CLOUD

SECURITY
BY – M. ANDREW WILLIAMS
R18CS498
CLOU
INFRASTRUCTUR
D
E
THIS ILLUSTRATION SHOWS THE
POSSIBLE COMMUNICATION
PATHS BETWEEN FIVE ACTORS.
RISK ASSESSMENT IN CLOUD
COMPUTING
 TOPMOST THREATS IN CLOUD COMPUTING –
 DATA BREACHES -
 DATA LOSS -
 ACCOUNT OR SERVICE TRAFFIC HIJACKING -
 INSECURE INTERFACE AND APIS –
 DENIAL OF SERVICE –
 MALICIOUS INSIDERS -
 INSUFFICIENT DUE DILIGENCE -
 ABUSE OF CLOUD SERVICES -
 SHARED TECHNOLOGY VULNERABILITIES -
VIRTUAL MACHINE
VULNERABILITIES
 DRAWBACKS OF VIRTUAL MACHINE : -
 VM ATTACKS - CLOUD SERVER CONTAINS MORE THAN ONE VMS. ONCE VM IS
COMPROMISED, VMS ON THE SAME PHYSICAL SERVER CAN ATTACK EACH
OTHER AS THEY SHARE THE SAME RESOURCES.
 MULTITENANCY - BY DESIGN, CLOUD SHARE THE SAME SOFTWARE AND
HARDWARE SOURCE TO RUN THEIR VMS. AS A RESULT, INFORMATION LEAKAGE
AND INCREASE IN THE ATTACK SURFACE CAN OCCUR.
 HYPERVISOR ATTACKS - ATTACKER OFTEN CONSIDER HYPERVISOR AS A
POTENTIAL TARGET BECAUSE OF ITS ABILITY TO CONTROL OVER ALL INSTALLED
VMS, THE PHYSICAL SYSTEM AND THE HOSTED APPLICATIONS. EX. HYPER
JACKING, VM ESCAPE.
SECURITY STANDARDS RECOMMENDATIONS

 SIEM -
 Identity Access Management (IAM)
–
 Data Dispersion –
 Data Leakage Prevention (DLP) –
 Bit Splitting –
 Cloud-watch -
 Load Balancer –
 Ensure Effective Exit Process –
 Disaster Recovery Plan -
REFRENCE
S
 Guidelines on Security and Privacy in Public Cloud Computing -
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-

144.pdf
 Cloud Security Alliance -
https://cloudsecurityalliance.org/group/security-
as-a-service/#_downloads
 Cloud standards Customer Council - http://www.cloud-council.org/
 Security and Privacy Controls for Federal Information Systems and
Organizations -
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf