, data privacy and compliance are also key challenges.

REFERENCES

[1] Stanojevi and Shorten, 2008 2008, Vaquero et al., 2009 2009, Weiss,

2007, Whyman, 2008, Boss et al., 2009

[2] J. Srinivas, K. Reddy, and A. Qyser, Cloud Computing Basics, Build. Infrastruct. Cloud Secur., vol. 1, no. September 2011, pp. 322, 2014.

[3] Barbara. (2009, Sep.) Eucalyptus [online]. http://open.eucalyptus.com [4] : P. Mell and T. Grance, The NIST Definition of Cloud Computing,

National Institute of Standards and Technology, Information Technology Laboratory,Technical Report Version 15, 2009.

[5] Cloud computing, in Proceedings 1st International Conference on Cloud Computing

[6] (CloudCom 09), Beijing, 2009, pp. 3,27

[7] Z. L. X. C. Z. Y. J. C. Shengmei Luo, Virtualization security for cloud computing services, in International Conference on Cloud and Service Computing, 2011.

[8] J. S. N. G. L. L. I. Meiko Jensen, On Technical Security Issues in Cloud Computing, in IEEE International Conference on Cloud Computing,

Bangalore, India., 2009

[9] Nabil Giweli (2013) Enhancing Cloud Computing Security and Privacy, 20, Jan, 2019

[10] Muijnck-Hughes Jan de (2011) Data Protection in the Cloud, 12 Jan, 2019 [Online], Available: http://www.ru.nl/ds

[11] Rajesh, S., S. Swapna, and P. Shylender Reddy. Data as a service (daas) in cloud computing. Global Journal of Computer Science and Technology12.11-B (212)

[12] Barbara. (2009, Sep.) Eucalyptus [online]. http://open.eucalyptus.com. [13] IEEE/ACM International Symposium on Cluster Computing and the

Grid

[14] The Secure Migration of Data to Cloud using Data Sanitization and MAC address based AES Hitesh Marwaha, IJRTE March 2019.

[15] M. M. E. E. S. S Ramgovind, The Management of Security in Cloud Computing, in Information Security for South Africa (ISSA), 2010.

[16] R. Z. W. X. W. Q. A. Z. Minqi Zhou, Security and Privacy in Cloud Computing: A Survey, in Semantics Knowledge and Grid (SKG), 2010.

[17] Cloud Computing-ENISA-Benefits, risks, and recommendations for information security, ENISA, 2009.

[18] CSA: Top Threats to Cloud Computing, Cloud Security Alliance, 2010.

[19] Cloud security policies https://phoenixnap.com/blog/cloud-security- policy

[20] https://www.getkisi.com/blog/7-tips-prevent-cloud-security-threats