The Security of Cloud Services

Essay by vincen mathai • June 15, 2019 • Research Paper • 3,945 Words (16 Pages) • 627 Views

Essay Preview: The Security of Cloud Services

prev next

Report this essay

Page 1 of 16

[pic 1]

The Security of Cloud Services

Vincen Arivannoor, Chaitanya Midsala, Narasimha Murty & Rishab Dhariwal

BCO6672-The Information Systems Profession

Table of Contents

Introduction 1

Cloud Architecture and Cloud Security 1

Characteristics of Cloud services 2

Cloud services Security 2

Cloud Security threats 2

Cloud security services 3

Benefits 3

Stakeholder benefits of cloud security 5

Challenges faced by ISP 6

Internal Challenge: Compliance issues 6

External Challenge- Advanced Persistent Threats (APTs) 7

Evolution of Security Model-Security as a Service (SecaaS) 7

User vs. Cloud Service- User’s Responsibility 8

Conclusion 10

Introduction

Cloud computing is increasing its momentum as it gains in critical mass of adoption, because of both market and technology related factors. Rapidly evolving business environment is driving a pivot in the digital infrastructure of many companies and that is enabling many firms to make the move to the cloud. Therefore, cloud services are becoming a key factor contributing towards achieving competitive advantage in a global scale for companies aiming to succeed in the age of digitisation.

In a business context, Cloud services provide a large variety of services through internet which are accessible globally. Cloud services are usually provided by trusted third party providers which arises security threats to the cloud services. However, inspite of cloud computing being seen as a major driver of growth for companies in the coming years, the migration of IT assets, such as virtualized IP, data, applications, services and the associated infrastructure from physical to the cloud is marred by security concerns of the users. For instance, financial services companies are still laggards when it comes to adopting the cloud, despite the deep interest seen, because of lack of confidence in securing the data of customers and financial transactions. Recent attacks such as the hack in 2014 of the premier cloud storage solution provider, Dropbox, where around 60 million user accounts were compromised (Conger & Lynley, 2019), prove that cloud security has become a matter of concern for companies that aim to become more digital. Therefore, as the relevance of cloud computing increases throughout society in general, it is now paramount that cloud service providers and users keep security and privacy safeguards of the cloud assets as a major concern.

The literature will explore in-depth how the prevalence of cloud, results in more emphasis on the security of the data stored in the cloud. In this report we will discuss the cloud architecture of cloud services, security threats and challenges in implementing cloud security.

Cloud Architecture and Cloud Security

To understand how cloud security operates, one needs to understand how the cloud computing architecture is framed. The National Institute of Standards and Technology (NIST) defines cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction (Puthal et al., 2015).

Characteristics of Cloud services

One major characteristic of Cloud is that services are self-accessed by the user from multiple devices through internet without the need of network administrators. This feature lets users to access services without being physically present in the infrastructure. Another aspect is that cloud enables organizations to migrate resources from one cloud to another, providing cost effective resource pooling. Aside from ease of migration, cloud also enables elasticity where resources are to be scaled up and down rapidly as per the demand and eliminating the infrastructure implementation cost for the client (A. Jula, 2014).

Another important aspect cloud has is that the users can pick and choose services as per its needs by selecting on demand, for example processing speed, storage memory level, networking protocols, access control and any additional new feature as needed for the user to achieve its personal or business objectives (Fotiou et al., 2015). Finally, the cloud exhibits multi-tenancy where the same cloud infrastructure and services are shared among different tenants.

Cloud services Security

Having an understanding of the characteristics of the cloud, one becomes aware of the context of cloud security as it is the same characteristics that are misused to compromise the security of the assets in the cloud. The threats and attacks directly or indirectly on cloud assets as well as breach of services will affect the integrity, availability and confidentiality of these assets, raising concerns of security among the users and companies (Singh and Chatterjee, 2017). With this in mind, cloud security therefore describes a set of policies, technology, and controls that aims to protect digital assets of the users.

Cloud Security threats

To analyse the types of threats to the cloud, a threat model called STRIDE that classifies threats into six categories (Docs.microsoft.com, 2019) is used and the types are:

Spoofing identity: Gaining users authentication information such as passwords illegally.
Tampering with data: Unauthorized changes to data which damages the data held in databases.
Repudiation: Unauthorized action performed in the system which do have any traces.
Information disclosure: Disclosing confidential information to unauthorized individuals.
Denial of service: Servers are flooded with service requests till the point where servers crash. These types of attacks are targeted at availability.
Elevation of privilege: Unauthorized individual gaining privileged access to damage and compromise the system defenses.

Cloud security services

Cloud security services are the different solutions that are deployed by the service providers to make cloud services secure and reliable and are currently used to ensure the above-mentioned types of threats are under control. On benchmarking existing solutions against the STRIDE model, we see that different solutions are targeted at different types of threats (Halabi & Bellaiche, 2018). In our research, we find that certain solutions are more capable than the other by virtue of resolving at least 4 types of cloud threats.

...

Download as: txt (26.2 Kb) pdf (387.7 Kb) docx (232.9 Kb)

Continue for 15 more pages »

Read Full Essay Save

Only available on AllBestEssays.com

Similar Essays

Improving Baggage Tracking, Security and Customer Services with Rfid in the Airline Industry

Abstract: Radio frequency identification (RFID) has been identified as one of the ten greatest contributory technologies of the 21st Century. This technology has found a

807 Words | 4 Pages
United States Postal Service Solution

Itroduction The United States Postal Service is a governmental agency with numerous departments and over 700,000 employees nationwide. Our goal is to find a technical

1,381 Words | 6 Pages
Security Zones and New York City's Shrinking Public Space

Katie Campe AMS 205 Critical Essay: "Security Zones and New York City's Shrinking Public Space" In Nemeth's and Hollander's critical essay "Security Zones and New

398 Words | 2 Pages
The Difficulties of Reorganizing Homeland Security in America

the difficulties of reorganizing Homeland Security in America In 2004 and 2005, a series of major changes were proposed for the civil service at the

2,327 Words | 10 Pages
Multi Securities & Service Ltd

TABLE OF CONTENTS Number Titles Page 01 Acknowledgement 01 02 Objective of this Assignment 02 03 Limitation 02 04 Methodology 03 05 Vision 04 06

3,442 Words | 14 Pages
Cloud Storage and Security

Abstract Cloud computing has been gaining popularity for the few last decades. In fact, small as well as large organizations have realized the potential of

2,545 Words | 11 Pages
Digital Advisor Service in Guotai Junan Securities

Ziguang Yang Proposal/Memo Assignment 1, October 27, 2016 MEMORANDUM To: Jing Liang, Senior Director From: Carlisle Yang, Researcher, Date: October 27, 2016 Subj: Digital Advisor

668 Words | 3 Pages
Cloud Computing - Cloud Security

Cloud Security Cloud computing is a collection of approaches which deliver compute, network, and storage infrastructure resources, services, platforms, and applications to users on-demand across

607 Words | 3 Pages