Broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing
Cloud computing security or, more simply, cloud security refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.
Cloud computing and storage provide users with capabilities to store and process their data in third-party data centers.[1] Organizations use the cloud in a variety of different service models (with acronyms such as SaaS, PaaS, and IaaS) and deployment models (private, public, hybrid, and community).[2]
Security concerns associated with cloud computing are typically categorized in two ways: as security issues faced by cloud providers (organizations providing software-, platform-, or infrastructure-as-a-service via the cloud) and security issues faced by their customers (companies or organizations who host applications or store data on the cloud).[3] The responsibility is shared, however, and is often detailed in a cloud provider's "shared security responsibility model" or "shared responsibility model."[4][5][6] The provider must ensure that their infrastructure is secure and that their clients data and applications are protected, while the user must take measures to fortify their application and use strong passwords and authentication measures.[5][6]
When an organization elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially sensitive data is at risk from insider attacks. According to a 2010 Cloud Security Alliance report, insider attacks are one of the top seven biggest threats in cloud computing.[7] Therefore, cloud service providers must ensure that thorough background checks are conducted for employees who have physical access to the servers in the data center. Additionally, data centers are recommended to be frequently monitored for suspicious activity.
In order to conserve resources, cut costs, and maintain efficiency, cloud service providers often store more than one customer's data on the same server. As a result, there is a chance that one user's private data can be viewed by other users (possibly even competitors). To handle such sensitive situations, cloud service providers should ensure proper data isolation and logical storage segregation.[2]
The extensive use of virtualization in implementing cloud infrastructure brings unique security concerns for customers or tenants of a public cloud service.[8] Virtualization alters the relationship between the OS and underlying hardware be it computing, storage or even networking. This introduces an additional layer virtualization that itself must be properly configured, managed and secured.[9] Specific concerns include the potential to compromise the virtualization software, or "hypervisor". While these concerns are largely theoretical, they do exist.[10] For example, a breach in the administrator workstation with the management software of the virtualization software can cause the whole datacenter to go down or be reconfigured to an attacker's liking.
Cloud security architecture is effective only if the correct defensive implementations are in place. An efficient cloud security architecture should recognize the issues that will arise with security management.[11] The security management addresses these issues with security controls. These controls are put in place to safeguard any weaknesses in the system and reduce the effect of an attack. While there are many types of controls behind a cloud security architecture, they can usually be found in one of the following categories:[11]
It is generally recommended that information security controls be selected and implemented according and in proportion to the risks, typically by assessing the threats, vulnerabilities and impacts. Cloud security concerns can be grouped in various ways; Gartner named seven[12] while the Cloud Security Alliance identified twelve areas of concern.[13] Cloud access security brokers (CASBs) are software that sits between cloud users and cloud applications to provide visibility into cloud application usage, data protection and governance to monitor all activity and enforce security policies.[14]
Scanning the cloud from outside and inside using free or commercial products is crucial because without a hardened environment your service is considered a soft target. Virtual servers should be hardened just like a physical server against data leakage, malware, and exploited vulnerabilities. "Data loss or leakage represents 24.6% and cloud related malware 3.4% of threats causing cloud outages[16]
Scanning and penetration testing from inside or outside the cloud must be authorized by the cloud provider. Since the cloud is a shared environment with other customers or tenants, following penetration testing rules of engagement step-by-step is a mandatory requirement. Violation of acceptable use policies can lead to termination of the service.[17]
There are numerous security threats associated with cloud data services. This includes traditional threats and non-traditional threats. Traditional threats include: network eavesdropping, illegal invasion, and denial of service attacks, but also specific cloud computing threats, such as side channel attacks, virtualization vulnerabilities, and abuse of cloud services. The following security requirements limit the threats.[18]
Data confidentiality is the property that data contents are not made available or disclosed to illegal users. Outsourced data is stored in a cloud and out of the owners' direct control. Only authorized users can access the sensitive data while others, including CSPs, should not gain any information of the data. Meanwhile, data owners expect to fully utilize cloud data services, e.g., data search, data computation, and data sharing, without the leakage of the data contents to CSPs or other adversaries.
Access controllability means that a data owner can perform the selective restriction of access to their data outsourced to the cloud. Legal users can be authorized by the owner to access the data, while others can not access it without permissions. Further, it is desirable to enforce fine-grained access control to the outsourced data, i.e., different users should be granted different access privileges with regard to different data pieces. The access authorization must be controlled only by the owner in untrusted cloud environments.
Data integrity demands maintaining and assuring the accuracy and completeness of data. A data owner always expects that her or his data in a cloud can be stored correctly and trustworthily. It means that the data should not be illegally tampered, improperly modified, deliberately deleted, or maliciously fabricated. If any undesirable operations corrupt or delete the data, the owner should be able to detect the corruption or loss. Further, when a portion of the outsourced data is corrupted or lost, it can still be retrieved by the data users.
Some advanced encryption algorithms which have been applied into cloud computing increase the protection of privacy. In a practice called crypto-shredding, the keys can simply be deleted when there is no more use of the data.
Attribute-based encryption is a type of public-key encryption in which the secret key of a user and the ciphertext are dependent upon attributes (e.g. the country in which he lives, or the kind of subscription he has). In such a system, the decryption of a ciphertext is possible only if the set of attributes of the user key matches the attributes of the ciphertext.
In the CP-ABE, the encryptor controls access strategy. The main research work of CP-ABE is focused on the design of the access structure.[19]
In the KP-ABE, attribute sets are used to describe the encrypted texts and the private keys are associated to specified policy that users will have.[20][21][22]
Fully homomorphic encryption allows computations on encrypted data, and also allows computing sum and product for the encrypted data without decryption.[23]
Searchable encryption is a cryptographic system which offer secure search functions over encrypted data.[24][25] SE schemes can be classified into two categories: SE based on secret-key (or symmetric-key) cryptography,and SE based on public-key cryptography. In order to improve search efficiency, symmetric-key SE generally builds keyword indexes to answer user queries. This has the obvious disadvantage of providing multimodal access routes for unauthorized data retrieval, bypassing the encryption algorithm by subjecting the framework to alternative parameters within the shared cloud environment.[26]
Numerous laws and regulations pertain to the storage and use of data. In the US these include privacy or data protection laws, Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act, the Federal Information Security Management Act of 2002 (FISMA), and Children's Online Privacy Protection Act of 1998, among others. Similar standards exist in other jurisdictions, eg Singapore's Multi-Tier Cloud Security Standard.
Similar laws may apply in different legal jurisdictions and may differ quite markedly from those enforced in the US. Cloud service users may often need to be aware of the legal and regulatory differences between the jurisdictions. For example, data stored by a cloud service provider may be located in, say, Singapore and mirrored in the US.[27]
Many of these regulations mandate particular controls (such as strong access controls and audit trails) and require regular reporting. Cloud customers must ensure that their cloud providers adequately fulfill such requirements as appropriate, enabling them to comply with their obligations since, to a large extent, they remain accountable.
Aside from the security and compliance issues enumerated above, cloud providers and their customers will negotiate terms around liability (stipulating how incidents involving data loss or compromise will be resolved, for example), intellectual property, and end-of-service (when data and applications are ultimately returned to the customer). In addition, there are considerations for acquiring data from the cloud that may be involved in litigation.[30] These issues are discussed in service-level agreements (SLA).
Legal issues may also include records-keeping requirements in the public sector, where many agencies are required by law to retain and make available electronic records in a specific fashion. This may be determined by legislation, or law may require agencies to conform to the rules and practices set by a records-keeping agency. Public agencies using cloud computing and storage must take these concerns into account.
See the original post:
Cloud computing security - Wikipedia
- ISSCC 2024: Inside AMD's Zen 4cThe Area-Optimized Cloud Computing Core - News - All About Circuits - February 26th, 2024 [February 26th, 2024]
- Huawei Cloud: Infrastructure of Choice for AI with 10 Systematic Innovations Unveiled in MWC Barcelona 2024 - Morningstar - February 26th, 2024 [February 26th, 2024]
- Cybersecurity fears drive a return to on-premise infrastructure from cloud computing - Help Net Security - February 26th, 2024 [February 26th, 2024]
- Cybersecurity fears drive a return to on-premise infrastructure from cloud computing - HealthLeaders Media - February 26th, 2024 [February 26th, 2024]
- Huawei Cloud: Infrastructure of Choice for AI with 10 Systematic Innovations Unveiled in MWC Barcelona 2024 - PR Newswire - February 26th, 2024 [February 26th, 2024]
- South Korea Boosts Cloud Computing with $91.5 Million Investment to Propel AI and SaaS Innovation - BNN Breaking - February 26th, 2024 [February 26th, 2024]
- Science ministry to invest 121.9 bln won in cloud computing industry - Yonhap News Agency - February 26th, 2024 [February 26th, 2024]
- Why Microsoft is spending billions on AI and cloud computing in Europe - ITPro - February 26th, 2024 [February 26th, 2024]
- Universities Migrate Research Computing to the Cloud - EdTech Magazine: Focus on K-12 - February 26th, 2024 [February 26th, 2024]
- Top Cloud Computing Skills You Need to Know in 2024 - Simplilearn - February 26th, 2024 [February 26th, 2024]
- Best Cloud Tools of 2024: Unleash Maximum Productivity - Simplilearn - February 26th, 2024 [February 26th, 2024]
- Real-time Analytics News for the Week Ending February 24 - RTInsights - February 26th, 2024 [February 26th, 2024]
- Synadia Raises $25 Million Series B Funding to Meet Massive Demand for Multi-cloud and Edge Computing Driven by AI - PR Newswire - February 26th, 2024 [February 26th, 2024]
- CEO Outlook 2024: 20 Solution Providers On The Cloud Moment - CRN - February 26th, 2024 [February 26th, 2024]
- DigitalOcean beats expectations under the helm of new CEO Paddy Srinivasan - SiliconANGLE News - February 26th, 2024 [February 26th, 2024]
- Securing Kubernetes in a Cloud Native World - The New Stack - February 26th, 2024 [February 26th, 2024]
- How to Build a Chat Interface using Gradio & Vultr Cloud GPU SitePoint - SitePoint - February 26th, 2024 [February 26th, 2024]
- Microsoft to invest $2.1bn in cloud and AI infrastructure in Spain - DatacenterDynamics - February 26th, 2024 [February 26th, 2024]
- Stannah looks to enterprise cloud software to lift IT systems - ComputerWeekly.com - February 26th, 2024 [February 26th, 2024]
- AI vendor finds opportunity amid AI computing problem - TechTarget - February 26th, 2024 [February 26th, 2024]
- Nvidia Worth More Than Alphabet, Amazon - 24/7 Wall St. - February 26th, 2024 [February 26th, 2024]
- VIB spearheads banking innovation with deployment of Temenos Banking Platform on AWS cloud - VnExpress International - February 26th, 2024 [February 26th, 2024]
- Why These 7 Cloud Computing Stocks Should be on Your Radar in 2024 - InvestorPlace - December 25th, 2023 [December 25th, 2023]
- IBM to Buy Software AG's Cloud Computing and AI Assets for $2.3BN - Investopedia - December 25th, 2023 [December 25th, 2023]
- Pass the AWS Certified Cloud Practitioner Certification in One Week - Medium - December 25th, 2023 [December 25th, 2023]
- 3 Cloud Computing Stocks You'll Regret Not Buying Soon: December Edition - InvestorPlace - December 25th, 2023 [December 25th, 2023]
- Cloud Computing Market Predicted to Hit US$1,266.4 Billion by 2028 - TechiExpert.com - December 25th, 2023 [December 25th, 2023]
- AWS chief Adam Selipsky talks generative AI, Amazon's investment in Anthropic and cloud cost-cutting - Omaha World-Herald - December 25th, 2023 [December 25th, 2023]
- Mangata Networks and Microsoft Partner on AI-enabled Edge Cloud Connectivity - AiThority - December 25th, 2023 [December 25th, 2023]
- Democratization of Cloud vs AI: A Case Study - Medium - December 25th, 2023 [December 25th, 2023]
- 5 Drivers Behind the Growth of the GPU Cloud Computing Market - Visual Capitalist - December 25th, 2023 [December 25th, 2023]
- Report: AWS to reorganize sales teams amid slowing cloud revenue growth - SiliconANGLE News - December 25th, 2023 [December 25th, 2023]
- Don't underestimate vulnerabilities in the cloud. Adopt hybrid to stay protected - Best Enterprise Data Storage Software ... - Solutions Review - December 25th, 2023 [December 25th, 2023]
- Innovations, disruptions, transformations expected in 2024 Intelligent CIO Middle East - Intelligent CIO - December 25th, 2023 [December 25th, 2023]
- IBM makes $2B+ deal to add more AI, cloud computing solutions - WRAL TechWire - December 25th, 2023 [December 25th, 2023]
- How to Select the Right Industry Cloud for Your Business - How to Select the Right Industry Cloud for Your Business - InformationWeek - December 25th, 2023 [December 25th, 2023]
- Cloud Computing Market Set to Reach US$1,266.4 Billion by 2028 - Analytics Insight - December 25th, 2023 [December 25th, 2023]
- Cisco to Acquire Isovalent to Secure Cloud-Native Networking - Channel E2E - December 25th, 2023 [December 25th, 2023]
- Cloud-native applications: Unlocking the potential of scalability and agility - ETCIO - December 25th, 2023 [December 25th, 2023]
- Year-in-Review: 2023 Was a Turning Point for Microservices - The New Stack - December 25th, 2023 [December 25th, 2023]
- If AI is the future, radiology needs to look to the cloud - Health Imaging - December 25th, 2023 [December 25th, 2023]
- AI and Cloud: The Proving Ground for Regulatory Resilience in 2024 - Finextra - December 25th, 2023 [December 25th, 2023]
- Cognata Redefines Sensor Suite Selection Processes Through Digital Twin-based Sensor Simulation and Cloud ... - PR Newswire - December 25th, 2023 [December 25th, 2023]
- Microsoft and Amazon the focus of cloud computing probe - Proactive Investors USA - October 5th, 2023 [October 5th, 2023]
- Cloud cover benefits of being on the cloud - The Actuary - October 5th, 2023 [October 5th, 2023]
- AI, Cloud Computing among 36 FREE Online Courses Now ... - Philippine Information Agency - October 5th, 2023 [October 5th, 2023]
- Amazon Web Services isn't trying to win the A.I. race. It wants to own the road. - Slate - July 31st, 2023 [July 31st, 2023]
- The Machines Behind the FinOps Curtain: Operationalizing Your Strategy with AI - ITPro Today - July 31st, 2023 [July 31st, 2023]
- Strengthening security in a multi-SaaS cloud environment - TechCrunch - July 31st, 2023 [July 31st, 2023]
- Oracle Introduces First Cloud Native Secure Cloud Computing ... - PR Newswire - July 31st, 2023 [July 31st, 2023]
- The Power of Cloud Computing: How it's Transforming Database ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- From Headquarters to the Edge: The Future of Cloud in the Defense ... - MeriTalk - July 31st, 2023 [July 31st, 2023]
- 6 Cloud Computing Companies Navigating the Digital Storm in 2023 - GovCon Wire - July 31st, 2023 [July 31st, 2023]
- Government Cloud Computing Market Size, Status and Business ... - University City Review - July 31st, 2023 [July 31st, 2023]
- Cloud Computing in Education Market Forecast, 2023-2029: The ... - University City Review - July 31st, 2023 [July 31st, 2023]
- Global Cloud Computing IaaS In Life Science Market Size and ... - University City Review - July 31st, 2023 [July 31st, 2023]
- What is the Relationship Between IoT and Cloud Computing? - Analytics Insight - July 31st, 2023 [July 31st, 2023]
- How Data Center Interconnect Platforms are Shaping the Future of ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- Revolutionizing IoT: How 5G and Cloud Computing are ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- The Future of Cloud Computing: Database as a Service (DBaaS) in ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- Overcoming Data Privacy Challenges in the European Cloud ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- The Future of Telemedicine in India: How Cloud Computing is ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- Multi-Cloud and Hybrid Cloud: What is the Difference? - Analytics Insight - July 31st, 2023 [July 31st, 2023]
- A New Era of Data Management: The Growing Importance of Global ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- From niche to necessity: GFT's vision for cloud computing ... - Business Leader - July 31st, 2023 [July 31st, 2023]
- ERP, Cloud Computing And Digital Transformation - CIOReview - July 31st, 2023 [July 31st, 2023]
- UMD Smith Offers New January Start Date for MS in Information ... - Newswise - July 31st, 2023 [July 31st, 2023]
- The Impact of Global White-box Server Adoption on Cloud ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- Global Application Transformation: Unlocking the Potential of Cloud ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- BFSI Sector and Asia-Pacific Spearhead the Rapid Growth of Cloud ... - GlobeNewswire - July 31st, 2023 [July 31st, 2023]
- Amazon is investing another $7.8B in Ohio-based cloud computing operations, state leaders say - The Associated Press - June 28th, 2023 [June 28th, 2023]
- Google Cloud Platform: Everything you need to know about Google's suite of cloud computing services - Android Police - June 28th, 2023 [June 28th, 2023]
- Amazon is investing another $7.8B in Ohio-based cloud computing ... - Wilmington News Journal, OH - June 28th, 2023 [June 28th, 2023]
- 11 Key Executives in the Cloud Computing Industry in 2023 - Executive Gov - June 28th, 2023 [June 28th, 2023]
- 10 Multi-Cloud Myths Debunked: Exposing the Facts - TechFunnel - June 28th, 2023 [June 28th, 2023]
- How MTN and Microsoft will transform business operations with ... - TheCable - June 28th, 2023 [June 28th, 2023]
- The Power of Cloud Computing: Revolutionizing Business and IT ... - Tech Critter - June 28th, 2023 [June 28th, 2023]
- FTC Collecting Comments On Cloud Computing, CCIA Offers Input ... - Computer and Communications Industry Association - June 28th, 2023 [June 28th, 2023]
- How AI and Cloud Computing Are Revolutionizing the Insurance ... - Techopedia - June 28th, 2023 [June 28th, 2023]
- HPE Discover final analysis: Navigating the cloud computing ... - SiliconANGLE News - June 28th, 2023 [June 28th, 2023]