Professional Documents
Culture Documents
Cloud Security PPT - ANDREW - R18CS498
Cloud Security PPT - ANDREW - R18CS498
SECURITY
BY – M. ANDREW WILLIAMS
R18CS498
CLOU
INFRASTRUCTUR
D
E
THIS ILLUSTRATION SHOWS THE
POSSIBLE COMMUNICATION
PATHS BETWEEN FIVE ACTORS.
RISK ASSESSMENT IN CLOUD
COMPUTING
TOPMOST THREATS IN CLOUD COMPUTING –
DATA BREACHES -
DATA LOSS -
ACCOUNT OR SERVICE TRAFFIC HIJACKING -
INSECURE INTERFACE AND APIS –
DENIAL OF SERVICE –
MALICIOUS INSIDERS -
INSUFFICIENT DUE DILIGENCE -
ABUSE OF CLOUD SERVICES -
SHARED TECHNOLOGY VULNERABILITIES -
VIRTUAL MACHINE
VULNERABILITIES
DRAWBACKS OF VIRTUAL MACHINE : -
VM ATTACKS - CLOUD SERVER CONTAINS MORE THAN ONE VMS. ONCE VM IS
COMPROMISED, VMS ON THE SAME PHYSICAL SERVER CAN ATTACK EACH
OTHER AS THEY SHARE THE SAME RESOURCES.
MULTITENANCY - BY DESIGN, CLOUD SHARE THE SAME SOFTWARE AND
HARDWARE SOURCE TO RUN THEIR VMS. AS A RESULT, INFORMATION LEAKAGE
AND INCREASE IN THE ATTACK SURFACE CAN OCCUR.
HYPERVISOR ATTACKS - ATTACKER OFTEN CONSIDER HYPERVISOR AS A
POTENTIAL TARGET BECAUSE OF ITS ABILITY TO CONTROL OVER ALL INSTALLED
VMS, THE PHYSICAL SYSTEM AND THE HOSTED APPLICATIONS. EX. HYPER
JACKING, VM ESCAPE.
SECURITY STANDARDS RECOMMENDATIONS
SIEM -
Identity Access Management (IAM)
–
Data Dispersion –
Data Leakage Prevention (DLP) –
Bit Splitting –
Cloud-watch -
Load Balancer –
Ensure Effective Exit Process –
Disaster Recovery Plan -
REFRENCE
S
Guidelines on Security and Privacy in Public Cloud Computing -
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-
144.pdf
Cloud Security Alliance -
https://cloudsecurityalliance.org/group/security-
as-a-service/#_downloads
Cloud standards Customer Council - http://www.cloud-council.org/
Security and Privacy Controls for Federal Information Systems and
Organizations -
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf